This guest post comes from our friends at TeleSign.
Websites need to go beyond traditional verifications for new account registration.
Without any checks or balances, fraudsters will exploit sites by creating bogus accounts. They’ll also take over existing accounts by simply guessing their passwords, using over-the-counter hacking tools or leveraging social engineering.
Fraudulent signups increase the cost of running a cloud by boosting infrastructure usage, inflicting excessive chargebacks and requiring manual processes to combat fraud.
To provide a viable and efficient solution, Citrix is integrating phone-based verification into the CloudPortal registration process. TeleSign Verify offers a more reliable way to verify new accounts and prevent account compromise using the most widely deployed technology available today, a user’s phone.
TeleSign Verify accomplishes two important objectives: 1) it verifies that the phone number provided at registration is valid; and 2) it verifies that the user is in possession of that phone.
Here’s how it works:
- User provides the phone number at account registration
- TeleSign sends a one-time verification code to the phone either via SMS or a voice call
- User enters that verification code into the website to activate the account
TeleSign also offers a complementary service, called PhoneID, that determines the phone type and whether the phone number is valid before making a determination whether to activate the account.
Certain phone types, such as prepaid mobile phones (e.g., TracFone) or VoIP (think Google Voice) phone numbers, are inherently more risky than others because they are predisposed to online fraud. Fixed VoIP phones, for example, can be purchased cheaply anywhere in the world, are completely disposable and are virtually untraceable. Not surprisingly, they are the phone of choice for today’s fraudsters and spammers. If a higher-risk phone number is entered during account registration, the user will be prompted by CloudPortal to use a lower-risk phone type such as mobile or landline number to continue the signup process. This critical step goes a long way to keep the bad guys at bay.
Since the integration is API-based, it’s simple for admins to plug in the account credentials to activate the service. This can be performed in minutes. No hardware or software is required and since pricing is transaction-based, Citrix customers only pay for what they use.
Phone-based verification offers a critical extra layer of security to protect your users, your limited resources, and your brand without impeding legitimate users from signing up for your service.
To learn more about preventing online fraud with TeleSign’s phone-based verification, check out this short video.
— Dean Nicolls, VP of Marketing, TeleSign Corporation