- Vodafone Identity Hub rolling out to five more markets in Europe.
- Another Group platform spreads its wings.
- Built on industry initiative Mobile Connect, platform uses network data for authentication and identity verification services for businesses.
Vodafone Carrier Services (VCS) plans to expand its Vodafone Identity Hub (VIH) fraud prevention service for businesses to five additional European markets by the end of 2021, more than doubling the platform’s service footprint.
Born out of the mobile industry’s secure identity initiative Mobile Connect, the VIH services use Vodafone’s network data to provide user authentication and identity and mobile number verification for companies that need secure mobile sales channels. Rather than relying solely on two‑factor authentication that sends one‑time passcodes via SMS to users, businesses can automatically check identities in the background of mobile transactions.
With VIH, Vodafone is taking its own customer authentication capabilities and offering those to enterprise customers via application programming interfaces (API), creating a new revenue stream for VCS.
VIH is a common platform for Vodafone with nearly a dozen APIs that open access to Vodafone network data. The APIs have been bundled into multiple services that thwart identity fraud tactics, such as SIM swapping or account takeover, and validate customer identity against registered account details linked to their mobile phone number.
VCS first introduced the VIH concept in 2019 and launched services in 2020 in Germany, Greece, Spain, and the UK (Vodafonewatch, #179, #180 and #186). In the second half of this year, VIH will be made available in Hungary, Italy, the Netherlands, Portugal, and Romania, according to Fraser King, Global Head of Business Development & Commercial Strategy for VIH, speaking during the recent Messaging & SMS World virtual event.
The goal is “seamless authentication” for businesses and users that overcomes the trade-off between security and simplicity — that is, with multiple layers of security, services are cumbersome. For businesses that use VIH services, the idea is that customers can register or login to services or reinstall applications “without having to go through many steps and without compromising on the level of security”, said King.
While the VIH proposition is being expanded in a total of nine countries in Europe, one of the services, “Number Verify”, is already available in eleven markets and has 104 million addressable mobile users. The service validates customers’ mobile numbers in registration processes and removes the need for one-time passwords to sign up for services.
Vodafone also positions VIH services as tools for complying with digital services regulations, such as the European Revised Payment Services Directive (PSD2). “PSD2 has made it pretty clear that you shouldn’t be sending one-time passwords to users unless you have conducted some form of additional check to ensure that that user is still under the control of the same SIM card or the same number. We see [VIH services] very much as creating a PSD2-compliant solution for anyone sending a one-time password”, said King.
VIH is based on the GSM Association’s (GSMA) Mobile Connect standard and the open source OpenID Connect identity standard for authentication services. Mobile Connect is a long-running digital identity security initiative that the GSMA launched back in 2014 (Vodafonewatch, #178 and passim). The GSMA says that 70 operators have launched the services in nearly 40 countries. Deutsche Telekom, Telefónica Deutschland, and Vodafone Germany launched the services in Germany together in late-2019.
In June 2021, the European Union announced plans create a standard system for digital identity across member states and the GSMA hopes mobile operators will be part of the solutions via Mobile Connect. The group has previously worked with the European Commission to pilot a private-sector, cross-border public service authentication solution that integrated the mobile identity standard in line with existing identity regulation. The GSMA said the EU’s new digital identity proposal will “continue to build on the mobile industry assets to enable trusted, simple and secure access to online services”.