Number Verification API: how to achieve a more agile and secure user experience

Today, digital customers are accustomed to employing multi-factor authentication mechanisms that involve the use of their smartphone as proof of possession. One-time passwords (OTP) are the most widely used method due to their simplicity and the reuse of existing widespread SMS sending systems. However, its use can lead to problems with user experience, or even security, as the text message with the authorisation code is not encrypted and is vulnerable to scams or theft through social engineering. At a time when cyber threats and the risk of data breaches are on the rise, it is essential to strengthen security measures.  
  
Through the Telefónica Open Gateway initiative we have turned our networks into platforms, to facilitate the creation of optimised digital services. Thus, through standardised Telco APIs under the framework of the CAMARA, we provide developers with advanced functionalities that can enhance the user experience in different aspects, such as the possibility to access a fast and reliable authentication system.  

User authentication based on the operator's network has a more secure and frictionless approach. With Number Verification API, greater security and a better user experience is achieved compared to other methods. 

The Number Verification API leverages telcos' internal mechanisms to transparently authenticate users based on their devices' connection to the network. It checks that the mobile phone number (MSISDN) provided is the one that is paired with the device from which the data communication is taking place. Thus, it verifies that the user is interacting with a digital service from a device with the same mobile phone number as declared. This means that the person doesn’t have to interact with any element or enter any kind of credential or one-time password (OTP). When they switch on their phones, the device and SIM card automatically connect to the operator and authenticate themselves.   
  
Compared to current solutions available for user authentication, number validation based on network mechanisms is easier to use by customers and provides more security, as it does not require manual interaction and does not use plaintext codes that can be susceptible to cyber fraud.  
  
In this way, the API allows for an improved and less frictionless user experience. Once the user sends the phone number to the application, the verification is completely invisible. There is no authentication application to go to, no PINs to mistype, no URLs to click on. In addition, this dynamic allows the authentication process to take place more quickly. From a business point of view, this translates into improved transaction conversion, since, by facilitating the user experience, the abandonment rate is reduced.   

Social networking applications use the phone number as an identity when signing up new users, typically using SMS OTP. To avoid a break in the user experience, the application can request a trusted authentication without interacting with the user by using the API Number Verification. The service verifies possession of the phone number and provides a confirmation to the app that can be used as a valid identifier for that user, having faster access to the social network. This method can also be used for other applications. For example, when accessing a bank account from a mobile phone or authorising transactions, the API makes it easier to do so. When combined with other APIs, it also ensures the security reliability of these operations.   
  
Following this line of usage, there are users who find that password recovery requires complex processes, including remembering certain personal data or accessing other applications, such as email. This can be difficult to complete for some people, especially the elderly. By integrating the API Number Verification, developers can employ the network as an identity verifier to initiate password recovery, ensuring that users can more easily and quickly regain access to their services.  
  
These are just a few of the use cases where the API Number Verification can be used to create a seamless user experience. If you want to know more about the API and its advantages, sign up for the Partner Program or join the Developer Hub to access the full Whitepaper. There you can read about its nature, architecture, implementation, transparency issues and other technical aspects.