Paul McGuire
Co-founder, CEO at tru.ID
Credits: Unsplash
Providing a smooth UX during mobile onboarding without letting in spam and fraud is a challenge. But why compromise on verification when you can have your cake and eat it?
When it comes to mobile conversion, great marketing will only get you so far if the onboarding process turns out to be a clunky nightmare. Mobile users now generate the majority of revenue for any online business – yet many businesses are completely unaware that they could be losing as many as 30% of their potential customers at the mobile onboarding stage.
Of course fraud prevention is vital and so, because passwords are weak security, 2FA (two-factor authentication) has gone from a nice-to-have to a must-have. But legacy 2FA approaches – such as One-Time Passwords (OTPs) sent by email or SMS – are hard work for the user, creating friction and abandonment. Not only that, but storing users’ information on a server means investing in often pricey security measures to prevent malicious parties from accessing that valuable data.
Remember that your app users are impatient to start using your service right now – and if you throw too many obstacles in their way they’re not likely to hang around. Many will decide it’s not worth the effort to go through a complex sign-up process requiring them to memorise yet another login, or wait for unreliable legacy two-factor authentication methods such as SMS OTP (see our more in-depth explanation of why SMS doesn’t deliver).
Until recently, this all meant that mobile apps and services had to make an uneasy trade-off between a frictionless user experience and strong, trustworthy verification.
Legacy verification options would require you to start by prompting the user to give their email or username, then a password, and then force them to exit the app in order to retrieve their OTP or use a separate authentication app.
Unfortunately, this means that the user’s first impression of your brand is the inconvenience of having to memorise details, switch context to another app, and potentially wait around for a code to arrive – all risk points which break flow, take too long, and lead to abandonment, using outdated security measures which can be compromised.
But now there's an alternative and surprisingly straightforward way to streamline the authentication process while actually increasing security.
Of course, you want to make life easier for your end users – but no one will thank you if this comes at the expense of strong authentication and fraud prevention. You want genuine individuals, not false positives from spambots, and your user base wants a service where they can feel confident that their information is kept safe, but retrievable.
Now there’s a completely frictionless onboarding verification, which means you don’t have to compromise on ease of use or fraud prevention – or store user data. With tru.ID, the only thing you need from your user is permission to process their phone number. It’s so simple: the user enters just their mobile phone number, and the app communicates instantly with the MNO (mobile network operator) to verify that this number is the one linked to that SIM.
On the user end, they wait only a couple of seconds, their identity is verified, and they can continue. That means no context switching, no lengthy wait, and no inconvenience. The result? An invisible, effortless onboarding experience with stronger security, that feels like magic.
Instant PhoneCheck provides instant authentication of the mobile number of the connected mobile device, greatly improving the user experience and reducing drop-off rates.
Strong SubscriberCheck provides real-time verification of the mobile number and SIM card identity, providing a high-security, low-friction mobile authentication solution that also eliminates the risk of SIM Swap fraud. Or, if you really, really want to stick with SMS OTP, and so need an easy add-on security solution, we offer:
Active SIMCheck, which allows you to check that there has not been a SIM swap before you send the SMS OTP to the user. (Of course, there are still all the other risks related to SMS OTP, but this is a big improvement and a short-term fix while you plan the full solution.)
