Immediate update available for Prestashop:
The demo is available at http://presta.onverify.com/
The plugin is available at http://www.onverify.com/ (a free account required)
OnVerify.com announces the complete phone verification solution services. At www.onverify.com, we provide:
1. Phone Verification
This is an automated phone verification call. The pin is announced on the phone. Announced pin needed to be entered on the web form to complete a transaction. This model is used for transaction verification, user verification, two factor authentication, one time password, lead verification.
2. Reverse Phone Verification or Phone Confirmation.
In this automated phone verification call, pin is provided at web site or email but entered on the phone. This model is very useful for confirming online orders with predefined pin/pass, or according to the order number. Order confirmation, user verification, authentication are common uses.
3. Sms / Text Message Verification
Instead of automated phone call, if your users can provide mobile numbers, pin is delivered to the mobile phone as sms text message. The received pin must be entered on web form to complete. This model is very similar to phone verification, so best suitable usages are same. Differences are;
a. Technology. One is phone call, other is text message. On phone call user must listen and note pin. On text message user must read the text.
b. Phone call is an immediate action, where short message delivery may be delayed due to operators.
c. For phone verification, all types of phones can be used. On sms, only mobile phones can be used. On this sense, sms verification may be unsuitable for business type verifications.
4. Call In Phone Verification
Instead of automated call to the number of the customer, the customer has to call a predetermined number from the registered call. The called number can be normal phone line or toll-free. Coupon validation, user authentication, customer verification are common uses.
Securing a web business has never been hard as now. As a web business owner or developer, you may have added several mechanisms to combat hacker from stealing passwords. To access a membership site, you probably implemented username and password checking together with several anti-hacker solutions, like checking last ip, checking logs for suspicious activity, etc. But still passwords, shared computers, passwords in e-mail are your weakest part in overall security.
I want to show how you can add more security to your web site, as a general algorithm. In my example, I will point to phone verification, but it’s also possible to do it with reverse phone verification or sms verification.
Your current flow is possibly as this way, providing you a one point to check the user
I do not suggest you to change this flow, it will be same. But I will suggest you to add another step, to get a two factor authentication with otp (One Time Password) tokens, tokens to be announced on the phone:
With this method, you’ll have a real two factor authentication and a second password token that is generated on the fly; cannot be stolen by a third party.
Check out a live Phone Verification Demo at onverify.com. Drop us an e-mail to get ideas, and implementations. We like to hear and help.
Today, I want to discuss One Time Password solution with Phone Verification, definition, benefits and how to implement it with OnVerify.com.
One Time Password is a password that’s valid only for the current session or transaction, by it’s definition. So, rather than asking the same password, your customer needs to enter a password that can be used only once and specific to the transaction he wants to conduct. It helps to solve a couple of problems like
One Time Password adds another security level to the transaction.
On the implementation side, you need to provide One Time Passwords to your customers before they want to do a transaction. One of the solutions is to sending a token generating small device to your customer. But this brings delivery issues with itself, and it’s not immediate.
Another solution is sending the One Time Password via SMS (short text message) to the mobile number on file. OnVerify.com provides worldwide delivery of SMS. It’s suitable if you have the mobile number of the customer. This method has got a high security property. You don’t need to send a device to your customer. It’s immediate. But this method won’t work if you do not have the mobile phone number of the customer.
A %100 working solution would be sending the One Time Password via an automated Phone Verification call. The password is generated on the fly, that’s bound to specific transaction. When your customer wants to login your services, an Automated Phone Verification will be initiated to the phone number on file. When customer picks up the phone, he will hear the password as voice. He needs to enter the password on your system to access and complete a transaction.
For more information how to setup One Time Password with Phone Verification please contact us or send us an email to support@onverify.com