Security

How risky is your phone number?

This sponsored post is produced by Ryan Disraeli, the VP of fraud services at TeleSign.

Something happened to our phones, and it’s not just a change in size and functionality. It’s a complete transformation in everyday life — and certainly in how we identify ourselves.

To say that most of us are attached to our phones is like saying we think oxygen is a handy substance to have around. Most of us couldn’t get by without our phones; we have them on all the time, never share them, and don’t even turn them off when we go to bed. You can measure our dependence by the feeling of panic when we think we’ve lost it somewhere.

In the 40 years since the introduction of the mobile phone, its influence has grown more than its size has shrunk. Equally, it’s come a long way from just making calls. For many, it’s nothing less than the center of their digital lives. And now it is also central to safeguarding that digital life.

Identity goes mobile

Martin Cooper, the inventor of the mobile phone, once remarked, “You used to call a place, and now you call a person.” In other words, when you call a number now, you expect that one particular person will answer it, and no one else. A mobile phone number is unique to that individual anywhere in the world. Additionally, because all of us have to jump through a few hoops for the mobile operator to grant you a contract, that phone number is reflective of your reputation and identity online. That phone number is your Mobile Identity.

Large web properties know that simply asking for a mobile number at registration weeds out a huge percent of fraud. Verifying a new registration’s phone number by sending a verification code via a voice call or SMS is the right amount of friction to block fraudsters and protect a trusted user.

Once a valid phone number is associated with every account, phone-based two-factor authentication can be switched on to confirm users any time they login from a new device, change their password, or whenever authentication is required. If a fraudster gets their hands on a username and password, they would now have to physically steal the phone to actually get in the account.

Number crunching

There’s a lot more to Mobile Identity than just a mobile number. There’s all the metadata associated with it.

To begin with, that number will give you important information about the mobile operator and the type of phone — whether it’s a contract mobile or a prepaid mobile device or a VoIP or landline number. Prepaid or VoIP phones may be risk indicators, especially in countries where SIM cards are easy to get and cheap. A user’s phone number can also reveal contact details, subscriber status, whether the phone is reachable or not, whether it’s roaming, and which country it’s in.

Even more valuable, such data can also be used to produce a reputation score, based on activity patterns related to that phone, along with a risk assessment and a recommendation to allow, flag, or block that user from registering a new account on your site or from completing a transaction.

What’s it worth?

A good way of gauging the worth of anything is to look up its value on the black market. Fraud is a numbers game, and the more mobile accounts thieves can acquire in bulk, the more spam and fraud they can perpetrate. A few years ago, 1,000 unverified accounts could be yours for less than $10. That number has gone up by 40 times since online service providers started requiring a valid phone number at account registration. There is a clear difference between the cost of a service that requires phone verification and the cost of a service that doesn’t. The more a company does to keep the fraudsters out, the more valuable the account is on the black market.

Thanks to the titans of the Internet, asking for a phone number at registration has become pretty commonplace and there is no simpler way to protect your users and their experience than using that number to establish their Mobile Identity.


Sponsored posts are content that has been produced by a company, which is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. The content of news stories produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact sales@venturebeat.com.


blog comments powered by Disqus