Why you should blend verification methods for your mobile app or website

Cyberattacks, data breaches, and identity theft continue to grab headlines — and share of mind! These are existential threats to our digital lives, no joke. (If you’ve ever had your identity stolen online, you know!) We look to techniques such as multi-factor authentication to protect our digital identities, our commerce, and our institutions. Failure to properly secure our digital lives jeopardizes our privacy, our finances, and even our sense of wellbeing and community.

Can multi-factor authentication shoulder this burden? Luckily, it can. As a minimum, enterprises should look at introducing two-factor authentication (2FA) to address the majority of authentication problems. 2FA offers a considerable uplift in security, which previously relied on only user IDs and passwords. Hackers know this, as 2FA defeats nearly all automated attacks, forcing attackers to conduct more expensive and very targeted operations. This reduces the overall amount of fraud and the number of victims.

In this article, we introduce four different telephone number verification methods – SMS Verification, Flash Call Verification, Phone Call Verification, and Data Verification – and explain how they can be used as a “proof of possession” element of authentication. Then we highlight how blending these methods can yield exceptional results for your customers, your teams, and your company!

You may be wondering: How do organizations implement effective customer security without harming user experience?

The key here is to tap into a technology that virtually all customers understand and have access to. This is why telephone number verification methods are the go-to service for 2FA. Plus, when customers lose, break, or change their devices, their accounts can still be accessed because the phone number is portable — and an important element of their identity. No other 2FA technique offers the universality, resilience, or availability of phone number-based 2FA!

By adopting the right blend of SMS, Flash Call, Phone Call, and Data Verification methods, you can optimize costs, offer better protection, and provide the best possible experience for users. They can be used to complement one another and give businesses the freedom to choose the identity verification method that’s right for their users.

Sinch offers this flexibility through a single verification API that integrates seamlessly into your back-end security processes. Why complicate things?

Let’s take a closer look at these methods individually!

Read on below or watch our quick YouTube playlist introducing all methods.

This method verifies user identity by sending a one-time passcode (OTP) via a mobile text message (SMS). The user receives the code and enters it into a field on the page or app where they’re trying to log in. When logging in via a mobile device, at times the code can be extracted from the SMS message automatically — meaning the user doesn’t even have to manually enter the code. Easy!

The advantages of SMS Verification:

• It’s the method most familiar to mobile users — which is why it’s the most used 2FA technique on the internet today! SMS is easy to understand, easy to use, and applicable for most mobile phone users, in any part of the world.
• It’s universally available on mobile devices. Practically all mobile devices are SMS-enabled; many tablets and even desktop or laptops send and receive SMS messages as well.
• It has a very high success rate. SMS identity verification is easy to understand with high success rates, providing a better overall experience for users.

Things to consider when using SMS Verification:

• All OTPs — no matter the technology used to deliver them — can be subject tosocial engineering, meaning bad actors try to intercept temporary codes from users and then reconfigure their credentials for ongoing illegal access to accounts.
• Used at a very large scale, SMS OTP can get expensive. While SMS offers a simple, intuitive experience, it’s often a more expensive identity verification method than Flash Call and Voice Verification methods. In some situations, these can offer viable alternatives and significant cost savings.

Learn more about SMS identity verification, then, watch our video to see how sending SMS identity verification establishes trust and quickly reaches customers around the world.

Through this method, the user receives a call to their mobile. The phone number used to make this automated call — the “calling party number” — is selected randomly from a large pool of in-service numbers. The calling party number functions as a one-time code. The mobile app intercepts the call and automatically sends a request to validate that the calling party number matches the verification request. In this way, authentication may happen safely and automatically, no user invention required.

The advantages of Flash Call Verification:

• It’s innovative, new, and exciting for customers. Flash Call is a creative use of voice calling that offers significant automation opportunities — appealing to both users and UX designers!
• It’s faster than SMS. Automatic verification relieves some users from manual processes and reduces the risk of social engineering.
• It’s also more affordable than SMS. At least in most markets, the cost-comparison of each Flash Call to each SMS is often dramatically less.

Things to consider when using Flash Call:

• Flash Call delivers the best experience on Android. The process is automatic, streamlined, and secure for users on Android mobile devices. The process is somewhat less streamlined for iOS users compared to SMS, requiring users to enter a whole phone number into a text field.
• Flash Call is unique to Sinch. Sinch’s Flash Call identity verification method is an industry-leading solution.
• Blending SMS and Flash Calls provide considerable savings on verification costs. Companies can use SMS as a default on iOS and Flash Calls as a default on Android, driving considerable savings based on the experiences of our customers.

Learn more about Flash Call identity verification, and watch our video about how Flash Calls work!

Through this method, the user receives a verification code by answering an incoming phone call. Text-to-speech software reads the code aloud to the user, who then types in the code manually on the login page.

The advantages of Phone Call Verification:

• It’s ideal for businesses looking to improve inclusion and accessibility. SMS and Flash Call may be challenging for some users. Hearing a code out loud may be a better alternative.
• It can use a fixed phone line for verification. Users can set up landline phones for Voice Verification if they don’t have access to a mobile device.
• It’s an ideal back-up verification method for SMS or Flash Call. For users who prefer SMS or Flash Call, Voice Verification is a great backup if they don’t have access to mobile or other compatible devices.

Things to consider when using Phone Call Verification:

• It will be less familiar to most users. Because this method is not used as often as knowledge-based or SMS verification methods, it may be confusing to some first-time users.
• It takes longer to execute. Users must wait longer periods to login and may have to move to a quiet location, which may add time to the login process.
• It requires short-term memory retention. Users must remember the OTP code — they risk needing the message repeated or may be forced to try again.

Learn more about Phone Call Verification, or watch our video to see how voice codes enable verification in more than 200 territories across the globe.

This new authentication method removes the social engineering risk associated with OTPs. It’s also the fastest method — and it doesn’t require any user interaction! So how does it work? It compares the end-user’s phone number against a carrier-issued token that represents the end-user’s mobile data session, thus confirming the user’s identity.

The advantages of Data Verification:

• Seamless – It doesn’t require any user interaction.
• Secure – No OTP code means no social engineering risk!
• Fast – It only requires a small exchange of data.

Things to consider when using Data Verification:

• The end-user must have cellular data available on their device. If they’re using Wi-Fi, the network can be switched to cellular for the purposes of authentication and then immediately switched back.
• In some markets, end-users have a different SIM card for their cellular data and they don’t know the associated telephone number. Data Verification won’t work in this case, and businesses will need to fall back to SMS (which can be done automatically with the Sinch API).
• The service isn’t widely available in all markets yet, as mobile operators are steadily adopting the technology.

Learn more about Data Verification, and watch our video to see how this works!

As you can see, each method has its pros, but also a few cons. The best way to optimize both security and the user experience is to use a robust identity verification solution combining multiple, safe options for users. Companies need access to insights from large amounts of data to determine which methods work best, and where.

Integrating all these verification solutions is easy when all are available on a single platform, utilize a shared API, follow the same logic, and employ the same software development kit (SDK). You’ll begin seeing verification success rates increase while users enjoy a streamlined experience, no matter their individual requirements.

By now you may have guessed that Sinch offers a single API for all of these verification methods. And we’re proud of it! Our deep understanding of identity verification best practices helps you streamline customer onboarding and simplify both login and approvals as well.

If you’re a developer, be sure to visit the portal to try out Sinch with 2 free euros in starting credits. If you’re a product manager, contact a Sinch identity verification expert to talk about these methods today.