Go beyond phone number verification
Your existing SMS 2FA, fortified
With a sharp increase in incidence of fraud on mobile devices, protecting customer data through a secure second factor is no longer an optional nicety. You may have verified a possession factor, and yet the individual in possession of the expected phone number may be a malicious actor. Active SIMCheck enables you to check whether there's been any change to the subscriber — the telco identity associated with the SIM card — so you can confidently approve or step-up challenge any authentication attempts.
Active SIMCheck does not rely on user action and has no need for any other user data besides the phone number. It checks directly against your users' mobile network operator precluding interference from malware on the users' device, or malicious actors in the middle. Challenge fewer legitimate users with onerous step-up verifications, reduce your support costs and shut down SIM Swap fraud.
Many indicators of mobile subscriber identity receive "lazy updates"; i.e. there is a lag between the action actually happening and the information being updated — in some cases up to 72 hours. Active SIMCheck is a real-time lookup with a mobile network operator to return the most accurate information. Know in real-time whether a subscriber has had a SIM Swap, and preempt fraud magically.
Some risk and fraud management approaches depend on tracking a whole slew of user and device information over time. On one hand this is invasive to user privacy, on the other it is probabilistic. With Active SIMCheck you know for sure whether there the phone number you have verified possession of, has been subject to a SIM change. Your risk management — simplified.
The traditional method of verifying mobile phone number identity through the receipt of an OTP sent via SMS is, on its own, a weak proof-of-possession. Malicious actors could have access to the OTP by exploiting vulnerabilities at the protocol layer, social engineering or getting a user's mobile network operator to issue them a duplicate SIM. By complimenting phone number verification with a check of the SIM card, you can confirm that the user also has possession of the expected SIM.
We understand that changing processes is costly; training your workforce, support teams, and educating customers takes time. If SIM Swap fraud is a problem you have with your existing mobile verification, but are worried about the cost of changing it, Active SIMCheck is for you. With our server-side check, there's no change to the user experience or to any other existing aspect of your implementation.
If your app requires a high level-of-assurance, you might have strict authorisation policies — auto-logout, step-up verification, etc. This does keep malicious actors out, at the cost of an awkward user experience for every legitimate user. With Active SIMCheck you could periodically check if there's any changes to the user's profile and dramatically reduce the friction your legitimate users have to put up with.