In 2023, fraud remained a top challenge for banks, fintechs, and credit unions. Nearly 60% of these business types suffered direct fraud losses exceeding $500K in that year. Fraud rates are increasing in both consumer and business accounts, making data security a top priority for companies.
Phone number verification is a common, and highly effective, security best practice. By verifying a user's phone number, companies can ensure that the user is who they say they are and mitigate the risk of fraud.
In this guide, we'll explore how to implement phone number validation during new user enrollment and highlight the benefits of using Plivo's robust phone verification solution.
What is phone verification?
Phone verification involves confirming the ownership of a phone number entered by a user. Businesses and services commonly use it to authenticate their users' identities and ensure they can access the phone number they provided during signup.
The verification process involves sending a code to the user's phone number, which can be delivered via text message, phone call, or messaging app. This process is particularly useful for enhancing security in online banking, e-commerce, and social media platforms.
- Online banking: Banks and other financial institutions use verification codes to increase the security of their online services. They send a code to the user's phone number when they log in from a new device or initiate a large transaction.
- E-commerce and marketplaces: Online retailers use verification codes to confirm the phone numbers of their shoppers before processing orders to prevent fraud and ensure that delivery updates are sent to the right customer.
- Social media platforms: Websites like Facebook and Twitter also use phone verification codes to verify new accounts, prevent spam, and block fake numbers.
Why use phone verification software?
Phone verification can be used for various purposes. For example, when a customer attempts to log in from a new device or location. Or, when sensitive changes are made to their account, phone verification acts as an immediate check to ensure the authenticity of the person requesting the transaction.
Verifying phone numbers during new user enrollment is not new—companies have been doing it for decades. However, verification during new user onboarding has become increasingly susceptible to interception by fraudsters. They employ various tactics such as SIM swapping, phishing, and exploiting vulnerabilities in mobile networks.
- SIM Swapping: Fraudsters can convince mobile carriers to transfer a victim's phone number to a new SIM card under their control. This allows them to intercept verification codes sent via SMS, gaining unauthorized access to the victim's accounts.
- Phishing: Fraudsters send fake messages or emails that appear to be from legitimate companies, tricking users into revealing their verification codes or personal information.
- Network Exploits: Some fraudsters exploit weaknesses in mobile networks to intercept SMS messages. These vulnerabilities can be found in older, less secure protocols still used by some carriers.
Given these growing threats, customers are more cautious than ever about sharing their personal information with businesses. Phone verification software is crucial for upholding the high-security standards that build customer trust. The best verification software includes robust governance, access controls, and compliance with security regulations to safeguard your business.
Plivo’s phone verification platform software is designed to help companies get granular access over their verification methods, with features that:
- Monitor your messaging patterns, establish thresholds for each country, and send automatic alerts if a pattern emerges that is unusual.
- Fine-tune and override messaging throughput thresholds for each country.
- Calculate your cost savings from preventing fraud with the built-in reporting.
- Use pre-approved templates optimized for conversions.
- Reduce implementation by up to 90%.
Even if the phone number is verified, there are chances of fraudulent calls and illegal activities which can be prevented with reliable verification software. Plivo’s Verify API ensures just that—SMS and voice verification with robust fraud control.
How does phone verification work?
Verifying a customer’s phone number is relatively straightforward. Companies most often partner with players like Plivo to add verification to their apps and platforms. Here’s how the typical phone number verification process works:
- Customer Enters Phone Number: The system automatically requests the phone verification service to send a one-time passcode (OTP).
- Sending OTP: The OTP can be sent via text, voice notification, or app notification.
- User Receives OTP: The customer receives the OTP and types it into the app.
- Verification: The app checks the entered OTP with the server to ensure it’s correct.
- Confirmation: If the OTP is correct, the user’s phone number is confirmed as verified.
When a customer enters their phone number, the system automatically asks the phone verification service to send a one-time passcode (OTP). This could be sent via text, voice notification, or app notification. Once the user receives the OTP and types it into the app, the app checks this code with the server to ensure it’s correct. If it’s right, the user’s phone number is confirmed as verified.
To safeguard against fraud or unauthorized virtual phone numbers, codes can be sent only a certain number of times (to avoid spam), and all data sent back and forth is encrypted. Sometimes, a CAPTCHA ensures the user is real and not a robot.
How does phone verification improve risk management?
Phone verification is an important tool to detect potential fraud early on. A reliable API call assesses the number and delivers critical information about it, such as:
- Availability (reachable or not)
- Current network
- Country of origin
- Original network
- Roaming country (if roaming is on)
- Roaming network name
- Roaming status
- Risk score
- Unusual patterns
- Validity
Unusual patterns may mean something's not right, like the current network being different from the original one, or the phone being associated with multiple accounts. While these patterns don’t always mean fraud is happening, it's a good idea to be cautious when dealing with those phone numbers or specific country codes.
