Account takeover protection is a way of mitigating fraud associated with SMS One Time Password (OTP) authentication. The Service Provider (SP) can see if a SIM has been swapped out reducing the risk of fraud where the customer’s mobile device is being used by the SP to provide secondary authentication (2FA)
The Service Provider sends a request to the user’s operator for Mobile Connect’s Advanced Threat Protection (ATP).
The Operator receives the request and sends back a timestamp indicating when the last SIM swap took place, mapping the telephone number to the SIM for that particular MSISDN(Mobile Station International Subscriber Directory Number).
How is it used?
Helps combat fraud where SFA is used, such as when sending payments or carrying out bank transactions which may use SMS OPT in order to verify the user’s identity.
Combines MC Authenticate with MC APT, thus making the authentication process much more secure.
Mobile Identity benefits and features
Mitigation of risk. Where an account has been taken over it helps avoid the device becoming compromised. It signals if there is an attempt to intercept a secondary authentication signal in an attempt to take over a user’s account.
Uses verified data which cannot be mimicked by malware.
Omni-channel: The service is invoked regardless of the device through which the user interacts with the service provider. Uses multiple channels – tables, PC, mobile telephones, Smart TVs and so on.
One single contract to access the service and one single standard API (OIDC).
The Operator can provide extra information if required. For example if an Unconditional Call Divert has been set – device changes – mobile account status (whether active or inactive) – if a lost/stolen report has been submitted for the device.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.