New Study by Prove Unveils Large-Scale Consumer Multi-Factor Authentication Vulnerabilities

Are your MFA transactions vulnerable?

Prove Logo

Analysis finds potential risks for FinTech & Retail sectors this holiday, Findings mark successful integration of Prove’s Multi-Factor Authentication solutions

NEW YORK, NY, UNITED STATES, November 18, 2020 / — Prove, the modern platform for phone identity, today announced the release of a new analysis highlighting critical consumer multi-factor authentication (MFA) vulnerabilities. Key findings of the study, which was conducted using the company’s award-winning Trust Score™ technology, include a marked increase in the number of multi-factor authentication transactions over Non-Fixed VoIP lines (virtual phone numbers not tied to a physical address), as well as a particularly high risk of fraud in the FinTech and e-Commerce/Retail sectors. The report, entitled “Trust Score Transaction Vulnerability Analysis,” can be downloaded here.

Prove’s analysis scrutinized over 385,000 retroactive SMS & Voice one-time password (OTP) transactions and discovered several key concerns including:

10% of multi-factor authentication transactions were over Non-Fixed VoIP (voice over internet protocol, i.e. virtual phone numbers not tied to a physical address) lines. Why this is concerning: This increase in non-mobile device types is concerning because it indicates a potential opportunity for bad actors.

FinTech and e-Commerce/Retail may be particularly at risk. The analysis shows 2X and 18X higher chances, respectively, for low Trust Score transactions in these sectors. Why this is concerning:
– Trouble heading into the holidays: FinTech/Financial Services and eCommerce/Retail lead in global holiday season account fraud annual increases, with Cryptocurrency at 178.4%, Financial Services at 81.7%, and Retail at 29.3% YoY fraud rate growth. (eMarketer study, Dec 2019)
– E-Commerce is trending upwards and expected to account for 19.2% of all retail transactions by 2024, leading to more digital fraud exposure risk. (eMarketer, Oct 2019)

2.5% of mobile MFA transactions were found to have low Trust Score and 5% were found to have low SIM tenure, indicating recent SIM card swaps. Why this is concerning:
– In a study of top 5 U.S. prepaid carriers, 80% of attempted SIM-swap attacks were successful as a result of “insecure authentication challenges that could easily be subverted by attackers”. (Princeton study, Jan 2020)
– The Federal Reserve found that 85-95% of applicants identified as synthetic identities are not flagged by traditional fraud models. (Federal Reserve Payment Frauds Insights, July 2019)
– Identity fraud accounts for $16.9B in annual losses in the U.S. (Javelin 2020 Identity Fraud Study, April 2020)

Prove’s analysis indicates possible vulnerabilities in companies’ current authentication processes, which may be unknown to the companies themselves. These results point to both major information deficits, such as outdated customer information, as well as risks that are not being addressed by in-place security measures, leaving companies and customers vulnerable to bad actors. The study also shows that these multi-factor authentication concerns can be addressed by fortifying one-time passwords with a trust indicator such as Prove’s Trust Score, which uses behavioral and phone intelligence signals to measure fraud risk and identity confidence.

This analysis marks the successful integration of Prove’s newly acquired Multi-Factor Authentication solutions into its modern identity authentication platform less than six months after Prove acquired them from Early Warning Services, LLC, along with other solutions including mobile authentication, orchestration solutions, and the complete Authentify® line of business. These capabilities can now be deployed in conjunction with Prove’s other products, including Trust Score.

“We are thrilled to announce the successful integration of our recently acquired Multi-Factor Authentication solutions with Prove’s award-winning phone identity platform in such a rapid period of time,” said Geoff Miller, SVP of Global Fraud and Identity Solutions at Prove. “This analysis demonstrates the enormous value of combining best-in-class MFA capabilities with Prove’s platform to identify vulnerabilities, which Prove’s wide array of solutions can in turn help to solve and defend.”

For the full analysis and to learn more about how to fortify your multi-factor authentication processes with Trust Score and other security enhancing solutions, visit

About Prove
Prove is the modern platform for phone identity and is used by over 1,000 enterprises and 500 financial institutions including 8 of the top 10 U.S. banks. Prove’s global solutions and phone intelligence-driven APIs can be easily orchestrated to increase Approve Rates to over 90%, enabling companies to verify and authenticate customer identities accurately, effortlessly, and privately, while mitigating fraud. Prove’s solutions are available in 195 countries. For the latest updates from Prove, follow us on LinkedIn.

Mallory Edmondson
WIT Strategy for Prove
+1 415-710-2804

Leave a Reply

Your email address will not be published. Required fields are marked *