2FA, MFA & SFA: How Can Flash Calling Help Authentication Processes?

POSTED BY Rosie O'Connor

As we describe in our latest flash calling research, flash calling can be used in both 2FA and MFA for authenticating a service or action via multiple security and ID checks. Such calls offer a superior method for verification due to their frictionless and cost-effective nature.


Dependent on the authentication method used by service providers, their success is varied. For users, the method which offers the highest security but with the lowest friction is ideal, with recognition signals being particularly effective.
Types of authentication processes include:
SFA (Single-factor Authentication): Users are only required to utilise one type of evidence, such as a password, to authenticate their account or activity.
2FA (Two-factor Authentication): This requires users to verify their account through two or more methods of authentication, such as passwords and flash calls.
MFA (Multi-factor Authentication): This method requires more than two methods of verification, including evidence of the user’s identity, in order to offer a higher level of security for users and protect businesses from successful fraudulent attacks. Such factors include passwords, face-ID, unique characteristics, security codes and more.
Whilst the level of security is likely to be higher for customers utilising MFA, the abundant number of security measures may create more friction between user and service. This in turn will cause users to migrate to other services which are simpler and more efficient to use.
The verification process works as the number associated with the flash call leverages MSISDN (Mobile Station Integrated Services Digital Network); a phone number which verifies user identity and activity whilst on a call. The MSISDN ensures secure connectivity between the different components across a network and is utilised to enable routing of voice and SMS traffic. To authenticate, end users retain an MSISDN, whereby an OTP is deployed to customers to ensure security across the network.

A2P SMS & OTP Business Messaging

A2P SMS messaging dominates the existing market for phone number and identity verification, due to its ubiquity and established nature in the space. With this, the associated traffic is controlled by OTPs and PIN usage. However, emerging markets are identifying service costs as the key differentiator between A2P SMS messaging and flash calling authentication.
A2P SMS messaging is an established process for 2FA, which is a more widely used authentication method amongst existing services. Despite its popularity, A2P SMS messaging is vulnerable to security threats, as traffic travels indirectly across a network; leaving operators to consider other more reliable services to minimise the chance of fraud and enhance customer experience.

Flash calling is a potentially disruptive technology for A2P SMS business messaging, through offering more cost- and time-related advantages over established processes.

The Impact of Flash Calling on A2P SMS Traffic

Operators have become increasingly reliant on A2P traffic to provide their revenue, as P2P (Person-to-Person) traffic has declined due to OTT messaging services. With this decline, operators need to ensure they develop innovative messaging services to remain relevant amongst OTT services.
Providers of OTT platforms have the ability to overthrow MNOs’ communications revenue by migrating from A2P SMS messaging services to voice calling authentication, such as flash calls. As more OTT players have integrated flash calling authentication across their applications, operators are losing out on revenue from missed call termination costs and traffic. In order for operators to leverage revenue from this traffic, flash calls and A2P SMS messaging need to be detected and monitored across all networks.
OTT platforms such as WhatsApp are migrating from A2P SMS messaging to flash calls as a primary means for 2FA authentication, in order to protect the user experience and capitalise on traffic.

Security Threats Associated with Flash Calls

Flash calling presents a growing number of security threats, cybercrime and fraudulent attacks for user verification. The increase in the number of fraudulent attacks and spam callers has caused damage to the market value and share of flash call authenticators.
Subscribers are increasingly aware of the reputation of voice calls permitting security risks, and the negativity associated with voice calling platforms results in revenue losses for operators, as subscribers lack trust in their services.

Related Reading

Our complimentary whitepaper, Detecting Flash Calling: Block or Monetise?, assesses potential losses to unmonetised flash calls, and outlines how platforms can leverage voice firewall services and cost-effective authentication methods to verify and validate their services for end users.
“Juniper Research’s latest Flash Calling report provides a comprehensive evaluation of the growth prospects for the flash calling market and authentication process. The report comprises strategic recommendations for blocking, detecting and monetising flash calling traffic, including potential disruption to A2P SMS business messaging traffic, as well as potential threat to network operators. It features comprehensive 5-year forecasts for flash calling traffic, as well as an evaluation of the impact of flash call verification for both operators and OTT apps, including key findings for blocked, monetised, and undetected flash calling traffic.”