How To Thwart Fraud with Phone Numbers
By Guillaume Bourcy, Vice President, Data & Identity Solutions, TeleSign
During the peak of the global pandemic, online shopping and cybercriminal activity hit unprecedented figures, hitting merchants’ bottom lines hard. Juniper Research predicts that merchant losses from eCommerce fraud in 2021 will be $20 billion, up from $17 billion in 2020. Slowing – or reversing – this trend makes prioritizing fraud prevention strategies across all eCommerce channels an imperative in 2022 and beyond. The first step? Require that all new and existing customers provide their phone numbers. It may sound like an overly simplistic solution but leveraging the data and insights that the humble phone number offers is a game-changer for fraud protection.
Setting the stage for phone verification with today’s data challenges
Understanding how phone numbers can play an essential role in verifying the legitimacy of a transaction or customer starts with understanding the ever-growing volumes of sensitive data consumers entrust to brands.
This information falls into two categories:
Online data: Think about everything created and stored on the internet, such as web browsing histories, digital ad interactions, previous in-app purchases, email addresses, social media posts, and a device’s IP address.
Offline data: This refers to anything related to life in the physical world, including demographics like age, race, ethnicity, gender, marital status, income, education, and employment, as well as past and current mailing addresses and social security numbers.
Managing these disparate datasets has become increasingly arduous. They are typically segregated and scattered across CRM platforms and multiple on-site or cloud-based applications and databases. Ever-growing legal and regulatory requirements that govern the collection and use of consumers’ personal and sensitive information only add to this complexity. These elements can make it very difficult for merchants to consistently create holistic customer profiles to verify customers’ identities.
The phone number as a game-changer
A customer’s phone number is unique from other personal identifiable information (PII) because it “lives” in both the online and offline data worlds. That makes it the primary customer identifier that links to other pieces of information to strengthen the KYC/CDD (know your customer/customer due diligence) process. For many, the first step is implementing one-time passcodes and multi-factor authentication (often through SMS messages) to reduce new types of account registration fraud and thwart thieves attempting to disguise themselves as legitimate customers. But because phone numbers bridge and verify identity between the online and offline world, they are a high-value target for fraudsters to steal.
While it’s hard to steal a phone number, it’s not impossible. SIM swap attacks, where cybercriminals steal someone’s identity by porting their phone number to a burner phone (often with the carriers’ unwitting assistance) and using those phones to impersonate the victim, are on the rise. Deploying checks at high-value and high-risk interactions with phone number intelligence can help prevent account takeovers from SIM Swap attacks. Phone number intelligence and risk scoring can look at attributes, including the last porting date, and tie it to other key user identity attributes such as emails, IPs, and devices to assess the likelihood that a phone is in the possession of its owner.
Don’t rely on manual processes
The Juniper report mentioned above also recommends merchants implement artificial intelligence and machine learning-powered automated fraud prevention systems to validate customers’ identities. Machine learning and AI learns, adapts, and delivers real-time behavioral and digital identity insights to protect systems and customer accounts better. These ML and AI-powered systems are constantly mutable and dynamic by continually assessing and tweaking parameters to analyze all potential fraud avenues at any given time correctly.
Automated phone number reputation scoring is an excellent example of this type of technology. Phone number reputation scoring helps determine individual risk-level for each user and phone number on a merchant’s platform – in near-real-time. It does this by scrutinizing and redetermining multiple behavior signals associated with that number for greater accuracy in identifying risky behavior and security threats. Adding in an association of multiple nodes of identifiers (e.g., associate phone numbers and IPs, emails, etc.) also helps to improve accuracy.
Businesses that validate their customers behind the scenes with these systems are working to end the tradeoff between smooth online experiences and fraud prevention tactics. They also relieve security teams of the responsibility and burden of conducting thousands of manual and friction-inducing security checks.
The Time is Now
Over five billion people use their mobile phones every day, with millions more signing on by 2022[1]. As we approach 70% of the world actively using mobile technology, it highlights how truly connected the world is becoming and reveals the ever-growing potential for fraudulent activities[2]. As fraud becomes ever more imaginative and adaptive year-over-year, implementing nimble and intelligent fraud prevention strategies is vitally important. Starting this journey now will ensure a more secure and engaging experience for both you and your customers.
To learn more about how you can work to protect your customers through phone numbers and establish continuous trust, please visit TeleSign.
About the Author
Guillaume Bourcy is the Vice President, Data & Identity Solutions of TeleSign
Currently, Guillaume leads teams responsible for data science, partnerships, product, pre-sales, and innovation. Prior to Telesign, Guillaume had more than 15 years of experience in rapidly growing the Telco and Identity Solutions at BICS, a subsidiary of Proximus, from the ground up to becoming an industry leader using both organic and M&A growth. Guillaume’s work philosophy is to learn something new every day so you can bring new ideas to fuel innovation and drive results. If he is not working on the next identity solution, you will most likely find him writing comic books, surfing, or running.
Guillaume can be reached online at (LinkedIN) and at our company website: https://telesign-3.webflow.io/
[1] https://www.gsma.com/mobileeconomy/wp-content/uploads/2021/07/GSMA_MobileEconomy2021_3.pdf
[2] https://www.oberlo.com/blog/internet-statistics
FAIR USE NOTICE: Under the “fair use” act, another author may make limited use of the original author’s work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material “for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.” As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner’s exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.