Consumers are starting to think a little differently about how much they’re willing to be tracked and traced in the name of protecting their own wellness and the public health. Jon Prideaux, Boku CEO, says: “If we build these things in the right way with privacy by design … you actually end up with something that is backed up for individuals, where they aren’t revealing more than they want to,”
Boku extends Identity connections to form world’s largest network for phone verification signals
Boku Inc (AIM: BOKU), the world’s leading independent carrier commerce company, is pleased to provide an update to its global coverage for mobile identity services as Boku now offers mobile identity verification capabilities in more than 50 countries.
Through direct connections to mobile network operators (“MNO”s), including all UK MNOs supplemented by indirect connections via authoritative and trusted third parties, Boku can now offer Identity services from over 200 carriers covering 51 countries, including 34 countries in Europe, the Middle East and Africa, nine in the Americas and eight in the Asia-Pacific region. This demonstrates the significant progress that has been made to position Boku as the provider with the widest reach of phone verification services globally. When Boku’s Identity business was formed through the acquisition of Danal Inc on 1 January 2019, services were only provided in three countries; the USA, Canada and the UK.
The mobile verification capabilities provided by Boku will help some of the world’s largest companies to seamlessly verify good customers via their mobile device and reduce the negative impacts caused by fraudsters through social engineering. Read full post
One-Time Passcodes (OTPs) via SMS: less secure than they seem?
One-Time Passcodes (OTPs) delivered via SMS are increasingly being used by companies to secure transactions and protect customer data. But growing rates of compromise are causing concern for regulators. Adam Lee, Chief Product Officer at Boku, looks at what’s happening and suggests some alternatives.
Our previous blog looked at the rapid rise of Account takeover (ATO) as a fraud risk for companies across many sectors. As explained in that article, many companies are now looking to OTPs delivered by SMS to confirm user identity and secure transactions, given growth in ATO compromises. However, a number of developments point to the growing insecurity of OTPs as a means of account confirmation – and the industry is weighing alternative means of verifying user identity.
For European companies, alarm bells started to ring earlier this year when respected international fraud specialists FICO published their 2018 fraud report for Europe. That report revealed that ID theft had shot up by 48% in the UK alone, driven mainly by increasing fraud on mobile devices. Around 70% of that mobile fraud can be attributed to ATO, in which criminals target user accounts by compromising their social media information or purchasing stolen account information over the dark net. Read full post
Boku Officially Launches with Pearl Abyss to Extend Mobile Payments and eWallets Globally
San Francisco, CA Boku (AIM: BOKU), the world’s leading independent carrier commerce company, is pleased to announce a multi-country launch going live today of Direct Carrier Billing (DCB) and eWallet payment services for Pearl Abyss Corp (“Pearl Abyss”), the Korean game developer, best known for the open-world MMORPG (massively multiplayer online role-playing game) Black Desert.
The launch countries include Russia, Turkey, Thailand, Philippines, Indonesia, Malaysia, and Singapore and alongside carrier billing will also include local eWallet payment services such as RabbitLinePay, GCash, GoPay, OVO, Dana, GrabPay
Commenting, Kevin Kim, CBO, Pearl Abyss said: “Not everyone possesses a credit card or feels comfortable providing their credit card details for online purchases. However, almost everyone owns a mobile device which can be used for online payments, that is why Boku’s ‘Mobile First’ payment services via direct carrier billing and eWallet billing appeal to us. The secure, intuitive, easy-to-use and low-friction checkout experience will result in higher customer satisfaction, conversion, and retention. Pearl Abyss is looking forward to a successful partnership with Boku, in particular as we roll out our new and exciting Black Desert game offerings.” Read full post
Scams hitting Coronavirus tax relief and economic impact payments prove we need better ID verification.
Adam Lee, Chief Product Officer at Boku, says the online industry will move to adopt enhanced phone number verification as a new standard for user verification.
Our new white paper makes the case that current online user verification techniques are at risk from malefactors who acquire users’ personal data to impersonate them online. And as this story in the New York Times shows, the problem of user impersonation is getting even worse in these times of crisis. Personal data is simply too easy to obtain. Organisations have tried to respond by moving to user ID confirmation through secondary factors like biometrics, or PIN numbers mailed to home addresses. However, as our recent blog makes clear these techniques can be cumbersome and time-consuming, and may require access to forms of registration not widely available at present.
New ID verification (IDV) solutions are emerging that revolve around mobile phone ownership and possession together, thereby detecting both stolen numbers and fraudulent numbers when performing a phone number check. Such solutions thwart online impersonation in real time without any special pre-registration and will be of interest to all organisations relying on verified identity to allow user engagement – which means pretty much every organisation out there right now, when in-person verification is more or less out of the question. Read full post
Account takeover fraud is growing fast. There’s a better way to stop it.
