Industry

Phone verification: An important part of identity verification and fraud prevention

Learn how you can use various phone-related checks to help assess risk, confirm identities, and stop bad actors

An image of two people next to a danger sign about phone fraud.
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways
  • Phone number verification confirms ownership of a phone number and can be an important part of identity verification and fraud prevention. 
  • Additional phone-related attributes and signals can help you determine the best next steps based on the risk associated with a phone number. 
  • And low-friction phone verifications can help confirm possession of the phone at onboarding or reverification.

You don’t leave the house without it and there’s a good chance you check your phone several dozen times a day. In fact, you might even check your phone before finishing this article. It’s okay, we won’t take it personally. (And sorry for planting the idea in your head.) 

Phones can reveal a lot about their owners. And organizations can use a phone number to find or infer various identity- and risk-related signals. As a result, phone verifications can be a simple way to detect bad actors without annoying legitimate customers. Here’s how it works.  

What is phone verification?

Phone verification can encompass several processes that help you determine:

  • Whether the person owns or is associated with a phone number. 
  • How much risk is associated with a phone number. 
  • If the person has possession of the phone number at the moment of verification. 

Some organizations limit the definition of verifying a phone number to confirming possession in the moment. But at Persona, we see phone verification as more than answering a single question.

For example, using phone verification to establish ownership or association with the phone number can be important for corroborating identity and preventing fraud. This can be accomplished by comparing an applicant’s personally identifiable information (PII) collected during onboarding with records from an issuing or authoritative database.

  • Phone carrier verification: An issuing database verification checks with the phone carrier to confirm a submitted name matches the name and number in its database.
  • Authoritative database verification: Authoritative databases collect and store information from various sources but don’t issue identifying information on their own. For example, the credit bureaus’ credit header data can include a person's name, date of birth, Social Security number, recent addresses, and phone numbers. 

A match can help confirm that the person owns or is associated with the number, and substantiate their claims about their identity. 

Using phone verification to assess risk 

Organizations can also use phone risk reports to evaluate the risk associated with a phone number based on various attributes and signals. These reports may contain different information depending on the provider, and some include a risk score or rating and recommendations.

Persona’s Phone Risk Report has nearly global coverage across 175+ countries and territories, and includes results on:

  • Phone type: Such as a fixed line, mobile phone, or voice over internet protocol (VoIP) number, with recommendations on whether to flag or block based on corresponding risk levels. Persona also offers phone type results separate from the full Phone Risk Report.
  • Phone carrier: Such as Verizon, AT&T, or T-Mobile. 
  • Risk levels: Ranging from 1 (low risk) to 5 (high risk).
  • Risk score: Ranging from 0 to 100 with corresponding risk levels.
  • Risk recommendations: Recommendations to allow, flag, or block based on the results.

Various device and behavioral signals can affect the risk assessments, such as:  

  • Unusual velocity and behavior patterns, such as indicators that multiple people or accounts share the same phone number.
  • When the phone number was created. 
  • Whether the number is on blocklists. 
  • Whether the phone number was recently changed to a new phone at a different carrier.
  • If the SIM card was recently swapped to a new phone.
  • If the area code aligns with the person’s current or previous address.

These may offer insights on their own, when combined with other applicant information, and when viewed within the context of data from a fraud consortium. 

Phone verification from the consumer’s perspective

Aside from asking for basic identifying information, you can use phone verifications to help establish identity and evaluate risk with little or no consumer involvement. 

These no-friction checks can dynamically lead to an approval, block, or manual review. Depending on the results, you might step up to an SMS or SIM-based verification — or other type of verification customized to your business needs and audience’s preferences.

Even if you start with an SMS-based verification to confirm possession, most people are familiar with these requests. You’ve almost certainly entered a code from a text message into an app or web browser before — your phone might even do it for you automatically.

For an even-lower friction process, some organizations use SIM-based phone verifications rather than a one-time password (OTP) to confirm possession. The silent mobile verification confirms ownership by connecting directly to mobile network operators and confirming that the phone number and SIM card match. It may also be a more secure option than SMS-based verifications that are susceptible to phishing, SIM-swapping, and other types of attacks. 

