Two-factor authentication is increasingly the bedrock of ecommerce payment security, but where once SMS was the king, not it faces competition from Flash Calling – which is best? Messaggio weighs up the options
As an ecommerce business, you can never be too safe with protecting your customer’s data and payment information. And two-factor authentication (2FA) has become a must-have that protects all parties from fraud.
However, 2FA comes in various shapes and sizes to suit different budgets – and, where once SMS was the dominant player, now it faces some stiff competition from Flash Calling. So, what gives?
What is 2FA
Two-factor authentication (2FA) is a way to access an online account or verify an online action. It’s a much more secure alternative to the single-factor authentication (1FA) method.
To compare: 1FA grants access in exchange for a single credential. In ecommerce, it’s usually when a user signs in with a simple static password or a PIN to their account. While 1FA may seem fast and simple, it’s flawed in terms of security. Accounts that only use single-factor authentication are the first victims of nearly every type of hacker attack imaginable, from brute force to malware.
Customers are not the only ones who can endanger an online merchant that way. An administrator account on an e-commerce site only uses single-factor authentication is a setup for a data breach and skimmer attacks.
2FA instead grants access in exchange for two credentials. The first credential is usually a user’s static password or PIN. The second credential is a one-time password (OTP): a digital code generated for a single login, verification, or transaction attempt. Such OTP is delivered to a user’s device and expires within minutes.
In ecommerce, 2FA is most commonly used for signing in to an account and confirming actions such as transactions, orders, bookings, or changes to a user’s information.
Common 2FA types and what they do
There are already a number of ways of using messaging tech to deliver 2FA.
- SMS One-Time Password verification – One of the most popular 2FA methods. It doesn’t require a client to own a smart device or be online. A mobile phone with a valid SIM is enough. Clients love the SMS verification method because it’s easy to use and familiar to them: it’s one of the pioneer 2FAs that’s been around for ages. How it works is that the client signs in on your site, or app. Then they’re required to choose an additional way of verifying their identity. They’re asked to submit their phone number if they choose the SMS verification method. Your messaging service provider generates an SMS OTP and sends it to that number.The client receives the OTP and enters it into the verification form. The messaging service API checks if the OTP matches the one sent and the phone number submitted. Then it either grants or denies the access. Remember, SMS verification is the most expensive method of 2FA. The average price per 10,000 users in the UK is about £275. Usually, the more SMS a business needs, the lesser the total price is, but it’s still considerable.
- Phone Call Verification – A 2FA method that’s almost as common as the SMS verification one. Just as with SMS, a client doesn’t need a smart device or Internet, just a mobile phone with a SIM: almost a landline is allowed for verification. The first step is the same as SMS verification. If the client chooses the phone verification method, they are asked to submit their phone number. Your messaging service provider generates a robocall and a verification code. The client answers a robocall, memorises the OTP recited by a voice bot and enters it into the verification form. Again, the last step is the same as with the SMS verification. This method can be inconvenient. Some clients may be unable to answer the call in time, properly hear the code, or memorise or write it down. They will have to go through the verification process again, and it’s annoying and time-consuming. It can also fail. While a trusted messaging service will use whitelist phone numbers for robocalls, some still can be blocked by anti-spam on a client’s device. It’s also almost as pricey as the SMS method.
- Mobile ID – This 2FA method uses a client’s mobile device as a digital signature of sorts. Clients set up their own PIN for their Mobile ID. Again, the first step is the same as SMS verification. If the client chooses a Mobile ID verification method, they will be requested to enter their PIN on their mobile device. If the PIN is correct, the client receives approved access. The Mobile ID 2FA method requires a special type of SIM card, commonly known as a Smart SIM card. A client needs to go the extra mile to obtain one. Not every client of yours will have one or will be ready to get one. Therefore, not everyone will be able to use this authentication method. Mobile ID isn’t always supported on tablets, unlike other 2FA methods.
- Flash Calling – And then there is Flash Calling. Unlike the Phone Call Verification method, this one doesn’t even require answering the phone. Once again, it doesn’t require a smart device, mobile data, or Internet: just a phone with an active SIM. The first step, like all the others, is the same as SMS verification. The client submits their phone number, which, in turn, is transmitted via API to the Flash Call provider. Flash Call then simultaneously generates a short OTP, and passes it to the backend via API. At the same time, it makes a silent call to the client’s phone: the call is immediately dropped, and the phone number contains the OTP digits. That number stays in the client’s call history. There are two scenarios. First, the client either enters the OTP manually into the verification form. Second, the Flash Call system detects whether the client’s phone number is legit, and grants or denies access based on the results.
Right now, Flash Call is one of the fastest, easiest, safest and most convenient authentication methods. It’s also the cheapest 2FA to date, costing 5-8 times less than any other authentication method. This makes Flash Call equally cost-effective for small and large businesses.
How do you switch from SMS to Flash Call?
While it’s always best to introduce several 2FA methods, so your clients would have a choice, one of those methods should be Flash Call. So, how do you easily integrate the technology into your business?
Firstly, sign up for Messaggio, a multichannel mass messaging platform that provides Flash Call technology. Messaggio uses pools of legitimate phone numbers that won’t be marked for spam, tarnishing your business reputation. Create a Sender ID that will receive incoming calls to the user’s device. Use several lines of simple code for API integration: Messaggio provides everything necessary.
If you still have questions, Messaggio is ready not to just answer them, but to guide you in person. With the help of the platform, introducing Flash Call 2FA to your ecommerce business will be smooth and seamless.
Examples of using Flash Calling for ecommerce
Flash Calling is already getting a following in ecommerce circles. Here are some ways in which it is being deployed.
- Purchases and payment confirmations – Why is it better? It doesn’t mess with your sales funnel: Flash Call minimises conversion losses due to how fast it is,
- Confirming bookings, appointments, or orders – Why is it better? It’s a faster way to prove the legitimacy of the customer hassle-free. The incoming Flash Call on the client’s phone will be instantly dropped without bothering them, and the system will detect whether the phone number they provided is correct belongs to a real person.
- In-person verification – if a store manager needs to add a customer to the loyalty program, confirm a purchase, or verify any other action. Why is it better? Other 2FA methods may be cheaper in bulk, but are still pricier than Flash Call in the end. Therefore, since offline verifications are less common, integrating anything but Flash Call would be pricey.
- Counselling, healthcare,and mental health therapy services – Why is it better? It’s a low-stress method for clients that are under enough stress already. They will need to confirm their actions on your site/app every now and then, and Flash Call is the most non-intrusive method for the task: a silent call, no picking up — even typing a code isn’t always required.
2FA facts and stats
The 2FA market is a big one, both for established SMS based OTP and Flash Calling. Here are some of the numbers.
- 93% of enterprises worldwide use SMS OTP for some aspect of verification. Of those organisation questioned 100% of UK enterprises use SMS OTP (MEF, 2021).
- 90% of consumers prefer to receive texts from businesses than calls (Finances Online via SMS Eagle, 2020)
- Authentication-based SMS revenue will reach $39 billion globally in 2022; representing 5% of total operator-billed revenue (Juniper Research, 2021)
- The number of calls used for flash authentication will near 130 billion globally by 2026; rising from less than 60 million in 2021 (Juniper Research, 2021)
- This represents an astonishing growth of 185,000% in the next five years (Juniper Research, 2021).
Messaggio provides connections to 500+ carriers worldwide and to the messenger apps: Viber, WhatsApp, Google RCS, Facebook Messenger, VK.com, processing over 3 billion requests a month with the highest service level in the industry at 7000 RPS per channel. www.messaggio.com