Securing logins and preventing fraud is a top concern for today’s companies. But for many — particularly those that have to comply with strict Know Your Customer (KYC) regulations — the need for multiple identifiers leads to user friction and sign-up abandonment. Cognito has a better solution. And it all begins with a phone number.
How does a phone number become a secure, trustworthy source of identity?
Let’s start with what doesn’t work.
- Social Security Numbers (SSNs) are unfortunately still one of the most commonly asked-for identifiers. SSNs can’t be authenticated. This means anyone who has it can use it.
- Knowledge-Based Authentication (KBA) is an outdated but common practice where the user is asked personal questions. SSNs can’t be authenticated. This means anyone who has it can use it. Few people can remember their 9-digit SSN or KBA answers, leading to frustration.
However, there’s a different and much more memorable number that nearly everyone has…
Enter the phone number.
- The phone number is a better identifier because it’s associated with a physical object that a person possesses, instead of being based on information they know.
- Nearly everyone has one, with 95% of adults in the U.S. having a number that they’re likely to keep for.
A phone number can be as good as a thumbprint — or better.
When a solution relies on regulated data from official sources, rather than unregulated data
from social media and other places that users alter frequently, it provides a much more secure verification process. Over the course of its lifespan, a phone number is recorded at a variety of regulated, trusted touchpoints. These sources include:
- Financial institutions
- Government records
- Credit header files
A phone number is a unique identifier that can be authenticated. Regulated data becomes the key to taking a number from a randomized string of digits to an identity. A number is confirmed as belonging to your customer any time.
- Register to vote
- Purchase a home
So how does verification work?
- Your company adds the Cognito API to your sign-up flow. (It’s quick: we’ve had companies integrated and running in the span of a day.)
- A customer signs up for your service by providing as little as their name and phone number. At this stage, we recommend you send your customer a one-time passcode. This lets you verify your user is in possession of their phone at the time of sign-up. It also raises the attack barrier, because compromising a physical device is much more complex than stealing a SSN.
- The Cognito API automatically consults powerful, regulated data sources to retrieve information and stitch together a real-world identity record for your customer. (This includes their SSN, so that businesses can remain KYC compliant without introducing hurdles upfront).
A user is verified based on the key data points your company chooses. You can set the threshold for verification that suits your business: whatever your use case, Cognito remains flexible.
Behind the scenes, Cognito helps with:
- Verification: Making sure that the name and phone number are tied to each other, and part of a legitimate identity.
- Authentication: Affirming that the user is actually who they say they are.
What if a name and phone number do not surface a complete profile?
Our goal is to verify the majority of customers using as little data as possible. But for the exceptions, gradual verification can still provide your user with a great experience. In such instances, Cognito allows you to prompt the user for their:
- Date of Birth
- Full SSN
- Last Four Digits of SSN
You can send us another request using one or more of these additional inputs, and we’ll apply for a credit card retry — in most cases, at no extra cost. Turning a phone number into an identity isn’t only a safe option — in today’s identity verification landscape, it’s the smartest. Are you ready for a flexible, frictionless identity verification service? Talk to our team today to try Cognito for free.