Another proof point for ownership-based authentication
A new alliance between mobile carriers aims at improving the state of mobile authentication for identifying customers that goes beyond relying on a short message service (SMS) passcode.
In the eWeek article, “Mobile Carriers Join Together for Project Verify Authentication Effort,” Project Verify is a collaboration between AT&T, Sprint, T-Mobile and Verizon to find ways to more effectively verify the identity of mobile users. As mobile devices evolve, Johannes Jaskolski, general manager of the Mobile Authentication Taskforce, said the group’s mission is to create new methods to validate customers.
"We're excited to deliver a mobile authentication platform that developers can use to build applications that can more effectively and securely verify user identities."
To secure mobile transactions, Jaskoski said businesses started using SMS to validate the owner of the device. But since SMS codes weren’t designed to be security tools, they’re vulnerable to fraud and other social engineering attacks. As a result, fraudsters can intercept SMS messages to access and take over accounts in route to committing identity fraud.
One direction the taskforce believes can help strengthen security is using ownership-based authentication to identify customers.
With Project Verify ID, consumers can create a device-based ID to log into and participate in service provider applications for mobile apps, and eventually, smartphones, tablets, PC web browsers and media streaming devices. At TRUSTID, we believe using ownership-based tokens to identify and authenticate customers is one of the most powerful tools for authenticating callers.
Today, organizations like Amazon and Visa are beginning to see the value in using physical ownership tokens for customer identification. Whether they’re having customers use their phones as a key to validate their identity or replacing biometric tokens with ownership credentials, companies are becoming more confident with identifying customers through their physical phones and devices.
For mobile apps, Project Verify is yet another proof point for the value of ownership-based authentication.
For the telephone channel, TRUSTID uses a caller’s mobile phone as an ownership token in conjunction with other caller identification solutions to provide a stronger multi-factor authentication strategy to determine the trustworthiness of a call. Using this information, organizations can take appropriate action to secure transactions by either routing validated good calls to an operator or flagging for further review high-risk calls in real-time.