January 10, 2019
Traditional methods of relying solely on username and passwords to protect accounts simply cannot keep up with the evolving digital business landscape. Ensuring users are who they are is critical to prevent fraud and accounts being compromised. One of the most accurate ways to verifying a user is by interacting with them through a step-up challenge response mechanism. However, challenging users too often introduces a negative online experience. Our SMS-based two-factor authentication, provides a simple, secure and selective method for validating a variety of online and mobile transactions.
The ThreatMetrix Advantage
Traditional static models used with Two-Factor Authentication often leads to challenging users too frequently. For example, many users are challenged after simply wiping cookies from their device. These one-dimensional authentication models not only cause inconvenience for the users but also introduce additional operational expense for organizations. ThreatMetrix Two-Factor Authentication provides an alternative identity-based solution that avoids such issues. ThreatMetrix Two-Factor Authentication solution can:
- Reduce Step-Up Challenges: Establish an identity-based framework that only challenge users when they are labeled as high risk based on business policy.
- Lower Operational Costs: Automatic reduction of SMS messaging fees when less step-ups are presented to users.
- Decrease Hardware Costs: Other forms of two-factor authentication such as biometric readers, or one-time password devices (tokens) are costly. ThreatMetrix helps you leverage your customer base’s mobile and smartphones to instantly verify who they are.
SMS-based two-factor authentication is the industry’s preferred challenge response mechanism to validate an online user’s identity. In conjunction with ThreatMetrix Digital Identity Network, this identity-based approach leverages mobile phones and smartphones to satisfy two-factor authentication requirement for something that the end user possesses.
ThreatMetrix provides the following key features for SMS two-factor authentication:
- Identity-Based Two-Factor Authentication
All aspects of a person’s online devices and behavior can be placed into one unique Digital Identity – including email addresses, geolocations, devices and both personal and business personas. A step-up challenge only needs to be presented when attributes or behavior deviates away from their normal Digital Identity based on business policies.
- Global SMS Reach
Ensure SMS-message delivery to mobile phone users in over 200 countries and territories in 87 languages.
- Long Message Support
Separates SMS message over 160 characters for the user’s mobile phone to reassemble the message back in the correct order as one SMS.
- Direct to Carrier Routes
Connects directly to thousands of worldwide carriers and employs a reliable method across multiple routes to help ensure the highest delivery and conversion rates.
- Smart Message Splitting
The solution prevents the breaking of critical pieces of information to ensure messages are delivered and viewed as intended. For example, information such as URLs and email are properly displayed when they are split within a long SMS message.
- Phone Number Cleansing
Phone number entered by end-user are properly formatted to ensure global delivery.
- Time-Based One-Time Passcode (TOTP)
Verifies users in real-time by sending a one-time verification code via SMS that can be used to authenticate a known user or verify a transaction.
Ensuring users are who they are is critical to prevent fraud and accounts being compromised.
ThreatMetrix enables two-way SMS verification by sending an SMS with a one-time password that allows a user to reply via SMS with the code and approve or deny the request. This reduces user friction and operational cost for customers as the users can just use SMS for response and customers do not need to maintain a separate web-page to accept passcodes.
Mobile and Landline Phones
Enables global reach of users in more countries who do not wish to receive SMS-based messages and/or have provided a number that is not equipped to receive them.
How It Works
ThreatMetrix Two-Factor Authentication is enabled by the ThreatMetrix Integration Hub. The integration hub seamlessly invokes any one-time passcode (OTP) delivery platform so the verification can happen in context of the transaction’s risk assessment for any existing application, user experience or workflow. The following is an example a customer attempting to access an account:
- A customer visits your website and enters their existing username and password to access their account.
- A ThreatMetrix policy is invoked to analyze the connecting user.
- A step-up decision is made based on your business policy.
- The customer’s phone number is sent to ThreatMetrix from your website.
- A time-based one-time passcode is generated and sent to ThreatMetrix OTP Delivery Platform. (The passcode is generated by OTP delivery provider for two-way SMS service.)
- ThreatMetrix OTP Delivery Platform sends the passcode to the customer’s mobile phone.
- Once the customer’s mobile device receives the passcode, the customer simply enters it in on the webpage as prompted. (The end user simply responds via SMS to confirm the code for two-way SMS service.)
- Compare retry attempts and send the passcode to ThreatMetrix for verification.(Customer site will poll ThreatMetrix to determine whether the end user responded to the text for two-way SMS service.)
- ThreatMetrix sends a verification message to the website for access approval or denial. (ThreatMetrix confirms end user’s response by polling status updates from OTP delivery platform for two-way SMS service.)
 Two-Way Communications feature is not available in all regions. Contact ThreatMetrix for specific details.