Set up phone number risk evaluation

Learn how to configure phone risk evaluation to protect your applications from high risk / fraudulent phone numbers.

βœ…

Phone risk evaluation detects the line types of a phone number and SIM card's change status. The feature allows you to select which of these signals to distrust during identity verification. Decide what actions a customer can take after the risk signals are evaluated.

1) Open an identity verification policy.

2) Go to 'Phone number risk evaluation' in the policy.

3) Click the + sign to configure the step.

Phone number risk evaluation step configuration

Phone number risk evaluation step configuration

Phone risk evaluation will open for editing.

4) Inside the step, set up a native claim at 'Phone number availability'.

🚧

Select a native claim that's mapped to an account attribute that collects phone numbers from customers.

πŸ“˜

Phone risk evaluation will analyze the customer information that goes into the account attribute mapped to the selected native claim.

5) Set up the Failure rule(s).

Phone risk evaluation failure rules

Phone risk evaluation failure rules

Select the risk signals that will fail the phone risk evaluation;

  • Mobile signal (not recommended)
  • Landline signal
  • Fixed VoIP signal
  • Non-fixed VoIP signal
  • Any other types of phone signals
  • SIM card and subscriber phone number pairing has recently changed

🚧

If selected, the signals are classified as potential threats. If any of the selected signals are detected, risk evaluation will bring the verification step to a failure, directing the customer to a Failure action.

βœ…

If none of the selected signals are detected, then customers can continue with identity verification through a Success action.

Actions

6) Decide how the identity verification flow should move forward from either outcome.

  • Success action: the customer can either go to a 'Next verification step' or can be allowed to log in by selecting 'Exit verification flow'.

πŸ“˜

In case of a Success action, the 'Exit proofing flow' logs the customer into their account.

  • Failure action: the customer can either
    • go to a 'Next verification step' OR
    • can be removed from the flow either by
      • displaying a 'Failure message' OR
      • directing the customer to the 'Exit verification flow'

πŸ“˜

In case of a Failure action, the 'Exit verification flow' leads to a session timeout.