Lately, we've seen a number of news items concerning SIM swapping. That's where hackers take advantage of limitations in mobile devices and SMS-based communications to commit identity theft or account takeovers. There have even been some questions about whether authenticator apps that don't rely on SMS for token delivery are also susceptible. Or whether or not a SIM swap would enable a hacker to assume control of a phone number and install an authentication app to gain access to an already-protected online account.
Twilio is now providing tools to help our authentication customers address this issue. Working together, the Authy authentication API and the free Authy 2FA app create a chain of trust that allows Twilio/Authy customers to determine which end-user apps to trust for authentication. They record uniquely identifiable numbers assigned to every installed app, as well as the sequence of app installs and the methods of installation. Through …
From 14th September 2019, millions of European consumers will experience a change in the way they complete online payments. A new European banking law, PSD2, will mandate a stronger form of two-factor authentication (2FA) for all online and over-the-phone payments. This extra layer of friction will impact conversion and sales for online businesses.
Twilio has been hard at work to help businesses navigate this massive change and minimize impact. We’ve updated both the Authy API and our free Authy app to help you meet all the requirements of Strong Customer Authentication (SCA) and be PSD2-compliant.
PSD2 introduces authentication requirements that go above and beyond typical 2FA:
- Each authentication code must be specific to the transaction amount and recipient, and
- Both the payment amount and recipient must be made clear to the payer when authenticating.
The Authy API has several methods for completing authentications. Push authentication meets all …
Confidence in your users’ phone numbers decreases fraud and increases the reliability of communications with them. Twilio’s Verify API is used to verify ownership of 235 million phone numbers each year. With all the delivery and business logic prebuilt, Verify can be implemented in just 2 API calls.
For 2019, Verify has been rebuilt to fully leverage the Twilio platform, resulting in a 300% increase in requests per second (RPS), greater integration with the Console, improved library support, and granular verification logs. We’re excited to announce that this new API, Verify v2, is now in public beta.
- Easily trace and troubleshoot phone verifications using new logs in the Twilio Console, helping you monitor individual verifications on a per-user basis.
- Proactively respond to shifts in verification traffic with metrics that show verification destinations and geographic trends. For example, identifying low success rates in Argentina or South Korea.
- React …
This is the second of a three-part series of posts detailing PSD2: Strong Customer Authentication in the EU (SCA).
In the first part of this series, we looked into PSD2’s requirements for dynamic linking, and established that Two-Factor Authentication (2FA) can be used for Strong Customer Authentication (SCA). In this piece, we’ll look at the different types of 2FA you can use with Twilio’s Authy API and how it can help you meet dynamic linking requirements.
Authy is a fully featured authentication API that makes it simple to add 2FA or passwordless login to your applications. It supports One Time Passwords (OTP) sent via voice and SMS, Time-based One Time Passwords (TOTP) generated in the free Authy app or via an SDK, and push authentications via the same Authy app or SDK. This article covers both push authentication and OTP via SMS and voice. TOTP will be covered in …
This is the first of a series of posts detailing the EU’s PSD2 Strong Customer Authentication (SCA).
Riding on the convenience of same-day delivery and 1-click payments, online purchases are conquering the consumer marketplace. But they face a serious new challenge starting in September 2019, when any card-not-present transaction over 30 Euros will see an increased amount of friction by requiring payer authentication.
The European Banking Authority has issued rules and regulations in the form of the Payment Services Directive 2 (PSD2), a policy that regulates all payment service providers completing a payment in EU member states and applies to businesses around the world. The main goal of PSD2 is to open the payment ecosystem, allowing for new technologies that aim to simplify online payments or transfers. However, another aspect of the policy is to address concerns about rising costs of fraud for online financial transactions by mandating strong customer …
When using SMS to verify a phone number or for two-factor authentication, it’s essential that the message successfully gets to the intended user, without delay, in order to maximize conversion. However, there are a lot of variables in ensuring reliable and fast delivery of messages globally. Some routes are faster than others, while certain destinations only allow messages from specific kinds of numbers, and carriers will often filter repeated messages, thinking they’re spam.
Because configuring efficient and reliable SMS delivery can be complex, and will likely require constant maintenance, Twilio offers two pre-built APIs, Verify and Authy, which spare developers the hassle of trying to making sure your verification and authentication SMS messages get to their intended recipients quickly and consistently.
As part of our ongoing improvements to these APIs, we are announcing the introduction of AUTHMSG, an Alphanumeric Sender ID, for use in 79 countries, which will further increase …