Man tapping phone outside in park

How Identifying Carriers Makes Two-Factor SMS Authentication More Secure



Two-factor SMS authentication is historically one of the most reliable ways to block bad actors from setting up fraudulent accounts, since it requires the user to have a cell phone number. But lately, fraudsters are finding a work-around: using bots that run within messaging apps to spin up a phone number and automatically SMS verify accounts.

Stopping this kind of fraud requires tapping into a larger paradigm shift within the fraud prevention industry. Rather than focusing on stopping chargebacks at the point of payment, the increased number of peer marketplaces and digital goods means companies need to get ahead of fraud before the actual payment step.

Without, of course, putting too much friction on legitimate customers.

Identifying carriers to add strategic friction

A fraudster still needs a phone number for Two-Factor SMS Authentication and to verify an account, and that phone number is linked to a specific carrier (such as T-Mobile, Verizon) and line type (such as mobile, landline, fixed VOIP, or non-fixed VOIP).

When those signals are examined against the fraudulent activity patterns within a company’s ecosystem, often a clear correlation emerges about which line types and/or carriers are most likely to be associated with fraudulent account creation.

Identifying the carrier or line type early on in the sign-up process allows companies to put different types of sign-up flows to filter consumers based on risk levels. For example, one peer marketplace company Ekata works with asks for a credit card up front when a user tries to create an account over a non-fixed VOIP from a certain set of carriers. Other line types and carriers were allowed to sign up for a free trial, with less friction, and provide their credit card later in the life-cycle.

Tailoring risk signals to your specific business

Of course, preventing SMS authentication fraud isn’t just a matter of cutting out a single risky carrier or line type. You need to go to the mobile virtual network operator (MVNO) level to learn even more about a specific phone number.

For example, Boost Mobile is a carrier in its own right, but it runs on the Sprint network. The reason you want to know the difference is that while Sprint serves customers regular contracts, Boost Mobile customers usually have prepaid accounts. Depending on what geographies you service, type of goods, and ticket price, different data signals can indicate a higher risk of fraud. For example, in the US a prepaid phone could be riskier on a transaction for a higher-priced good that has multi-year payment terms attached to it.

Getting down to that granular level is critical. Ekata identifies over five-thousand carriers and MVNOs, which helped another one of our customers, an online dating app, also identify line types and specific carriers that fraudsters were using to create fake accounts in their ecosystem.

Meeting constantly changing fraud trends with real-time data

Real-time insight into fraud patterns by carrier and line type allows companies to write rules tailored to their specific ecosystem. Because targets are constantly moving, it’s not enough to simply choose a few carriers or a specific line type and add extra friction at that point. You need to work with a fraud prevention solution that gives you visibility into applicant phone numbers at the most granular level.

Learn how our Phone Intelligence API can help your business identify risk and filter new account openings at the front end of your process by providing seven different line types, over 5,000 carriers, and additional phone data.

Related content