Vodafone UK Deploy Number Verify v2 to Protect Against Online Fraud | ISPreview UK

Original article ISPreview UK:Read More

Six years ago the UK’s major mobile operators began to deploy a service called ‘Number Verify’ (here), which made it both easier and more secure to authenticate a user’s identity for online transactions. Vodafone has now announced that the UK, Germany and the Netherlands will be the first countries to get v2.0 of the phone number authentication API.

Most consumers are probably already aware of the common Two-Factor Authentication (2FA) process, which works to verify users with a login/password (or other method) by sending a one-time passcode (OTP) to the consumer’s mobile phone. The customer then inputs that code into an app or website and are then able to complete the login.

However, SMS OTP only confirms that someone entered a code sent to a mobile number. It does not prove that the real subscriber is present or that the authentication journey has not been compromised, which is something fraudsters often try to manipulate.

The original Number Verify service simplified that process by verifying customers through matching phone numbers used in a website or app session, which ensured the details being provided are the same registered on the customer’s account (this method was also PSD2 SCA – Strong Customer Authentication – compliant). But this still wasn’t perfect and over time fraudsters are adapting.

By comparison, Number Verify 2.0 improves that process and can now work over Wi-Fi as well as mobile data, including while roaming (v1 only worked with mobile data). Various other improvements have also been made, such as via OS-level integration and cryptographic SIM tokens (TS.43) – the latter are temporary, tamper-proof network tokens. The CAMARA API (Application Programming Interface) is now also much more standardised.

The new version thus gives businesses a “simpler, more secure and seamless way to verify a user’s mobile phone number without SMS one-time passcodes“. It uses the mobile network to verify that a user’s phone number is associated with their SIM and device across both app and web journeys, whether the user is on mobile data or Wi-Fi.

Johanna Wood, Director of Network APIs at Vodafone, said:

“SMS OTP has been the default for over a decade, but it was never built for the threat environment we operate in today. Number Verify 2.0 changes that by giving developers a way to verify phone numbers that is faster, safer and seamless for the user.

Launching Number Verify 2.0 simultaneously in three countries marks the start of our global rollout for enterprise customers.”

The mobile number remains one of the most widely used identifiers for registration, login, account recovery and transaction confirmation, yet Vodafone notes that the industry’s default verification method has “not kept pace with modern fraud threats or user expectations“. The new version is an attempt to address those shortcomings.

Number Verify 2.0 is also said to offer enterprises, such as banks, retailers and social media platforms, multiple benefits, including:

Higher conversion rates: removing manual mobile number entry, SMS wait times and code typing from onboarding, login and account recovery flows.

More secure by design: eliminating human-readable OTPs that can be phished, intercepted or socially engineered.

Keeps costs down: reducing unnecessary SMS spending, failed OTP attempts and exposure to artificial traffic.

The upgrade is already said to be “now available” in the UK, Germany and the Netherlands, albeit initially only on Android based devices (Smartphones, tablets etc.). But this is a system that is designed to ensure interoperability across other mobile operators and markets, so Vodafone won’t be the only one to deploy it.

Recent Posts