Veratad Technologies is releasing a new Smart 2FA solution that uses phone records to help verify the identity of the user. The company designed the solution to improve on more conventional device-based two-factor authentication (2FA) offerings, which check to make sure that the user has the proper password and is signing in on a trusted device.
The problem, according to Veratad, is that that kind of 2FA can still be beat with the proper information. For example, a cybercriminal who compromises the user’s password (either through a security breach, phishing, or some other means) and then gains possession of their phone would have unrestricted access to various accounts.
Smart 2FA, on the other hand, takes additional precautions to link a device to its true owner. The solution analyzes the information that the user provides during the onboarding process, and then cross-references it against various databases to see whether or not that name is on any government sanctions list, or is associated with any criminal activities. It also checks to make sure that a real phone number is being used, and that that number used does indeed belong to the person who initiated the registration.
Smart 2FA can be deployed with a single API, and does not create any additional steps for the user during onboarding. With that in mind, Veratad is hoping that it will appeal to businesses that want to deliver a more streamlined experience for their customers.
“Organizations that do business online needed a way to secure account access and establish trust with users, but traditional 2FA doesn’t verify identity. It just provides knowledge of a password and possession of a device,” said Veratad CEO John Ahrens. “In comparison, Smart 2FA introduces two new authentication factors — ownership of the device and verification of identity through phone records and data.”