Adam Lee, Chief Product Officer at Boku, reviews efforts to combat account takeover threats that target One-Time Passcodes (OTPs) delivered via SMS, and suggests a better way to fight one of the fastest-growing forms of fraud.
Account takeover (ATO) is a major issue for any business looking to protect customer data in the digital environment – and these days, that means pretty much everyone. ATO occurs when criminals harvest consumers’ stolen log-in credentials for use in fraudulent transactions. Growing fastest in the mobile internet environment, ATO is estimated to have risen by 80 percent in 2019 alone.
Fraud is migrating online in lock-step with our use of digital devices to access and pay for services. Worldwide, FIS Global predicts that m-commerce will grow at 19 percent on average to reach US$2.29tn by 2022. By contrast, physical sales are set to grow at less than 5 percent a year over this period. The takeaway is that as business moves online, fraud follows – with account takeover leading the way.
Some sectors have tried to improve fraud detection through the use of Artificial Intelligence and Machine Learning techniques, although these remain in their infancy. As a result, a lot of companies now rely on multi-factor authentication techniques like One-Time Passcodes (OTPs) transmitted over SMS in the fight against account takeover. Read full post
Webinar: Looking Beyond SMS OTP: Why SIM Swapping is an Effective Weapon for Cybercriminals?
Join us for this important webinar Wednesday, 6 May 2020 at 1600 BST / 1100 EDT / 0800 PDT
A March 2020 press release from Europol details recent global cybercriminal operations which weaponized several SIM swapping attacks to commit hundreds of fraudulent withdrawals from victims’ bank accounts totaling more than €3 million in financial losses.
Very often, these account takeovers (ATOs) are perpetrated through compromising ubiquitous two-factor authentication methods including SMS OTP through social engineering, malware, or SS7 hacks.
While the overall chain of events of these cybercrimes are straightforward and rudimentary in nature, the effects are devastating and costly.
Key takeaways from this webinar:
- The evolution of two-factor authentication methods and SMS OTP
- SIM swap techniques used by cybercriminals and effects
- Best practices to protect yourself and prevent SIM swap from happening
- Moving forward together: how solution providers, financial institutions, mobile network operators, and governments are working together
Register here.
Speakers:
Paul Rodgers, Chairman at Vendorcom and Stephen Fowler, VP Business Development New Markets, Boku Read full post
Data breaches are making online user verification difficult.
We need a better approach.
Adam Lee, Chief Product Officer at Boku, argues the online world is over-reliant on easily-compromised personal data for verification.
We can no longer rely on personal data alone to confirm user identity online. Databases are now so routinely hacked into, compromised and distributed to criminals over the dark web that today’s user verification systems – which chiefly rely on user’s personal data for success– are becoming increasingly exposed to the risk of user impersonation by malefactors.
Information from Javelin Research suggests there were 14.4 million US victims of identity fraud in 2018. Fraud attacks utilising stolen user data to impersonate victims accounted for US$14.7 billion in financial losses. In total, the 2018 US Identity Fraud Study estimated that US$107 billion had been stolen from individuals, retailers, banks and other organisations in the previous six years through user impersonation– and the problem continues to grow as fraudsters become more adept at harvesting stolen user credentials and distributing these credentials among the criminal fraternity.
User impersonation usually occurs when a new account is falsely created using data stolen or purchased by criminals on the dark web. Read full post
Stemming the SIM-Swapping Tide in Fraud Friendlier Times
While being the victim of fraud is never good, there is something to be said for at least being able to identify where exactly one went wrong.
“The scary thing about the SIM swap fraud is it’s not like the victim has done one thing wrong,” Prideaux said. “They never clicked on a bad link, never sent anything to a fake site — they were just sitting with a phone that stopped working one minute after working the last. The problem was someone at the telco who was fooled by the fraudster into reissuing the SIM, which was then used to take over their number and their entire life.”
More Time at Home = More Demand for Home Entertainment
Here is an update on the impact of Government social distancing measures on the demand for home entertainment services delivered by our Merchants.
The charts below typically look at new user data comparing February, when the restrictions primarily affected a few countries in Asia, and March, when the pandemic reached Europe and the US. (We acknowledge that the charts do not have a Y Axis, we’re explicitly aiming to show trends not disclose detailed user acquisition data). Some of the charts show the number of new users accumulated through the month, others show a day of the month comparison.
Which sectors are affected?
Boku operates two business lines: an Identity business that uses phone operators to verify possession, integrity and ownership of mobile phone numbers, and a Payments business that allows people to buy digital goods and charge them to their phone bill. We’re seeing that demand for Identity services is broadly unaffected; people are still using their mobiles to do things.
For video and games, by contrast, demand has increased. It seems that if you’re confined to your home, a favoured way to kill time is watching streaming TV or playing games, especially games with a social element such as MMPORGs (Massively Multiplayer Online Role Playing Games). Read full post