User Authentication: Weighing Up the Best Identity Verification Channels for Your Website or Mobile App

Considering the rate at which human interaction is being redefined and reimagined, transforming your customer experience to meet the ever-changing expectations of today’s consumers is no easy task.

In light of this, new customer experiences/expectations have opened the door to new technologies, and new engagement channels growth-minded businesses can leverage to create unique engagements that both satisfy individual customer needs and add value, at different points in the customer lifecycle.

“87% of customers agree that companies should be putting more effort into delivering a consistent experience.” (Source)

Unfortunately, Cybersecurity issues are becoming a day-to-day struggle for businesses. With these new technologies also comes a fresh wave of data breaches and cyber-attacks. And, with almost 5 billion people using smartphones daily, service providers, and application developers have a very big challenge to secure the identity and personal data of their users.

In this article, we look at the best identification verification methods and how companies can enable them effectively without crossing up an engaging user experience. Then we introduce three distinctive phone number verification channels: SMS Verification, Voice Call Verification, and WhatsApp Verification, and also highlight how incorporating all three methods can yield exceptional results for your customers, and your company.

“IoT devices experience an average of 5,200 attacks per month.” (Symantec)

“The financial services industry takes in the highest cost from cybercrime at an average of $18.3 million per company surveyed.” (Accenture)

“More than 93% of healthcare organizations experienced a data breach in the past three years.” (Herjavec Group)

So how can businesses reduce the chances of falling for the scams while also protecting their users’ identities? There’s no one-size-fits-all approach to authentication, but implementing a multi-factor authentication method is an advisable choice for disrupting malicious attempts.

“Multi-factor authentication — Multi-Factor Authentication (MFA) is an authentication method that requires two or more independent ways to identify a user. Examples include codes generated from the user’s smartphone, Captcha tests, fingerprints, voice biometrics, or facial recognition.

MFA authentication methods and technologies increase the confidence of users by adding multiple layers of security. MFA may be a good defense against most account hacks, but it has its own pitfalls. People may lose their phones or SIM cards and not be able to generate an authentication code.”

Which User Authentication Channels or Method Should Businesses Use? Can they rely on only one of them, or do they have to combine several into their solution?

By adopting the right blend of SMS, Voice Call, and WhatsApp Verification methods/channels, you can optimize costs, enable superior protection, and provide the best possible experience for users. These methods complement one another and provide users with greater control over the identity verification method that’s right for them. What’s more, they all integrate seamlessly into your back-end security processes with all three methods on a single verification API.

Let’s take a more in-depth look at these channels individually!

SMS Identity Verification

This technique verifies a user’s identity by sending a verification code via a mobile text message (SMS). The user receives the code and enters it into a field on the page or mobile app wherever they are attempting to log in. When logging in via a mobile device, in some cases, the code is extracted from the SMS message automatically — meaning the user does not even have to be compelled to manually enter the code.

Termii’s API documentation page

The Advantages of SMS Verification:

• It is the most familiar among mobile users. SMS is straightforward to know, straightforward to use, and applicable for many mobile users in any part of the globe.
• It’s universally accessible on mobile devices. Practically, all mobile devices are SMS-enabled; a great number of tablets, laptops, and even desktops send and receive SMS messages as well.
• It has a remarkably high success rate. SMS identity verification is straightforward to understand with high success rates, providing a stronger overall experience for users.

Things to consider when using SMS Verification:

• SMS messages could also be delayed. High-traffic periods and remote locations will delay SMS messages, and thus SMS-based codes.
• Temporary codes can be intercepted. Though rare, bad actors may use social engineering to intercept temporary codes from users and so reconfigure their credentials for unauthorized access to accounts.
• It may be more pricey than other channels. SMS is often a more expensive identity verification method than Voice Verification Methods. Providing viable alternatives will thus boost cost savings.

Voice Verification

Through this channel, the user receives a verification code by responding to an incoming phone call. Text-to-speech software reads the code aloud to the user, who then types in the code manually on the login page of the app or website.

The advantages of Voice Verification:

• It is ideal for users with special needs. SMS is also difficult for a few users. Hearing a code aloud can be a much better choice.
• It can use a fixed phone line for verification. Users can set up landline phones for Voice Verification if they do not have access to a mobile phone.
• It is an ideal backup verification method for SMS. For users who prefer SMS, Voice Verification is a great backup if they don’t have access to mobile or other compatible devices.
• It is a perfect backup/alternative verification channel for SMS. For users preferring SMS, Voice Verification could be a nice backup if they do not have access to mobile or alternative compatible devices.

Things to consider when using Voice Verification:

• It will be less recognized by most users. Given that this method isn't used as commonly as SMS verification methods, it could be confusing to some first-time users.
• It needs sharp retention. Users must recall the OTP code, or they risk needing the message repeated or may be forced to try again.

Email Verification

Through this channel, the user receives a verification code one-time passcodes (OTP) sent to email. Similar to SMS, the email channel does not require downloading an extra app, so onboarding will be quick and seamless.

Advantages of Email verification

• Familiar data requirement — users are used to providing their email to a service for important account updates and password reset emails.
• Easy onboarding — just like SMS verification, email verification does not require another app or any additional setup to configure.
• Using email means that your users don’t have to give you additional personally identifiable information (PII) like a phone number.

Things to consider when using Email Verification:

Email verification remains the most non-secure of all the approaches because an email address is not tied to a specific device and it’s possible to compromise a large number of accounts once you have someone’s email password.

WhatsApp Verification

The WhatsApp channel has many of the same usability benefits as SMS with the bonus of being the most popular messaging service in over 100 countries. Adding WhatsApp for verification (one-time passcode — OTP) delivery can boost business overall verification conversion rate because it works with just a WiFi connection.

Things to consider when using WhatsApp

• As a software channel, WhatsApp won’t charge for undelivered messages and isn’t exposed to fraud that exploits the telecom network.
• Unlike the WhatsApp Business API, which you may use for customer support, Verify WhatsApp lets you start sending unthrottled OTPs right away.

Termii Supports All Three Channels/Methods on a Single Platform

As seen above, Email verification remains the most non-secure of all the approaches, because it’s possible to compromise a large number of accounts once you have someone’s email password.

At Termii, we did not make any compromise between user experience, security, and privacy, our authentication method offers a single API for all three of these verification methods — SMS, Voice, and WhatsApp. You will begin seeing verification success rates increase while users enjoy a streamlined experience, no matter their requirements and choices.

Cecilia Abegunde

Growth Associate at Termii Inc.