All UK Mobile Operators Offer Anti-Fraud API That Confirms If Phone Numbers Belong to Users

The GSMA has announced that all four UK mobile network operators are offering a product designed to reduce fraud by verifying if phone numbers submitted via online registration forms belong to the phones being used at the time. Called ‘Number Verify’, the intention is to reduce reliance on one time passwords by offering an API that can be accessed by businesses like banks and social networks.

Number Verify is compliant with the PSD2 Strong Customer Authentication rules which have been adopted across the European Union as well as the UK. These rules have recently prompted laggard banks to start implementing enhanced controls to verify a customer’s identity, and have resulted in a marked increase in the use of SMS for multi-factor authentication. The increased reliance on SMS has occurred despite the known weaknesses of relying on messages which are vulnerable to interception and SIM swapping.

The GSMA’s press release is somewhat misleading in that it states Number Verify is a ‘new’ product. O2 started offering Number Verify to enterprise customers in 2019 and Vodafone promoted the same product earlier this year. It is likely that the GSMA’s announcement reflects the recent implementation of Number Verify by those UK mobile networks which are still not advertising it yet.

The recent RAFM survey from the Risk & Assurance Group found that subscription and identity fraud was the most common category of fraud experienced by communications providers. Binding apps to mobile phone numbers will make it harder for criminals to impersonate others by simply obtaining their personal data.

Number Verify will reduce fraud but it will likely be promoted as a way to reduce the time and effort that customers spend on registering for a new service. This is highlighted by the following marketing video produced by O2.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.