Best practices for phone number verification for new user enrollment
When you have a new user, you’ll need to focus on three areas:
- Phone number input: Collecting phone numbers from the user through an input field
- Phone number validation: Validating the phone number to ensure it is legitimate and follows the required format
- Phone number verification: Verifying the phone number by confirming the user has access to it
Best practices for phone number input
1. Place the country code in a distinct field
Plivo offers an easy-to-use interface that accommodates various global phone number formats. By separating the primary international phone code, Plivo enhances user-friendliness and ensures that phone numbers are correctly formatted into the standard E.164 format.
2. Change the phone number to E.164 format
E.164 is a standardized international format that guarantees unique identifiers for each number. Plivo’s Lookup API returns this virtual number format, which is also utilized across most of Plivo’s services, including the Verify API and Messaging APIs.
For instance, if a user inputs a Lithuanian phone number, such as 370860112345, Plivo instantly converts it into the international E.164 format as +37060112345, before sending it to other carriers. It’s important to note that the “8” is dropped in this format; the “'8” is only needed when calling within Lithuania.
Best practices for phone number validation
When you integrate Plivo's phone number Lookup API into your system, you gain access to comprehensive phone number intelligence that helps you programmatically determine the carrier, number type, format, and country for any phone number worldwide.
Use the Plivo Lookup API to:
1. Confirm the phone number is valid
Before including the customer in your contact list, validate phone numbers to ensure clean customer data and minimize delivery errors. SMS API calls to invalid or non-SMS-capable numbers result in a 400 Bad Request API response, which developers can conveniently relay upstream. Here’s an error message as an example.
{ "api_id": "df5d4304-66af-11eb-91d8-0242ac110004", "error": "19332631167 is not a valid phone number" }
2. Check for line type, including mobile, landline, and VoIP numbers
Identify mobile and landline phone numbers correctly to select the right channel for your messaging and get the best conversion rates. SMS or push notifications have high conversion rates; plus, if you want to send rich media formats SMS messages, sending them via a mobile phone number will drive engagement.
3. Create a list of approved country codes to permit
Using a list of allowed countries when users sign up helps you meet compliance requirements, reduce fraud, and manage new user registrations smoothly. Plivo’s Lookup API automatically includes the country area code in its responses, making it simple to set up and maintain an allow list tailored to your business needs.
4. Reduce fraudulent transactions
Mitigate risk by comparing the location of the IP address and the country with other details of the phone number. If needed, add extra verification steps. for high-risk or invalid phone numbers, like premium or VoIP numbers, or if the carrier network is suspicious to improve the customer experience.
Best practices for phone number verification
1. Send a one-time passcode to verify user access to that number
Plivo’s Lookup API integrates directly into your application, allowing you to automate the process of sending OTPs via SMS when a user registers, logs in, or performs a security-sensitive action. For users who might not have reliable SMS services or prefer not to use text messages, Plivo offers the option to deliver OTPs through automated voice calls.
Like SMS, the voice call process is integrated into your application via Plivo’s Voice API. When an OTP needs to be delivered, the API triggers a voice call to the user’s phone number.
2. Use adaptive routing for OTP delivery
Plivo’s adaptive routing technology automatically selects the best possible route for delivering SMS and voice messages based on real-time conditions. Implement adaptive routing to increase the reliability of OTP deliveries, especially in regions known for fluctuating network conditions. This approach helps ensure that your OTPs reach your users promptly, regardless of their location.
3. Add a secondary 2FA layer
Plivo's two-factor authentication features go beyond messaging. The platform handles over a billion transactions each month and achieves an impressive 99.99% API uptime. Besides, Plivo offers senders a direct route to end users, with a one-hop maximum without route blending or dilution. This helps users send messages or make voice calls to every country globally, avoiding delays or paying for repeated failed messages.
4. Enable real-time analytics and reporting
Plivo provides detailed analytics and real-time reporting on the status of every OTP sent, whether via SMS or voice. Use Plivo’s analytics dashboard to monitor and analyze OTP transactions. This enables you to identify and resolve delivery issues quickly, optimize the verification process, and enhance the overall user experience by reducing delays and failures in OTP reception.
Use Plivo’s Lookup API for phone number verification and validation
Plivo has direct relationships with Tier 1 carriers globally and has invested in our network infrastructure to ensure high-quality data calls without annoying lags, delays, or dropped audio. We offer a robust set of features to support a variety of use cases including:
- Two-factor authentication
- Voice notification
- Phone verification
- Phone system IVR
- Voice surveys
- Click to call
- Call forwarding service
- Call tracking
- Number masking
Ready to get started? Sign up for a free trial.