Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
The information contained in this document is Prove’s confidential and proprietary information. Any reproduction or distribution of this information is prohibited without Prove’s prior written consent. Prove, the logo, and other trademarks are trademarks of Prove and may not be used without prior written consent. © 2020 Prove. All rights reserved.
Modernising Customer Experiences with Phone-Centric Identity
2©2020 Prove. All Rights Reserved. Proprietary & Confidential
“As more of your personal life moves online, having a single way to identify yourself matters. It helps you find people, helps people find you, and helps keeps you safe.”
Source: Wired, August 2017
Phone Numbers Are Becoming the Modern Way to Identify Consumers & Small Businesses
3©2020 Prove. All Rights Reserved. Proprietary & Confidential
Modern Identity Authentication Starts with the Phone Number
Sign up
OLD WAYDesigned for an in-person world
Low Approve Rates
MODERN WAYPurpose-built for digital
Exceptionally High Approve Rates
4©2020 Prove. All Rights Reserved. Proprietary & Confidential
Our Solutions Modernize & Secure Experiences Across the Customer Journey
Phone Identity Token
Phone Identity Token
Access a registry of 1 billion+ consumer and small business phone identity tokens to secure transactions across multiple use cases
Phone Identity Network™Prove Pre-fill™Increase signups by pre-filling forms with authenticated data in any channel
Onboarding & Digital Acquisition
• Credit• DDA• Online Services
• eCommerce• Healthcare & Telemedicine• Lead Generation
Digital Servicing:
• Phone Number Management• Login/OTP• High-Risk Transactions• Call Center
• TCPA & Collections• P2P/Money Movement• E-commerce/Merchant Services• PSD2/SCA
5©2020 Prove. All Rights Reserved. Proprietary & Confidential
Why Are Phone Numbers the Most Powerful Way to Prove Identity?Three game-changing capabilities that prove identity with certainty
Definitively prove Ownershipof the phone
(Identity)
Passively prove Possessionof the phone
(Authentication)
Assess real-timeReputationof the phone(Reputation)
6©2020 Prove. All Rights Reserved. Proprietary & Confidential
First UK customer – Barclays• Engaged with client against a backdrop of a growing awareness of the risks / vulnerabilities of SMS and incoming PSD2. • Ask:
– Improving the mobile banking activation experience by replacing SMS OTP with a more convenient and secure alternative– SS7 independent – data must come directly from the MNO
– Help meet SCA requirements of PSD2• Solution:
– Instant Auth (incl SDK) + Sim Swap to provide secure verification of the SIM card of the mobile account overlaid with a behavior check to identify possible account takeover attacks
• Process:
– Extensive engagement with bank’s security team to get them comfortable with technology• SIM card encryption• SS7 vs. direct APIs• Coverage, limitations, risks
18 Months100 Page Security
DocumentConfirmed by the bank to be
PSD2/SCA compliant
8©2020 Prove. All Rights Reserved. Proprietary & Confidential
How it works?Mobile authentication is based on a three-call flow, two of which are handled in a server to server environment, and one of which occurs on the phone
< MOBILE NUMBER >
< UNIQUE URL >
< TOKEN >
Bank App Bank Server Prove
1▪ Authentication must occur over the
mobile data channel since interaction with the Mobile Network Operator is a critical part of the process.
▪ Prove has developed an SDK to force cellular data channel use while a user is connected to Wi-Fi. SDK binary and source code available on request.
▪ This works on both Android and iOS and is live and at scale within Tier-1 mobile banking apps (UK & US)
2
3
< TOKEN >
< TRUE / FALSE >
< UNIQUE URL >
< TOKEN >