Modernising Customer Experiences with Phone-Centric Identity

The information contained in this document is Prove’s confidential and proprietary information. Any reproduction or distribution of this information is prohibited without Prove’s prior written consent. Prove, the logo, and other trademarks are trademarks of Prove and may not be used without prior written consent. © 2020 Prove. All rights reserved.

Modernising Customer Experiences with Phone-Centric Identity

2©2020 Prove. All Rights Reserved. Proprietary & Confidential

“As more of your personal life moves online, having a single way to identify yourself matters. It helps you find people, helps people find you, and helps keeps you safe.”

Source: Wired, August 2017

Phone Numbers Are Becoming the Modern Way to Identify Consumers & Small Businesses

https://www.wired.com/story/how-your-phone-number-became-the-only-username-that-matters/


Modern Identity Authentication Starts with the Phone Number

Sign up

OLD WAYDesigned for an in-person world

Low Approve Rates

MODERN WAYPurpose-built for digital

Exceptionally High Approve Rates


Our Solutions Modernize & Secure Experiences Across the Customer Journey

Phone Identity Token

Phone Identity Token

Access a registry of 1 billion+ consumer and small business phone identity tokens to secure transactions across multiple use cases

Phone Identity Network™Prove Pre-fill™Increase signups by pre-filling forms with authenticated data in any channel

Onboarding & Digital Acquisition

• Credit• DDA• Online Services

• eCommerce• Healthcare & Telemedicine• Lead Generation

Digital Servicing:

• Phone Number Management• Login/OTP• High-Risk Transactions• Call Center

• TCPA & Collections• P2P/Money Movement• E-commerce/Merchant Services• PSD2/SCA


Why Are Phone Numbers the Most Powerful Way to Prove Identity?Three game-changing capabilities that prove identity with certainty

Definitively prove Ownershipof the phone

(Identity)

Passively prove Possessionof the phone

(Authentication)

Assess real-timeReputationof the phone(Reputation)


First UK customer – Barclays• Engaged with client against a backdrop of a growing awareness of the risks / vulnerabilities of SMS and incoming PSD2. • Ask:

– Improving the mobile banking activation experience by replacing SMS OTP with a more convenient and secure alternative– SS7 independent – data must come directly from the MNO

– Help meet SCA requirements of PSD2• Solution:

– Instant Auth (incl SDK) + Sim Swap to provide secure verification of the SIM card of the mobile account overlaid with a behavior check to identify possible account takeover attacks

• Process:

– Extensive engagement with bank’s security team to get them comfortable with technology• SIM card encryption• SS7 vs. direct APIs• Coverage, limitations, risks

18 Months100 Page Security

DocumentConfirmed by the bank to be

PSD2/SCA compliant


Barclays Experience


How it works?Mobile authentication is based on a three-call flow, two of which are handled in a server to server environment, and one of which occurs on the phone

< MOBILE NUMBER >

< UNIQUE URL >

< TOKEN >

Bank App Bank Server Prove

1▪ Authentication must occur over the

mobile data channel since interaction with the Mobile Network Operator is a critical part of the process.

▪ Prove has developed an SDK to force cellular data channel use while a user is connected to Wi-Fi. SDK binary and source code available on request.

▪ This works on both Android and iOS and is live and at scale within Tier-1 mobile banking apps (UK & US)

2

3

< TOKEN >

< TRUE / FALSE >

< UNIQUE URL >

< TOKEN >


Banks

Top Enterprises Choose Prove’s Phone-Centric IdentityHealthcare Retail

Financial Services

Insurance

Digital Trust

Fraud Platforms

Brokerages

1,000 Enterprises, 500+ Banks, 20 Billion Transactions

Documents

Modernising Customer Experiences with Phone-Centric Identity