Revolutionising Mobile Authentication: Are APIs the Key?

August 2024

Telecoms & Connectivity

Molly Gatford

Senior Research Analyst

Numerous types of fraud are impacting today's telecoms industry, including the exploitation of the weaknesses of SMS as a verification channel to steal personal information and take over a user’s identity. Given the wide demand for authentication services, there is an increasing need for more secure solutions that offer a more seamless experience for users.

One anti-fraud solution, which is being launched by operators globally and is expected to gain traction over the next five years, is standardised anti-fraud APIs (Application Programming Interfaces). APIs are a set of definitions and protocols that allow software applications to communicate with each other and exchange information. With traditional SMS monetisation under threat, both from the rise of fraud including AIT (Artificially Inflated Traffic) and enterprises migrating to alternative channels for rich business messaging, anti-fraud APIs offer operators a new way to monetise their networks.

The need for new revenue streams has resulted in nearly 50 operators worldwide supporting the Open Gateway; an initiative launched by the GSMA in 2023. This initiative helps operators transform their networks into developer-ready platforms with the development of Open Gateway APIs, which are defined and published in CAMARA Project. The aim of the initiative is to create open, standardised APIs for the telecommunications industry, which will allow developers to more seamlessly adopt APIs from operators.

Why Operators Are Embracing Open Gateway APIs

There is a clear focus on Open Gateway APIs for anti-fraud, with more than 30 operators globally launching these APIs to date. With anti-fraud APIs, it is possible for operators to share information on mobile subscriber identity that is contained within their databases; allowing enterprises to request this information to verify the identity of a user.

For example, enterprises can request information about a mobile number from the operator. The mobile number provides a way for enterprises to verify the identity of a user and is already used for SMS OTPs (One-Time Passwords). Since the mobile number is already a widely accepted form of identity verification, enterprises will be open to new authentication solutions that use it. AIT is impacting the use of SMS OTP, as it results in lost revenue for enterprises as they pay for traffic being delivered to fake numbers. Therefore, there is demand from enterprises for new solutions that utilise mobile numbers to verify users.

More than 30 operators have commercially launched an anti-fraud API under the GSMA Open Gateway. APIs which have been launched by the most operators include the Number Verification and SIM Swap APIs. The Number Verification API allows for real-time checks of the phone number that is associated with a SIM in a device connected to a mobile data network. Meanwhile, the SIM Swap API checks when the SIM card associated with a mobile number was last changed. When an enterprise uses these APIs in combination, it creates a more frictionless and secure authentication process for the end user, as they are verified automatically and there is less chance of interception.

In its recent report, Juniper Research found that operator revenue from fraud prevention APIs will grow 80% over the next five years, from $12 billion in 2024 to more than $22 billion by 2029. It is anticipated that enterprises within the banking and finance industry will be the first to adopt these new anti-fraud APIs, to protect customers from fraudulent transactions.

These APIs are expected to be high volume and low value, as they need to compete with other existing authentication solutions. Therefore, the wide demand for more secure authentication will drive a high volume of traffic over the next five years.

Total Number of Fraud Prevention API Calls (m), 2024 & 2029

Source: Juniper Research

Are APIs the Key?

APIs have several benefits for user identity verification and fraud prevention. They allow for more secure verification of user identity using mobile number, as fraudsters cannot intercept API calls made to the mobile operator in the same way that they can intercept SMS OTP. Moreover, APIs are less vulnerable to AIT, since strict input validation and rate limiting can be put in place to stop excessive requests from a single source.

With Open Gateway, the creation of a unified framework for APIs allows developers to integrate with multiple mobile networks through a single point of access; accelerating time to market for new fraud prevention services. This addresses the previously siloed nature of the telco API market, where developers had to rely on proprietary APIs from specific vendors or platforms.

Whilst APIs can enhance the user experience and will overcome the limitations of SMS OTP, there are also some new challenges facing the telecommunications API industry. Fraud is continuously evolving, and the standardisation of APIs might make it challenging for operators to adapt to new types of fraud. However, the Open Gateway initiative will provide a platform for the development of new APIs to overcome new types of fraud as they emerge, ensuring that these solutions are launched quickly. 

Another limitation is that all operators within a country must agree to launch anti-fraud APIs to encourage enterprise adoption. Recently, Singtel and Bridge Alliance partnered to launch the Bridge Alliance API Exchange, which aggregates its 34 operator members’ APIs on a single platform; making it easier for developers to launch new services on these operator networks. Operators that are part of the Bridge Alliance mostly operate within the Asia Pacific region, and the exchange is expected to accelerate the adoption of fraud prevention APIs by enterprises in this region. Similar initiatives are needed in other regions, to encourage operators to launch anti-fraud APIs, and make it easier for enterprises to adopt these. 

Operators will have to carefully consider how to price fraud prevention API calls, to ensure that enterprises are not priced out when paying on a per-transaction basis. Another solution that provides a cost-effective alternative to SMS OTP for enterprises is flash calling, which also uses the mobile number for user authentication. 

Thus, APIs must not be the only solution that operators are investing in to prevent fraud across their networks. Juniper Research expects that fraud prevention APIs are a tool for operators to commercially test standardised APIs. Fraud prevention use cases are in high demand and, therefore, it makes sense for operators to launch these APIs first to educate the market on standardised APIs, before launching APIs for more complex use cases.

Molly is a Research Analyst at Juniper Research, providing insight, data, and recommendations for established and future markets within the telecommunications sector. Her recent reports include Telecommunications APIs, Travel SIMs & eSIMs, and Generative AI in Mobile Messaging.