SIM-based authentication offers a robust, seamless way for online businesses to protect their customers and their brand from identity theft and account takeover

Photo by David Clode on Unsplash

Consumers’ general reliance on m-commerce, and other online interactions for banking, health and education has been accelerated by lockdowns — and fraudsters have taken advantage.

Now it is not only high-profile cases, such as Twitter CEO’s Jack Dorsey account takeover, or tech entrepreneur Robert Ross’ $1million life-saving losses on crypto, who are targets of fraudulent activity.

Many kinds of mobile fraud, especially SIM swap, are turning dangerously mainstream. Just recently, Wired UK reported on the “relentless rise” of Royal Mail text message scams, for example while The Sun warned against WhatsApp scam access codes. …

Useful advice to keep users and customers safe.

Photo by Max Bender on Unsplash

What do superstar Selena Gomez and cryptocurrency millionaire Michael Terpin have in common with countless ordinary people? They’re victims of SIM swap fraud — the account takeover method that attackers use to bypass 2FA (two-factor authentication) and break into online accounts.

In the UK alone, reports of SIM swap have risen by a massive 400% in the past five years, and thousands of pounds are stolen in the average attack. …

Passwords, social logins, OTPs — the most popular ways to identify users are all vulnerable to SIM swap attacks

Photo by Sammy Williams on Unsplash

If you’re building for mobile and are concerned about SIM swap fraud compromising your users, you’re not alone. It’s a growing issue with serious financial consequences — fintechs and cryptocurrency wallets have been especially targeted, but any platform is at risk if it can be used to gather details about potential victims or gain unauthorised administrative access to a widely used system. All it takes is one compromised user to cause major damage.

But with so many mobile security solutions now available, it can be daunting to work out the best way to authenticate real users and keep the bad…

SIM Swap fraud is getting worse — but SIM-based authentication offers a robust solution

Photo by Debasish Lenka on Unsplash

If you’re concerned about fraud, risk management or user identity management as part of your work, you probably already know that SIM swap fraud is a big problem — and it’s growing. But you may not realise that there is now an easy and secure solution, which can both protect your users and streamline authentication.

In this article, I’ll look at how common mobile user authentication approaches are allowing SIM swap fraud to proliferate, explore the specific mobile vulnerabilities that enable SIM swap fraud, and lastly, explain how a new, mobile-native approach can finally solve this problem.

Who is at risk from SIM swap fraud?

SIM Swap fraud…

SIM swap fraud is on the rise, and it’s not just high-profile cases like Twitter CEO Jack Dorsey getting their account hacked. What’s to be done?

Photo by Setyaki Irham on Unsplash

We’re all familiar with using email + password when registering for a new online account. But knowledge factors like passwords are widely acknowledged to be flawed, security-wise, so a second possession factor is added, typically an SMS OTP (one-time password).

However, the way SMS 2FA (two-factor authentication) is used as a security layer when changing a password gives bad actors wide-ranging access to multiple accounts, leading to financial theft and stolen identities — SIM swap fraud.

Banks, fintechs and crypto businesses are key targets, but any business using 2FA is vulnerable — as is any mobile app relying on the…

If you onboard new users via a mobile device, you’re likely losing 20–30% of that potential new revenue every month — here’s how to save them

Photo by Daan Mooij on Unsplash

COVID-19 has accelerated the migration of business to online. Online now primarily means mobile, of course, and that creates a whole set of challenges which most businesses have not even begun to address. Take onboarding, for example. Time and again, businesses tell us that when they look at the numbers, trying to onboard customers on mobile typically results in 20–30% customer drop-off at registration — whether via app or mobile web.

Those are big numbers with serious implications — not only in reduced revenues, but very likely also in increased customer support costs and damage to your brand from negative…

Two-factor authentication (2FA) may be an essential security measure for any app, but if you’re relying on SMS OTPs here’s a few things you should know…

Photo by Thomas Thompson on Unsplash

Two-factor authentication (2FA) is an essential security measure for any service you sign into. For authenticating sign-ins and transactions on mobile apps, using SMS to verify phone numbers has become the norm.

With this method, the user’s expected phone number is sent a text message with an OTP (one-time-password), and if the user enters the correct OTP back into the app, it is assumed that they are the phone’s owner.

But if your mobile application uses SMS OTP to verify your users, there are a few security essentials you really need to know about how this system works behind the…

Till recently, networking app developers have had to strike a balance between a slick UX and strong security — especially at sign up. But now there’s a solution that avoids that painful trade-off…

Informal shot of three friends chatting and laughing
Informal shot of three friends chatting and laughing
Photo by Priscilla Du Preez on Unsplash

There has never been a better time to produce a social networking app. They currently boast a market reach of 95%, as the web becomes increasingly more mobile and communication becomes more remote.

Yet one of the biggest dilemmas for networking app developers is finding the right balance between a slick UX (user experience) and strong security. The most crucial stage to get this right is at registration, when a new user first signs up — and it’s here that the impossible trade-off is made.

Either security is too low, which risks admitting bad actors and fake accounts, or it…

High mobile conversion rates AND low fraud — now you can have your cake and eat it.

Photo by Storiès on Unsplash

When it comes to mobile conversion, great marketing will only get you so far if the onboarding process turns out to be a clunky nightmare. Mobile users now generate the majority of revenue for any online business — yet many businesses are completely unaware that they could be losing as many as 30% of their potential customers at the mobile onboarding stage.

Of course fraud prevention is vital and so, because passwords are weak security, 2FA (two-factor authentication) has gone from a nice-to-have to a must-have. But legacy 2FA approaches — such as One-Time Passwords (OTPs) sent by email or…

When it come to verifying users on mobile, email just isn’t fit for purpose any more. So what’s the alternative?

Close-up of front door with closed letter-box and PRIVATE sign
Close-up of front door with closed letter-box and PRIVATE sign
Photo by Dayne Topkin on Unsplash

Since the Internet began, the email address has been the primary way that businesses identify their users. Email addresses have become essential to our online lives, acting as a digital identity without revealing personal information such as a name or address.

But as the world increasingly goes mobile, email is no longer the right option. Email is typically paired with a password, and the combination delivers poor UX and weak security.

Fortunately, the mobile phone holds the answer (quite literally) — everyone has a unique mobile number, and the SIM card inside the phone is cryptographically secure. …

Paul McGuire

Co-founder and CEO, tru.ID — mobile authentication API. Serial entrepreneur with 20+ years in telecoms, mobile financial services. Co-founder, Boku and mBlox.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store