SMS SCA blog post image

New requirements for authenticating online payments have been introduced in Europe as part of the second Payment Services Directive (PSD2).

The new regulations, put in place to prevent fraud, require customers to use an access code sent to their mobile phone. The number must be entered at checkout to confirm payment. It’s classed as two-factor authentication (2FA) to validate the customer and the transaction. 

The issues with SMS codes

The problem with this is, it’s easy to defraud the system. A fraudulent customer can buy a Pay As You Go (PAYG) SIM card and use the phone number for account registration and verification, and then get rid of the SIM card. As it is a PAYG, the number wouldn’t necessarily be registered to the customer so there is also no proven link between the phone number and the customer. 

Also fraudsters can access text messages through a number of means, such as if they know your phone number and some of your personal details (which could have been accessed via the Dark Web) then they could contact your mobile phone provider asking for a new SIM card to be sent out under your phone number – this is known as SIM swapping.

Making SMS verification safer with Mobile Validate

We offer Mobile Validate, which validates phone numbers and checks the number and details aren’t available on the dark web. We can confirm that the number is active, and verified, or flag that the number is blacklisted or suspect. The service returns associated subscriber, carrier and location information, and this can be done for individual numbers at point of entry on in batch. 

Find out more about Mobile Validate here

Email Validate for those without mobile phones

Equally, verification codes can be sent by email for those without mobile phones, however the same issues exist. As such we offer Email Validate, which validates an email address as active and legitimate, without sending it a message. We can check whether the address is a bot account or spam trap or suspect in any way, in order to validate its use for verification. 

Find out more about Email Validate here

Conclusion

As part of the new SCA regulations, mobile devices will be used to share authentication codes in an effort to reduce fraud, but to make this security step actually work mobile phone numbers will have to be checked. This can be done using Mobile Validate, to ensure it’s actually the customer using their card details to make transactions.

If you’d like to know more about these services or any others, please get in touch.

 

 

Use Case Download

<span data-font-size="18px" 16px"="">To download this document, or any of our Use Cases and brochures
please enter your email address below
close-link

Product Overview

To download this product overview please enter your email address below
close-link
DON’T MISS OUT!
Subscribe to our monthly newsletter
Be the first to get latest updates, news, tips & guides
straight to your email inbox.
close-link
PSD2 Survival Guide - How to ensure Strong Customer Authentication (SCA).
Download
close-image