Cyberattacks, data breaches, and identity theft continue to grab headlines — and share of mind! These are existential threats to our digital lives, no joke. (If you’ve ever had your identity stolen online, you know!) We look to techniques such as authentication to protect our digital identities, our commerce, and our institutions. Failure to properly secure our digital lives jeopardizes our privacy, our finances, and even our sense of wellbeing and community.
Is authentication ready to shoulder this burden? Luckily, yes, it is. Enterprises should look at introducing two-factor authentication (2FA) to address the majority of authentication problems. 2FA offers a considerable uplift in security, which previously relied on only knowledge factors alone, such as user IDs and passwords. Hackers know this – and they back off when 2FA is activated.
In this article, we introduce three different telephone number verification methods – SMS, Flash Call, and Voice Call Verification – and explain how they can be used as a “proof of possession” element of authentication. Then we highlight how blending these methods can yield exceptional results for your customers, your teams, and your company!
Why blend identity verification methods?
You may be wondering: How do organizations implement effective enterprise security without harming an engaging user experience?
Multi-factor authentication is the obvious choice for disrupting malicious attempts; telephone number verification methods are the go-to service for 2FA because of both the widespread adoption of mobile phones and the superior user experiences they provide.
By adopting the right blend of SMS, Flash Call, and Voice Call Verification methods, you can optimize costs, enable superior protection, and provide the best possible experience for users. And these are not competing methods. In fact, they complement one another and provide users with greater control over the identity verification method that’s right for them. What’s more, with all three methods on a single API, they all integrate seamlessly into your back-end security processes. Why complicate things?
Let’s take a closer look at these methods individually!
Read on below or watch our quick YouTube playlist introducing all three:
SMS identity verification
This method verifies a user’s identity by sending a verification code via a mobile text message (SMS). The user receives the code and enters it into a field on the page or app where they’re trying to log in. When logging in via mobile device, at times the code can be extracted from the SMS message automatically – meaning the user doesn’t even have to manually enter the code. Easy!
The advantages of SMS Verification:
- It’s the method most familiar to mobile users. SMS is easy to understand, easy to use, and applicable for most adults (i.e., mobile phone users) in any part of the world.
- It’s universally available on mobile devices. Practically all mobile devices are SMS-enabled; many tablets and even desktop or laptops send and receive SMS messages as well.
- It has a very high success rate. SMS identity verification is easy to understand with high success rates, providing a better overall experience for users.
Things to consider when using SMS Verification:
- SMS messages may be delayed. High-traffic periods and remote locations can delay SMS messages, and therefore SMS-based codes.
- Temporary codes could be intercepted. Although rare, bad actors can use social engineering to intercept temporary codes from users and then reconfigure their credentials for ongoing illegal access to accounts.
- It may be more expensive than the two other methods. SMS is often a more expensive identity verification method than Flash Call and Voice Verification Methods. Providing viable alternatives can therefore boost cost savings.
Flash call identity verification
Through this method, the user receives a call to their mobile. The phone number used to make this automated call — the “calling party number” — is randomized from a large pool of numbers. The calling party number functions as a one-time code. The mobile app intercepts the call and automatically sends a request to validate that the calling party number matches. In this way, authentication may happen safely and automatically, no user invention required.
The advantages of Flash Call verification:
- It’s innovative, new, and exciting for customers. Flash Call is a creative use of voice calling that offers significant automation opportunities — appealing to both users and UX designers!
- It’s faster than SMS. Automatic verification relieves some users from manual processes. Flash Call can prevent intercepts of codes as well.
- It’s also more affordable than SMS. At least in most markets, the cost-comparison of each Flash Call to each SMS is often dramatically less.
Things to consider when using Flash Call:
- Flash Call delivers the best experience on Android. The process is automatic, streamlined, and secure for users on Android mobile devices. The process is somewhat less streamlined for iOS users compared to SMS, requiring users to enter a whole phone number into a text field.
- Flash Call is unique to Sinch. Sinch’s Flash Call identity verification method is an industry-leading solution.
- Blending SMS and Flash Calls provide considerable savings on verification costs. Companies can use SMS as a default on iOS and Flash Calls as a default on Android, driving considerable savings based on the experiences of our customers.
Through this method, the user receives a verification code by answering an incoming phone call. Text-to-speech software reads the code aloud to the user, who then types in the code manually on the login page.
The advantages of Voice Verification:
- It’s ideal for users with impairments. SMS and Flash Call may be challenging for some users. Hearing a code out loud may be a better alternative.
- It can use a fixed phone line for verification. Users can set up landline phones for Voice Verification if they don’t have access to a mobile device.
- It’s an ideal back-up verification method for SMS or Flash Call. For users who prefer SMS or Flash Call, Voice Verification is a great backup if they don’tt have access to mobile or other compatible devices.
Things to consider when using Voice Verification:
- It will be less familiar to most users. Because this method is not used as often as knowledge-based or SMS verification methods, it may be confusing to some first-time users.
- It takes longer to execute. Users must wait longer periods to login and may have to move to a quiet location, which may add time to the login process.
- It requires short-term memory retention. Users must remember the OTP code — they risk needing the message repeated or may be forced to try again.
All three methods on a single platform
As you can see, each method has its pros, but also a few cons. The best way to optimize both security and the user experience is to use a robust identity verification solution combining multiple, safe options for users. Companies need access to insights from large amounts of data to determine which methods work best, and where.
Integrating all three of these verification solutions is easy when all three are available on a single platform, utilize a shared API, follow the same logic, and employ the same software development kit (SDK). You’ll begin seeing verification success rates increase while users enjoy a streamlined experience, no matter their individual requirements.
Sinch API supports next-level identity verification
By now you may have guessed that Sinch offers a single API for all three of these verification methods. And we’re proud of it! Our deep understanding of identity verification best practices helps you streamline customer onboarding and simplify both login and approvals as well.
If you’re a developer, be sure to visit the portal to try out Sinch with 2 free euros in starting credits. If you’re a product manager, contact a Sinch identity verification expert to talk about these methods today.