Today we aren’t necessarily talking about someone who is trying to defraud you, they’re attacking your user directly. We’re talking about account takeover.
How did they find your user’s credentials? Bought off the internet, peeped over their shoulder? It doesn’t matter. If your user gets hacked, they won’t blame themselves for poor password hygiene. They’ll blame you. So how do we keep your user safe, thus protecting your brand? We ask them for a second factor.
2FA, short for two-factor authentication, is one of the most reliable security measures we use in our day-to-day lives. You’ve probably used it to get into your online banking, your social media, maybe even your dating profile.
It has the simple function of being that extra little security blanket when something feels funny. Sure, the log-in credentials are correct, but is your user REALLY who they say they are? Better send them a code to their trusted device just in case. This process works very similar to SMS verification, but this time we are using it with an already verified/trusted account. Only the verified user has access to the verified device and the code sent to it. It’s a second factor, and hackers can’t have it.
Newer iOS on the iPhone will even take this code directly from a user’s trusted device and type it in automatically–yet we still can’t get a cupcake emoji?… I digress. This simple yet effective step in the security process prevents lots of headaches because obviously we don’t want anyone making fraudulent actions in your users’ accounts, whether it be an unauthorized banking transaction or a creepy, hacked social media post.
So, 2FA is a great way to secure user accounts and safeguard your brand. But, if we’ve learned anything so far about fraudsters, it’s that they are always working to find new ways to get access to things that aren’t theirs. What if they found a way to temporarily take over an end-user’s phone number, giving them access to receipt of a 2FA code, thus granting them entry to that user’s account? Well, they have. But, we’ve figured out how to stop them. Yes, yes – there’s an API for that! Allow our Chief Innovation Officer to give an overview of how we’re using carrier phone data to catch account takeover and stay tuned for the next installment of this series where we tackle phone number takeovers.