In today’s ‘Voice of the ISV’ story, Jim Small and Milan Radojkovic at IPification describe how IPification mobile authentication and Azure Active Directory (Azure AD) B2C deliver improved security and a better user experience to our mutual customers.
Don’t compromise on security or usability with your mobile authentication solution
By Jim Small, SVP for Business Development, IPification and Milan Radojkovic, Solution Architect, IPification
Finding a mobile authentication solution with strong security controls and an effortless user experience is tricky. Most solutions are either cumbersome for users or lack effective security protections—or both. With more users accessing sensitive data via mobile devices and more companies relying on mobile as a factor in Multi-Factor Authentication (MFA) scenarios, organizations need solutions that don’t compromise on either security or ease of use. IPification addresses this challenge with a patented technology that uses mobile network data to securely authenticate users with a tap. It’s simple, secure, and provides a revenue stream for carriers. Our integration with Azure AD B2C lets customers who enable MFA use IPification as an authentication factor, providing a platform for them to deliver real speed to market by quickly and easily integrating the built-in Azure AD integration toolkit and suite of developer tools.
Azure AD B2C is an identity and access management solution for customer-facing apps. Customers who use Azure AD B2C get built-in security controls, such as MFA, which can block over 99.9 percent of account compromise attacks. Many organizations use mobile as an authentication factor, but most solutions come with tradeoffs. This blog will explain what makes IPification more secure and how integrating Azure AD B2C and IPification enhances both solutions.
A superior user experience that doesn’t compromise on security
IPification’s unique approach provides a secure and user-friendly HTTPS-based alternative to SMS one-time passcodes and HTTP header enrichment-based solutions. This is achieved through a patented technology that we call the GMID-BOX. Mobile network operators install the GMID-BOX on their networks to generate a hashed ‘Mobile ID’ code that is unique for each user and each service. All information is collected on the carrier side and is hashed so no user information can be extracted from the code.
GMID-BOX technology and the Mobile ID enables us to offer the following core services:
- Passwordless sign-in that is secure and seamless for users
- Verification of mobile phone number
- IP-based telecom operator discovery
The technology also benefits mobile network operators whose services have been increasingly commodified. With the GMID-BOX installed on their network, mobile operators can offer an identity service that provides new, additional revenue streams.
A complete solution with Azure AD B2C
As a scale-up business, our relationship with Microsoft is incredibly valuable to us. Azure B2C provides a platform for potential customers to easily discover and integrate our solution. Azure AD developer tools make integration quick and easy, accelerating speed to market for Azure AD-enabled services who want to offer our passwordless mobile authentication to their customers. Plus, our collaboration with the Microsoft’s Identity Engineering team makes it much easier for us to find and attract shared business opportunities.
IPification also leverages the native Azure AD B2C functions to make delivery of user account recovery simple and easy to deploy. By leveraging the Azure AD capability to store recovery emails, we ensure that the service provider registration flow prompts the end user to create an account, authorize their device, and input a recovery email. Azure AD B2C then saves the recovery email and, after the first-time registration flow, IPification authentication happens in the background with no passwords or credentials required. However, eventually a user will buy a new device or change their SIM card. When that happens, the Mobile ID is no longer valid. The recovery email allows users to securely update their device with IPification. Once the device is authorized, IPification creates a new encrypted Mobile ID based on the new device and SIM card.
An expanding roadmap
IPification is currently available in 11 markets through 15 mobile operators. The key markets currently enabled are across Asia Pacific, Europe, MENA and South America, including Indonesia, Vietnam, Hong Kong, Macau, and Cambodia. Customers can also get the solution in Serbia, Montenegro, Kuwait, Iraq, and Peru. In the next 12 to 18 months, we expect to enable 25 additional markets. We look forward to building on our partnership with Microsoft to continue to provide identity solutions that address the needs of customers across these regions.
As we grow, we will continue to enhance our solution. The next features on the roadmap are focused on providing user and account protection services to merchants and service providers based on mobile operator data. This includes proactive and reactive SIM Swap and Device Change services that enable our customers to enhance their authentication flows, deliver new use cases, or support anti-fraud scenarios. For example, when a bank customer is making a high-value transaction or adding a new payee we can provide the date and time of the last SIM Swap in the user’s device so the bank can determine whether the transaction may be fraudulent. Privacy and consent are very important to us and all our services are built to comply with privacy regulations like the EU General Data Protection Regulation (GDPR). Users will opt-in to mobile-enabled services before they are launched.
Passwordless authentication is the best way to provide secure customer account. For Azure AD B2C customers who enable MFA, IPification provides a powerful mobile authentication solution.