In addition to using SMS- or SIM-based phone verifications as part of fraud prevention and identity verification at onboarding, organizations may also use similar multi-factor authentication (MFA) processes to authenticate existing users.

What are the benefits and drawbacks of phone verification?

Phone verifications can be a relatively simple and helpful addition to your onboarding process, but there are always pros and cons to consider. 

Benefits

  • Low or no friction: Many people are familiar with SMS-based verifications, and phones may even be able to autocomplete the OTP requests. You can also run database checks with basic PII to get phone risk reports without any friction. 
  • Improves access to customers: Confirming that a phone number is real and belongs to a customer can improve future communications, such as marketing outreach and payment reminders. 
  • Adds to your understanding of customers: Phone verifications can enrich the other information you gather to give you a more complete picture of a person’s identity and risk. 

Drawbacks

  • Susceptible to attacks: SMS verifications have vulnerabilities, including man-in-the-middle attacks, SIM swapping, and phishing. 
  • Depends on real-time connectivity: Although most people have a mobile phone, SMS verification requires the person to have cell phone service at the moment.
  • Reluctance to share phone numbers: Legitimate users might be reluctant to share their phone number because of privacy concerns or worries about getting bombarded by marketing texts. 
Free white paper
See how experts evaluate verification solutions

How can organizations get started with phone verification?

Phone verification is fairly common, and many vendors offer phone verification solutions as a core product or part of a suite of tools for identity verification and fraud prevention. 

When comparing your options, consider the outputs you want. Perhaps an SMS-based verification system is your goal. Or, you might be looking for more insights from device signals, the phone carrier type, or a complete risk report. It can also be important to understand the sources for the underlying information and analysis, regional coverage, and how you can use the results within your existing systems. 

Contact us now to learn more about Persona’s phone verification options or how you can connect your current solution to Persona to improve your identity verification process

Frequently asked questions

What customer information is typically required for phone verification?

Some phone verifications can start with just a phone number. A one-time password (OTP) can be sent to the number to verify possession, or SIM-based verifications can offer a silent alternative. Other types of phone verification may require a consumer’s full name and date of birth, but consumers don’t necessarily need to take any actions beyond sharing their identifying information.

What types of businesses benefit from using phone verification?

Any business that wants or needs to confirm the identity of its users can benefit from adding phone verifications and phone-based identity checks to its process. Phone verifications may be especially important when your business relies directly on phone usage, such as app-based marketplaces, delivery services, transportation services, and payment platforms. 

What are some best practices for implementing phone verification for businesses?

Consider how you plan to communicate with users when you’re asking them to share personal information. It can be helpful to explain how you’ll use their number and the benefits they’ll get from sharing it. For those opting in, you can also offer the choice of being contacted via SMS instead of a call. 

For this option, be aware of SMS traffic pumping — bad actors who abuse SMS verifications to make money. There are different ways to deter SMS fraud, including automated systems that you may be able to integrate on your own or with your vendor.

Continue reading

Continue reading

Know Your Employee (KYE): How identity verification fits in the picture
Know Your Employee (KYE): How identity verification fits in the picture
Industry

Know Your Employee (KYE): How identity verification fits in the picture

A thorough Know Your Employee (KYE) process helps you verify the identity, credentials, and background of new and existing employees to control for fraud.

Data subject access requests for the GDPR
Data subject access requests for the GDPR
Industry

Data subject access requests for the GDPR

Learn about data subject access requests (DSARs) for the GDPR and individuals’ rights to access their personal data.

Online KYC during user onboarding
Online KYC during user onboarding
Industry

Online KYC during user onboarding

Many businesses need to have a KYC process for onboarding new users. Learn what's required, common steps, and more.

How email verification can help you confirm identities and prevent fraud
Industry

How email verification can help you confirm identities and prevent fraud

Email verification can help keep your business safe by uncovering suspicious activity. Learn what email verification is and how it can help you.

What are issuing database verifications?
Industry

What are issuing database verifications?

Issuing database verifications are one of the best ways to reduce fraud in your business. Learn more.

eIDV: A better way to protect your business and customers
Industry

eIDV: A better way to protect your business and customers

Discover how to prevent fraud, streamline business operations, and increase conversions by electronically verifying your customers’ identities.

Ready to get started?

Get in touch or start exploring Persona today.