How SMS Verification Can Help You Reduce Risk and Identify Your Customers
Verifying customers can be a pain, even under the best of circumstances. It can be a bigger problem during peak sales periods, though, or during a tidal surge in an activity like we’ve seen since the beginning of the COVID-19 pandemic. You don’t want to lose revenue and merchandise to fraudsters, but you also want to avoid rejecting legitimate buyers due to false positives.
SMS verification could offer a solution. Let’s take a moment to examine SMS verification codes as tools to reduce fraud risk and identify genuine customers.
What is SMS Verification?
- SMS Verification
SMS Verification is a fraud prevention practice that allows merchants to send SMS (short message service) messages to a buyer’s device during the checkout process. The buyer will typically be asked to enter a 4- to 8-digit code sent via text as a way to verify the purchase.
[noun]ɛs • ɛm • ɛs • vɛr • əf • ə • keɪ • ʃən
As the name implies, SMS verification involves sending a text message to the buyer as part of the customer verification process. You’ve probably encountered this before; maybe you tried to submit an online form or log in to an account, only to be prompted to type a code into your browser that was sent to you via text message. This is basically how SMS verification works.
SMS verification isn’t something you’d necessarily use to verify every purchase. However, it can be implemented as part of a first-line verification process prior to manual reviews.
You would start by using conventional fraud detection tools, as well as fraud scoring, to gauge each transaction’s relative risk. If the transaction has certain fraud indicators that pose a heightened risk level, you could then trigger the sending of an SMS verification code, a one-time numeric code to confirm the phone number connected to the user’s account.
Advantages of SMS VerificationSubjecting individual purchases to manual review is the most accurate method of preventing fraud. That said, the process is also incredibly time-consuming and expensive, so authenticating every transaction this way is a non-starter. SMS verification codes are a fast and cost-effective way to quickly and easily validate and pass orders without resorting to manual review. Using SMS verification, you can authenticate many orders that would otherwise require human oversight, or which might get rejected by fraud scoring technology.
Have More Questions About Fraud Prevention?
We have the technology & know-how to help you protect your bottom line.
SMS verification codes are a fast and cost-effective way to quickly and easily validate and pass orders without resorting to manual review. Using SMS verification, you can authenticate many orders that would otherwise require human oversight, or which might get rejected by fraud scoring technology.
SMS verification can also deter some common fraud tactics like account takeover and basic bot attacks. If the fraudster doesn’t have access to the device connected to a buyer’s account, they have no way to enter the authentication code and complete a fraudulent purchase.
You may be concerned that requiring SMS verification for some purchases would introduce unnecessary friction and lead customers to abandon orders. However, contemporary customers are very familiar with SMS verification codes at this point. Many will see them in a positive light and appreciate that you’re taking extra steps to keep their accounts safe.
SMS verification codes can work on all mobile devices. Plus, they’re relatively easy to incorporate into your existing checkout process.
Disadvantages of SMS Verification
So, what could possibly detract from all these advantages offered by SMS verification?
Well, these codes may not stop all attacks in all circumstances. To prevent tactics like account takeover, for example, your buyer must connect their phone number to you before the purchase. Otherwise, asking the buyer to verify a code during checkout wouldn’t prevent fraud: fraudsters could simply substitute their own phone numbers for that of the user.
The buyer also needs to have their phone handy (and have reception) to receive the code. Buyers who may not have a phone on-hand would be prevented from completing their purchases. You’ll need to develop a secondary method for buyers to authenticate purchases without their mobile devices, or else end up rejecting some legitimate buyers.
There’s also the risk of overreliance on SMS authentication. While users don’t mind entering codes occasionally, you will start to run the risk of deterring buyers if you use it too frequently. Plus, you must pay for each individual message: overusing SMS codes can cause your costs to spike.
Finally, there are some security concerns that could undermine SMS verification. It’s possible for fraudsters to use malware to intercept SMS messages and then spoof the consumer’s identity with a different SIM card.
Making SMS Verification Work for You
That’s not to say adopting SMS verification is a bad idea, though. You simply have to understand the shortcomings and find the best way to incorporate this technology.
One option some merchants have already embraced involves using in-app push authentications through the merchant’s branded app, rather than SMS messages. These can be more secure and more cost-effective, as you don’t have to pay for each SMS message. Even if you don’t have your own app, though, SMS can still be a useful method of blocking fraud and validating buyers if used effectively.
Conventional SMS messages must be part of a layered approach alongside other methods of identifying fraudsters and genuine customers. Validation codes can then be deployed dynamically based on risk, as determined by these other fraud tools.
You should also order the verification flow to optimize conversions and keep costs manageable. For instance, identifying SMS providers that have better per-message rates is one option. You must also be aware of message limitations to avoid unanticipated costs. And again, you can also keep costs low by minimizing the number of customers you message, which you can accomplish by simply deploying a multilayer fraud detection strategy.
Build a Better Strategy
A good, well-rounded fraud management strategy should incorporate numerous tools to provide a detailed impression of each transaction. The more anti-fraud tools you have in place, the easier it is for your fraud scoring technology to spot red flags without generating false positives. This should include (but is not limited to):
- Address Verification Service (AVS)
- CVV verification
- Proxy piercing
- 3-D Secure 2.0
- Device fingerprinting
- Fraud blacklists
- Velocity limits
You should aim to verify fewer than 1% of total transactions through SMS verification. This is very achievable with a well-rounded arsenal of fraud detection tools in your corner.
Have more questions about SMS verification or other fraud detection mechanisms? What about fraud that occurs after a transaction is complete? Get in touch with one of our industry experts and learn how you can put a stop to eCommerce fraud today.