The tru.ID platform offers turnkey API products for mobile phone number and identity verification. It confirms the ownership of a mobile phone number by verifying the possession of an active SIM card with the same number. Unlike other alternatives such as SMS-based OTP, tru.ID relies on in-band server-side verification, and is impervious to man-in-the-middle, social engineering and SIM Swaps attacks.
tru.ID integrates with Mobile Network Operators who already authenticate a mobile phone when making phone calls or using mobile data. We expose this authentication mechanism through the tru.ID APIs which enables you to integrate that functionality into your mobile applications.
For more information on integrating tru.ID into your applications please refer to our documentation.
No. tru.ID does not use any traditional communication channels for the purpose of verification.
tru.ID enables verification for a mobile app or a mobile website — devices/endpoints with a SIM card. It is possible to power desktop-centric verification flows though a companion mobile device, however tru.ID performs a real-time possession check. The user verifying themselves must possess the mobile device which is believed to have the number a user wishes to verify. To learn more about why this is so, please email us at firstname.lastname@example.org.
tru.ID offers possession-factor verification for strong authentication in mobile apps and mobile websites.
SIM Swap fraud is orchestrated by an attacker first gathering enough relevant details about a person's identity, such as their date of birth, address, a driving license number etc. The attacker then use these details to present themselves as the legitimate owner of a phone number to the Mobile Network Operator. If they succeed, they can then request a new SIM card be issued for the phone number to them. With this new SIM card in their possession, they will be able to impersonate the real owner of the mobile phone number.
Yes. tru.ID can verify users under all circumstances.
A mobile phone number counts as Personally Identifiable Information (PII). When you pass us a user’s mobile phone number, you are asking us to process that data on your behalf, in order for us to deliver the authentication services you have requested. We require that you confirm you have the necessary permissions applicable to relevant jurisdiction(s) from your end-users for us to process it. For more details on your responsibilities, please see our Terms.
How you obtain that permission may vary by territory (you are responsible for understanding the laws in the countries where you operate), but typically having a check box that the user clicks to agree to your terms of service, having the data processing rights clearly called out in your terms of service, and being able to show the audit trail of capturing each user’s consent, should be enough. If in doubt, you should solicit independent legal advice regarding this subject.
Yes. tru.ID can verify a phone number your application is already privileged to anywhere in your app. Your end-user terms and conditions should give you the right to collect and process a user's mobile phone number. This is identical to the authorisation your business/application would solicit for the purposes of mobile phone number verification through any other means such as SMS OTP.
tru.ID is a Data Processor for phone numbers. We log phone numbers you've requested verification for using one-way encryption; meaning tru.ID does not know the numbers that have been verified.