Zero Trust: How Digital Identity Enables Safer Networks

Know your Customer (KYC) is a phrase that every business owner should be familiar with. Acquiring information about customers can lead to insights that companies can leverage to drive revenue. However, digital identity can also be used to make online ecosystems safer for all involved stakeholders by establishing a phone number as a global trust anchor.

Building the Trust Anchor

Digital identity looks at metadata behind a phone number. TeleSign has partnerships with all of the largest carriers in the world to use our proprietary APIs to help global companies eliminate problems like fake accounts, coupon fraud, promo abuse and account takeover. By protecting the end-users on a platform, TeleSign makes that platform more secure. Today we will look at how reducing different varieties of fraud leads to a safer platform that delivers a better, trusted customer experience.

Purging Fake Accounts

Fake accounts exist for the sole purpose of causing anarchy on your platform. These agents of chaos (mass created, bot, fraudulent) can cause problems in a variety of ways but one of the most damaging is by interacting directly with your good users. These interactions can result in phishing schemes or the dissemination of ‘fake news' (see election, 2016) and can even turn your good users into unknowing participants in their schemes. Users subjected to fraud from bad actors are then more susceptible to scams such as account take over and SIM swap.

We also see fake users leave fake reviews on e-commerce platforms to either artificially prop up a product, or bury the competition with hundreds of bot reviews meant to trick an algorithm. Digital identity can detect probable fraud behind a phone number (voip, burner, recently ported) and return that information to business owners. Thus by verifying every account with a phone number and leveraging digital identity, platforms can eliminate fake accounts.

Promo/Coupon Abuse

Promo and coupon abuse hit platforms in a variety of ways. First is the direct revenue that businesses lose when a person repeatedly exploits a ‘free trial' or ‘free ride for first time users.' The way businesses really lose though is when they inadvertently incentivize fraudsters to load an eco-system with fake accounts by offering referral fees and affiliate payouts. When refer-a-friend codes are provided to current customers, that customer also receives an incentive. If no limit is placed on the number of “friends” that can use the code, current customers can post those codes on social media, websites, and blogs, or write their own script that creates dozens of fake accounts to net the fraudster thousands of dollars.

Similarly with affiliate payouts, affiliates receive a commission when new customers download an app. Black hat affiliates using unscrupulous tactics can earn thousands of dollars in commissions by allowing fake users into the app's ecosystem.

Typically, a bad actor attempting to take advantage of a coupon or promo code will create a new account each time they want to benefit from the freebie or cash incentive offered. They do this through the use of easy-to-obtain email addresses and/or non-fixed VoIP, pagers, and prepaid mobile phone numbers that are then used to create multiple fake accounts with the same service. With websites that sell online phone numbers and others that offer the ability to receive SMS, it's relatively simple to get around typical registration processes in order to abuse coupons or promos. Digital identity products such as Score can prevent users from creating multiple accounts with dodgy phone numbers, once again keeping the users on a platform safe and real.

Robo Call/Scam Call Fraud

Most readers are familiar with a caller ID reading ‘robo call' or ‘scam likely.' In fact robo calls have become so common that most people don't even bother answering an unknown number anymore. But while robo and scam calls can seem to be nothing more than a modest annoyance they can add real danger to an online platform. Many of these scam calls pray on older users with less sophisticated security hygiene and execute successful phishing campaigns.

However, digital identity can be used to stop these types of inbound calls from ever even causing a phone to ring. If your business operates a call center or an over-the-top voice service (Google, Facebook, Skype, WhatsApp) implementing risk assessment tools such as Score can run every inbound call through an instantaneous API check. If the number attempting to call one of your users appears to be fraudulent, you can choose to block that call from ever going through. This leads to a better user experience and a safer platform.

Synthetic Identity Fraud

Synthetic Identity fraud is tough to catch because it involves mixing real information with false information to create a fake user. A fraudster might register an account using the real name and address of one user and other PII of another. Typically this is done over a long period of time with a stolen social security number to build up fake credit and then cash out big one time, ruining lives in the process. Social engineering is key to synthetic identity fraud, but digital identity can be paramount in stopping it.

With the TeleSign Score API, businesses can quickly identify fraudulent users by obtaining real-time security intelligence, data and analytics on the phone numbers provided. Score delivers a reputation score based on phone number data (including phone type, phone registration location, carrier, SIM swap status, call forwarding status, intelligence, velocity, traffic patterns and reported fraud) and from that information recommends whether to block, flag, or allow account creation. With synthetic identity fraud, it is likely SOME of these factors will match, but certainly not all. Additionally Score asks certain questions of a phone number. Is it a number that has been linked to fraud in the past? Is the phone type suspicious? Has the same number been used repeatedly in a short period of time? Score, combined with phone verification, can provide the answers that help prevent fraud.

Fraudsters will always be trying to stay one step ahead of companies like TeleSign, but digital identity can be our best weapon to fight back against them and make your platforms safer and more trusted.

TeleSign has been connecting and protecting online experiences for over 15 years. We support 21 of the 25 largest web properties in the world and we're prepared to help you. Contact TeleSign now and learn more about how to keep your platform safe.

Talk To An Expert

Interested in learning about how TeleSign's identity and engagement solutions can prevent fraud while fostering secure and global growth for your business? Let's chat.