tru.ID logo

Go beyond phone number verification

Active SIMCheck

Your existing SMS 2FA, fortified

With a sharp increase in incidence of fraud on mobile devices, protecting customer data through a secure second factor is no longer an optional nicety. You may have verified a possession factor, and yet the individual in possession of the expected phone number may be a malicious actor. Active SIMCheck enables you to check whether there's been any change to the subscriber — the telco identity associated with the SIM card — so you can confidently approve or step-up challenge any authentication attempts.

server-side check

Frictionless, server-side check

Active SIMCheck does not rely on user action and has no need for any other user data besides the phone number. It checks directly against your users' mobile network operator precluding interference from malware on the users' device, or malicious actors in the middle. Challenge fewer legitimate users with onerous step-up verifications, reduce your support costs and shut down SIM Swap fraud.

Real-time

Real-time, never cached

Many indicators of mobile subscriber identity receive "lazy updates"; i.e. there is a lag between the action actually happening and the information being updated — in some cases up to 72 hours. Active SIMCheck is a real-time lookup with a mobile network operator to return the most accurate information. Know in real-time whether a subscriber has had a SIM Swap, and preempt fraud magically.

deterministic

Deterministic and actionable

Some risk and fraud management approaches depend on tracking a whole slew of user and device information over time. On one hand this is invasive to user privacy, on the other it is probabilistic. With Active SIMCheck you know for sure whether there the phone number you have verified possession of, has been subject to a SIM change. Your risk management — simplified.

fix sms vulnerabilities

Fix vulnerabilities of SMS OTP-based auth

The traditional method of verifying mobile phone number identity through the receipt of an OTP sent via SMS is, on its own, a weak proof-of-possession. Malicious actors could have access to the OTP by exploiting vulnerabilities at the protocol layer, social engineering or getting a user's mobile network operator to issue them a duplicate SIM. By complimenting phone number verification with a check of the SIM card, you can confirm that the user also has possession of the expected SIM.

Keep your existing SMS 2FA implementation

We understand that changing processes is costly; training your workforce, support teams, and educating customers takes time. If SIM Swap fraud is a problem you have with your existing mobile verification, but are worried about the cost of changing it, Active SIMCheck is for you. With our server-side check, there's no change to the user experience or to any other existing aspect of your implementation.

keep existing 2FA
improved user experience

Improve your UX without changing it

If your app requires a high level-of-assurance, you might have strict authorisation policies — auto-logout, step-up verification, etc. This does keep malicious actors out, at the cost of an awkward user experience for every legitimate user. With Active SIMCheck you could periodically check if there's any changes to the user's profile and dramatically reduce the friction your legitimate users have to put up with.

Test for free

First 3 months free

tru.ID logo

Mobile authentication, reimagined.

Made with ❤️ across the 🌍

Platform

Docs

© 2020 4Auth Limited. All rights reserved. tru.ID is the trading name of 4Auth Limited.