Case study: How COIN introduced effortless login without SMS OTP

December 2, 2022
Alex Economon
Head of Partnerships

Try out tru.ID

Make your first phone check in 1 minute. No app required to test. Get started for free.
Sign up

See it in action

In just 30 minutes, our team can show you the power of SIM-based authentication.
Book a demo

Follow us on

Github iconTwitter iconLinkedIn icon

We’re thrilled to say that tru.ID is working with COIN, the association of Dutch telecommunications service providers, to make it easier for Dutch consumers to manage where their mobile telephone number is listed online. 

COIN hosts the Dutch central register for online directory and number information services, similarly to the platform that manages data for or in the US, or or in the UK.

Its (My Number) website is designed to help consumers in the Netherlands manage their online privacy – specifically to manage where their mobile number is publicly listed, to help them decide which public services and commercial businesses can send information to them via SMS. 

Previously, the website authenticated users by sending an OTP (one-time password) via an SMS message, which can be clunky, unreliable and prone to fraud.   

With no more need for SMS OTPs, COIN can now provide an effortless login experience for Dutch citizens – using SIM-based authentication to silently verify the mobile phone number of a user.

See tru.ID in action

In just 30 minutes, our team can show you the power of SIM-based authentication.

The challenge: outdated mobile security impacted UX 

COIN hosts the central register for online directory and number information services in the Netherlands. Subscribers can manage their listing preferences via the central website 

Retrieving an SMS OTP was quite easy when people mostly accessed the internet via desktop — users could retrieve a code from their mobile phone without having to move from the browser page on their computer. 

But more and more of us now access the web primarily through a mobile device — over 50% of website use is now via mobile. This leads to a poor user experience, as users often have to switch back and forth between their browser and SMS app, relying on either memorisation or fiddly copy and paste in order to retrieve the OTP. 

SMS OTPs also present major security issues. Text messages are unencrypted – so they can be copied, intercepted, and are ideal vectors for fraud and phishing scams. 

SIM swap fraud is one of the highest-growing areas of cybercrime, which is why many online services are looking to use phishing-resistant security factors based on real possession.

The solution: stronger security and a simpler experience

COIN’s new login approach uses the Number Verify service provided by Mobile Connect – a global technology standard developed by the GSMA. Using tru.ID’s PhoneCheck API, this means Dutch citizens can now log in to simply by entering their phone number into the website.

tru.ID verifies the phone number directly with the network operator, by comparing the number entered by the user with the number attached to the SIM card using the current mobile data session. This happens silently in the background, using the same encrypted hardware-based technology that mobile operators already use to verify SIM cards every time a customer makes a call, sends a text, or uses mobile data. 

It only takes a matter of seconds, with no effort or context switching. Here’s a visual comparison of the two processes before and after tru.ID:

Before - entering OTP

After – no delay, no user action

The result: happier and safer users

This service has been live since January 2022.

Willem van den Bosch, Business Consultant with COIN, said: "Our users are delighted with the new seamless experience. With no more need to switch between apps and enter a code, their experience is smoother."

The implementation has also improved the security of – removing the access point for MITM (man-in-the-middle) attackers who could previously have fraudulently obtained an SMS OTP code. 

Seamless authentication is now live for all KPN, Vodafone and T-Mobile customers in the Netherlands, and tru.ID is expanding its global coverage every day.

Learn more about SIM security

SIM-based authentication can solve IAM headaches, achieve compliance with new security measures, and help your business streamline security and UX for customers or employees. Talk to Sales to find out more.

How to get started

tru.ID can support all types of mobile apps, with a rich set of tutorials available for Android, iOS, React Native, and many other implementations. Our online platform is developer-first, with a sandbox for easy testing.  
Start coding

Get this article in your inbox - get The Dot.

The Dot is our regular email about digital identity and news we're certain you'll find interesting.