As Both fraud and cyberattacks are on the riseAs traditional passwords and codes sent via SMS lose their effectiveness in protecting digital security, more reliable and dynamic alternatives are beginning to emerge. Among them, this stands out mobile identificationwhat is a solution for this validates the user’s identity using data from their telephone line and the operator’s mobile network. This way it is Eliminates the need to remember passwords or perform additional verification.
This security layer has the special feature that it works completely transparently for the user, which is why it is also called the “security layer”. “Silent authentication” because the identity is validated without the person realizing they are being authenticated. In fact, the entire process happens automatically in the background using data from mobile networks.
To make this solution possible, the Global Telecommunications Operators Association (GSMA) was created in February 2023 the Open Gateway Initiative. It is a platform that standardizes application programming interfaces (APIs) so organizations across all industries can access identity verification, anti-fraud, and secure location services.
“Today More than 90% of mobile connections in Latin America are already covered by Open Gateway. This allows banks, fintechs, businesses and insurers to integrate invisible layers of security that check in seconds whether a number has been cloned, whether the device is legitimate or whether the line has changed hands. The user sees nothing, but is protected,” explains Alejandro Adamowicz, ICT Executive at GSMA Latin America.
This is what the executive adds In the region, three major operators concentrate 75% of mobile connectionswhich makes adoption and standardization easier. “We are more advanced than other regions of the world because there is less fragmentation between operators,” he clarifies.
The need for this technology is recognized when analyzing the current panorama. Digital fraud is increasing at an unprecedented rate. “We have recorded 6.3 million attempted malware attacks per day in Latin America over the last 12 months, which corresponds to 12 attacks per minute,” explains Fabio Assolini, head of the global research and analysis team for the Americas at computer security company Kaspersky Latin America is the region with the fastest increase in cybercriminals in the worldwith an annual growth rate of 25% between 2014 and 2023.
Within this digital universe Mobile identity fraud represents one of the most concerning threats. In these cases, criminals impersonate other users and use their mobile credentials to access their digital accounts.
The most common attacks include SIM swapThis is a method in which fraudsters trick mobile phone providers into transferring the victim’s phone number to a SIM card they control. This method allows them to intercept verification codes and access bank accounts and applications. “Another traditional attack vector that continues to exist is password theft through phishing and social engineering techniques,” adds Assolini.
One of the fastest growing threats is Fraud in the Onboarding digital, i.e. the process of registering new customers. “This attack directly targets the process by which financial institutions verify identities. Today, criminals rely on artificial intelligence to create false identities: they create synthetic videos that can mimic natural gestures such as turning the head, smiling, blinking, precisely the movements that verification systems require during registration,” says Assolini. The impact of this fraud is crucial because it manages to open a bank account with data stolen from a real person but validated with AI-generated images and videos. These accounts then become vehicles for financial crime.
Another problem is SIM swapping: “I became a victim of this fraud in 2019,” says the Kaspersky specialist and recounts: “I was on a business trip abroad. On the first day everything worked normally, but the next day my cell phone lost reception, remembers.
“Banks and other companies such as social media platforms have relied on SMS as a second layer of security for years, but the Central Bank of the Argentine Republic does not consider it safe because it could be intercepted,” explains Gabriel Chapt, CEO of Plusmo, a company that integrates mobile identity solutions that work in the background.
Guillaume Bourcy, Chief Identity Officer at Global Telco Consult (GTC), puts it into perspective: “SMS was useful and universal for many years, but today it is expensive and vulnerable. With mobile identity you can increase security and reduce barriers. In addition, it adapts to the context: approving a transfer of millions is not the same as simply registering. “Invisible authentication is combined with biometrics or other factors, depending on the case.”
The key, according to Bourcy, is dynamic orchestration: different factors that add up or not depending on the risk. This makes the user experience smoother and fraud harder to carry out. Assolini agrees: “The idea is to automatically add steps to authenticate the user depending on the level of suspicion, so as not to overload them with tasks, since it is also about improving the user experience.”
For his part, Guillermo Pacheco, Director of New Business for LATAM at Incode, a company specializing in identity verification and fraud prevention, reiterates this vision: “We talk about the need to implement multiple layers of security, because there is no magic solution.” He adds: “The aim is to reduce risk without compromising the user experience. That’s why we talk about a fraud prevention ecosystem based on complementary layers, such as mobile identification and biometric solutions, among others.”
As mobile ID solutions are implemented, Users will no longer receive SMS with codes and tokens. You also don’t have to remember passwords And if someone steals the key, the network can detect whether the SIM card has been cloned or is being accessed from a suspicious device. In addition, the registration and login processes are expected to be faster, including when opening a bank account or validating an online purchase.
“Thanks to this system, companies can obtain information from telecom operators via APIs and know which company a line belongs to, whether the chip has been ported and when this porting took place. This data is used to detect suspicious movements and prevent a criminal from taking over the victim’s mobile identity,” explains Chapt.
The effects are not only technical, but also economical: Reduce fraud, companies save millions in losses.
The promise of this security layer is enticing: more security, less friction and a better user experience. In any case, the Kaspersky expert reminds that “invisible systems represent a huge advance, but they are not immune because attackers are constantly evolving. Therefore, the challenge is always for two reasons: on the one hand, strengthening the technology and, on the other hand, informing the user so that he understands that he is protected even if he notices changes.”
For his part, Adamowicz believes that the user should be informed about the invisible layer that protects them. That’s why he recommends that communication be part of the process: explaining to the customer that validation exists, even if they don’t realize it.
Aside from the benefits of this “invisible layer”, experts agree that for now the ideal is to create a hybrid ecosystem: mobile identity as a base layer, biometrics as an additional factor depending on the context; and other elements that together ensure security.
About The Author
