US Operators Join Forces on Authentication

Mobile network operators are taking the lead in identity authentication.  It was announced last week that the four largest operators in the United States – AT&T, Sprint, T-Mobile and Verizon – have agreed to collaborate on a Mobile Authentication Taskforce.  With the number and type of online purchases continuing to rise, consumers are increasingly faced with the inconvenience of needing to remember multiple passwords, which can in any case be hacked with alarming ease by fraudsters.  This new solution will negate the need for these by relying instead on authentication via something all consumers now carry with them by default: their mobile phone. With 87% of users stating they would prefer just one login, and 86% saying they have left a website when asked to register, it seems clear the old method of simple usernames and passwords has had its day.

The dangers of online identity theft require no rehearsal.  What is news, unfortunately, is that the frequency of such crimes is increasing: last year a record 15.4 million Americans fell victim to identity theft, an increase of 16 percent from 2015, bringing the total value lost to $16 billion.  “At a time when online and digital services are commonplace, security and authentication are issues that affect us all,” comments Alex Sinclair, Chief Technology Officer at the GSMA. “Through strong collaboration, the taskforce announced today has the potential to create impactful benefits for U.S. customers by helping to decrease fraud and identity theft, and increase trust in online transactions. Further, we will be working closely with the taskforce to ensure this solution is aligned and interoperable with solutions deployed by operators.”

Of primary importance to any such authentication solution is, of course, security.  The GSMA therefore welcomes this addition to the authentication landscape as one using not only a more secure method than passwords, but a more secure data channel than the alternatives.  In doing so the four telco giants in the US follow Korean operator SKT, who last year launched T-Auth, a Mobile Connect-aligned authentication solution which quickly became the number one most downloaded financial app on both Google and Apple stores, now with 7 million active users.  The business case was therefore quickly proven, as mutually beneficial to SKT, online businesses, and consumers alike: T-Auth has made SKT an average of $3 per customer whilst also driving down online cart abandonment from 24% to 4%.

Mobile Connect’s potential was discussed in detail at this week’s Mobile World Congress in San Francisco. Current use case successes examined include the use of Mobile Connect to support single sign-on solutions, helping for instance to bring down the 50% drop-out rate of music app Kuack. The advantages of network-based authentication over alternatives are numerous. In addition to requiring one-off authentication codes, as might a security application, Mobile Connect-aligned solutions can verify identity by making use of information only an operator possesses; for instance, by assessing an attempted purchase against records of previous online behaviour, or other indicators such as SIM location. These superior credentials are not lost on operators: Mobile Connect is now supported by 57 operators in 30 countries, making it available to over 3 billion consumers worldwide. This being the case, it is becoming harder to see the case for downloading a separate over-the-top apps, from a perspective of either security or convenience. The importance of industry collaboration to build an ecosystem – to drive forward innovation and resilience – is therefore impossible to overstate, and as such, the announcement by our partners in the US last week was good news for online security.