Phone number verification is the process of verifying that a phone number is valid, reachable and accessible by the user. It is also a popular measure that can be applied to any service or application looking to achieve an extra layer of security.
Phone number verification is often used as a form of two-factor authentication for certain online accounts. By using SMS, only the owner of that particular phone number gains access to a PIN code, sent in real time, allowing them to log into the application with their password and verify their identity with the correct PIN code. Since phone numbers are universally available and no further hardware is required, phone number verification makes for a globally accessible and relatively inexpensive solution to ensure security.
The importance of phone number verification shouldn’t be understated. By using this method of security, spam attacks by bots, fraud and account takeovers can be prevented. Aside from security, phone number verification can also identify unreachable users due to stale or incorrect information meaning your database consistently has up-to-date contact information.
The problem with phone number verification is that it can be a tedious process if done manually. First of all, merely checking that a phone number is valid would entail getting in touch with the carrier to see if the number is genuine rather than fake. However, ensuring that the phone number is reachable and accessible by the user simply entails pinging the number and the user inputs a response that they’ve received the message.
Further complications can also be encountered in verifying phone numbers such as:
Delivering PIN codes reliably
If you are working on a global database of phone numbers to verify, it’s difficult to ensure that the PIN codes are delivered in a time sensitive manner. Unless you are on the same carrier network, the message will get passed along various aggregators until it reaches one that has access to your recipient’s phone. The longer it takes for the user to receive the PIN, the less likely they will enter it and successfully verify the number.
Varying requirements per country and carrier
Since you’re dealing with various carriers in different countries, you need to keep track of the myriad of regulations regarding SMS. This may vary from country to country and even from carrier to carrier within different countries. For example, some countries may require alphabetic sender IDs while others might require numeric. Some carriers do not support unicode formats while some filter messages with certain keywords. This is important to keep in mind as your messages will fail to reach the intended recipient if it doesn’t comply with local regulations.
Localizing the user experience
You cannot use the same template when you are verifying phones internationally because, whilst English might drive conversions effectively in some regions, using the local language in other regions drives better conversion rates. Also, some preferences may be taken into account for certain countries such as if the PIN is better placed at the start or end of the message.
When generating a PIN to send to your users, industry standard algorithms such as RFC62381 need to be followed. This generates time-based, one-time passwords (OTPs) which you can determine the window of validity. When deciding on the validity period, you need to make sure it is long enough for the PIN to not expire when it reaches the recipient, but you want to make it short enough so that it will expire if the user has not entered it within a reasonable time frame.
With these huge management and operational costs as well as various scenarios to think about, there are certain benefits that come to mind when using a phone verification API instead of building up the capability in-house.
Instant global verification
The provider’s solution would eliminate the need to connect to and sign agreements with every carrier in the world. The provider should also have carrier connections that automatically ensure reliability and low latency, as well as having automatic retry and failover to voice to save developers from having to create retry logic when the first message containing the PIN doesn’t deliver. This also eliminates the need for building the system to deliver PIN codes from scratch.
Only pay for successful verifications
The provider should only charge for successful verifications – failed attempts shouldn’t cost a thing. The solution must absorb risk on your behalf so you can focus on securing your user base and predicting your costs rather than implementing this very important but tedious task of verifying people.
The provider must automatically take care of how to work around the hundreds of ever-changing carrier and country regulations, which might otherwise hinder the verification process. This eliminates your need to distinguish from the local guidelines surrounding SMS for each country and multiple carriers.
The provider should provide a dashboard for real-time analytics to measure verifications.
Using a phone verification API will aid you in reliability as the provider should ideally have a relationship with various carriers across the globe leading to a short latency time which increases conversions. It will also be more cost effective as you only pay for successful verifications and reduce the resource overhead of keeping up to date with the various country or carrier specific requirements. Finally, you will be able to measure your verifications and figure out where you went wrong as you will ideally be able to scrutinize the reports in real time.
In short, why do in-house what someone else can do better? Spend your money and time on perfecting your company’s vision, not on the tasks that take you away from them.
Read next: How to leverage Web APIs in your business
This post is part of our contributor series. The views expressed are the author's own and not necessarily shared by TNW.