For many users, a mobile device is an extension of their lives. It rarely leaves their purse or pocket, and it essentially is located wherever they are 24 hours a day, seven days a week, 365 days a year. It knows the passwords to bank accounts and social networking sites, the people they text, and the websites they browse. Their device likely knows them better than their best friend does.
That intimate knowledge also presents an opportunity for brands and mobile operators to work together and use the end-user contextual information to safeguard against identity theft and fraud, and enable a smooth experience while conducting everyday activity. As with many components of mobile context, the end user must be willing to opt in to the service, an action becoming more and more popular as mobile continues to evolve and become increasingly contextual for individual users.
Let’s explore two potential ways that operators and brands – such as banks, retailers or social networks – can band together to verify end-user identity.
Multi-factor authentication requires a user to authorize a transaction, login attempt or other form of personal access request through two forms of validation. It commonly leverages a factor private to the user, such as a password, along with the user’s mobile device. For example, when a user logs in to his health insurance portal from an unrecognized device or browser, he may be required to confirm his identity through a second method.
This use case often involves the user receiving a text message with a unique PIN that must be entered within a certain time frame to validate the user and complete the action. Together, the initial password entered, combined with the SMS-issued PIN, help to quickly validate that the user is who he says he is. This type of approach is used by an array of platform providers, from developers using SMS to complete app registration, to social networking sites using messaging for password retrieval.
Any mobile phone connected to a cellular network can benefit from mobile security features based on location. For example, a credit card user’s point-of-sale details can be correlated with the geolocation of her mobile device, instantly identifying her location and reducing the likelihood that her card is in the hands of criminals. This capability also reduces the likelihood of legitimate transactions being denied as it enables banks to be confident that purchases made outside the user’s home market are by the consumer in that location, a particularly valuable benefit to the international traveler.
These scenarios illustrate convenient, reliable and efficient answers to one of mobile users’ top concerns: privacy. But in order for them to become a reality, two important things must happen. End users have to opt in for these services, and mobile operators and brands must forge relationships with one another to tap into and make available the use of all the valuable knowledge held inside a user’s mobile device. By working together with the help of a trusted mobile expert, operators and brands can keep their shared customers satisfied by delivering cutting-edge services, while users can benefit from trusted solutions that support their mobile security needs.