Prove Auth

Overview

Prove Auth is an authentication platform designed for customer workflows, enabling users to seamlessly and securely log-in to their applications, for example healthcare apps and financial services. The solution leverages users’ smartphones for FIDO2 authentication and behavioral biometrics to authenticate user access, enabling more secure logins, without the friction of usernames and passwords.

Prove enables secure and seamless customer onboarding and ongoing protection against identity fraud, avoiding the risks of MFA bypass attacks by continuously authenticating users across multiple data points. The platform is powered by Prove’s Global Identity Network, which uses phone numbers to build a high level of confidence in user identities based on data from across cell providers. This creates a trusted relationship with the physical device holding that phone number, which is the device that Prove authenticates against for the user moving forward.

Features

Frictionless Authentication

Prove utilizes the smartphone as the authentication device – maximizing convenience for the end user, without compromising on security. This works in two ways: Prove uses the phone number itself to verify ownership, by analyzing its behavior over the last 10 years, and ensuring that the number is owned and operated by the user trying to log in. Once ownership of the phone number is established, cryptographic keys on the physical device are used to passively verify identity via push notifications and behavioral biometrics, including location and user usage patterns, to assess the risk around a device continuously.

This verification methodology is frictionless to the user, while maintaining a very high level of confidence in the identity of users. The platform demonstrates to users the security factors being used to authenticate their identity, as shown in the screenshot below. If these factors are not met, security controls can be implemented, such as limiting the ability for transactions to be made.

Mobile Auth

Prove communicates with mobile networks to verify ownership of mobile numbers in real time, without any action needed on the part of the end user via their tokenized network. This helps to ensure that mobile numbers are owned by genuine users and can replace or augment the use of SMS OTPs and instant links to verify number ownership, which improves both user experience and security.

One-Tap Passwordless Authentication

Prove enables passwordless authentication for users when signing into applications via the use of Prove Keys: cryptographic keys stored on the user device. Once possession of mobile number has been verified by network providers (based on Prove’s Mobile Auth platform) a cryptographic key is placed on the device. Prove can then check this key every time a user logs into the account associated with this device, meaning the user can log in with just a phone number or username, without the need for a password. If a user wishes to log into a second device, they are able to do so via multi-factor authentication, such as a push notification sent to the original authenticated device, alongside a FaceID or TouchID scan, if required.

FIDO Authentication

If a user is logging into a web application, Prove can also verify identity via FIDO keys. This enables passwordless authentication across channels and is supported by all major platforms. This works by placing a FIDO Prove Key into the browser, which can then be checked each time a user logs in. Multi-factor authentication can be enabled by scanning a QR code with the authenticated device, with support for push notifications, text messages, phone calls or biometric checks, such as a FaceID scan.

Ease Of Use

For Users

Frictionless authentication and a seamless end user experience have been built into the foundations of the Prove Auth solution. The system is designed to continuously ensure a very high level of confidence that a user is verified, from the initial account creation to everyday account usage, to everyday application usage. This is achieved in two ways: first authentication takes place on the smartphone device via encrypted keys, enabling one-tap passwordless login through push notifications when signing in.

Second, continuous authentication based on behind-the-scenes context such as device signals and user location. This removes the burden of authentication from the end user, while ensuring continuous risk assessment can take place.

Prove also helps users at the account creation stage with Pre-Fill: an additional component which automatically fills user details based on data collected at the mobile verification stage, including address and phone number details.

If users lose their device or change phone numbers, Prove can quickly establish new connections on the new device based on a variety of authentications which can vary between customers.

For Developers

For developers, this can be a complex authentication system to architect and take a long time to roll out, but this will depend heavily on your environment and agility. It will also depend on the specific Prove features being deployed; for example, web-based authentication via FIDO can be very straightforward to roll out.

Pricing

Pricing is supplied via quotation request.

Final Verdict

Prove is a highly secure, frictionless, and user-friendly authentication platform, ideal for organizations looking to deploy user friendly multi-factor authentication for their application. As well as improving security and user experience, Prove can provide a positive ROI for organizations, helping to encourage new business and new users to use the service by enabling a more frictionless user experience and providing cost savings in call centers and support.

The platform is ideal for fintech and financial services applications, as the platform offers a seamless user journey and model for establishing identity based on phone number authentication and ensuring low fraud rates. The platform is also heavily used in banking, retail, gaming, healthcare, insurance, marketplaces and in the public sector.

More broadly, we recommend any company looking to minimize the risk of fraud while ensuring a frictionless user experience should consider shortlisting the Prove platform.