Link Based
Currently,Ā MFAĀ in online banking, payments, and other high-risk events rely heavily on SMS or voice one-time passcodes (OTPs). The usage of SMS as a delivery channel has multiple benefits: device- and network-agnostic, customer usage ease, organization administration ease, and database addition of telephone numbers. Despite these benefits, OTPs have their drawbacks. They can be subject to man-in-the-middle attacks and compromised by SIM-swap fraud.
The Instant Link API (āInstant Linkā) solution replaces the traditional SMS OTP with a secure SMS link message. Utilizing a combination of active (SMS delivery with user action required) and passive (checking against phone intelligence signals), it authenticates identities in real-time when users click the link, creating a more secure alternative to the SMS OTP by providing a one-time use, fortified passcode, containing a non-transferable token, and gives Signzy's customers the ability to verify the identity of the mobile device receiving the fortified link.
Instant Link is one of APIs that establish the Possession portion of our PRO model of identity verification:
PossessionāConfirm possession of the phone with āsomething-you-haveā authentication. ReputationāScreen for risk to ensure the phone being used to authenticate is not compromised or used by a bad actor. OwnershipāVerifying the phone number associated with the rightful owner or true consumer
Check out the Identity Fetchļ»æ for an example of how our APIs, which can include Instant Link, work together for the Identity Fetch PRO solution.
The API uses SMS and the deviceās embedded SIM card encryption to identify the device with the highest degree of certainty positively. This is far more secure than simply using SMS alone, as the SMS message can be intercepted or forwarded to another device. In addition, instant Link uses SIM-based identification to identify the device, even after the SMS delivery. Unlike other SMS-based methods, this ensures identity certainty.
Implementing the Instant Link technology is reasonably simple and requires only that a web server be available for the final step. Optionally, if specific branding of the link is necessary, a second web-based redirect needs to be set up to allow the branded link to forward the device onto the Signzy servers.
The process starts with a user providing a phone number to be attached to the account. You then send this phone number to the Send Linkļ»æ endpoint on the Signzy servers, which returns a link to be sent via SMS to the consumer. . The consumer then clicks on the link to begin the authentication.
The deviceās browser opens the link after itās clicked, the equivalent of the OTP method of typing in a number received in an SMS. This creates a connection to our device API, which then uses the SIM data to identify the device using interactions with the carriers, which cannot be faked. The API returns the actual phone number of the device in question, and the device is forwarded to the URL you provide for your server, which includes an attachedĀ VFPĀ used to call theĀ Check Link Statusļ»æļ»æ endpoint. This URL can be customized to take the consumer to a personalized completion page or back to your native app.
The results of the carrier interactions will be displayed via:
These results will recommend the risk level of proceeding with the consumerās transaction.
Getting help
Please feel free to contact us if you have any questions, require clarification, or have ideas for how to make the documents or any of our services better.
You can reach out to us at [email protected]. We strive to provide prompt and reliable assistance, ensuring your queries are addressed effectively.
We value your feedback and are committed to making your experience smooth and enjoyable. Our team is dedicated to assisting you with any needs you may have. Thank you for choosing our services. We look forward to helping you!
ļ»æ