How Persona enhances user verification with Twilio Verify and Lookup
Time to read: 3 minutes
Challenge
Persona wanted to provide more ways for its B2B customers to confirm the identity of their customers, especially in countries where database verification is not ideal.
Solution
Using Twilio’s Verify API, Persona can embed reliable 2FA into their customer flows. Twilio’s Lookup API has helped to prevent SMS Pumping fraud.
How do companies know their customers? Let Persona count the ways. The San Francisco-based identity service provider helps companies across the globe personalize how they collect and verify their users’ Personal Identifiable Information (PII). By providing a consolidated and unified identity verification and orchestration platform, Persona has positioned itself as the trusted user authentication and identity solution for businesses looking to consolidate independent software vendors (ISVs), prevent fraud, build trust and safety, and maintain compliance standards.
Persona directly tackles the many challenges involved in verifying customer identities, including how to handle PII data. But Persona’s B2B customers span industries, countries, and success metrics, and the issues they face vary.
While many other solutions specialize in specific verification methods, Persona Product Lead Vincent Tsao says Persona was built for any use case: “The idea is that we provide a one stop shop for all of the different verification types that you might need. We build on a combination of both first party software as well as integrating with different specialized vendors.”
Persona turned to Twilio Verify to add 2FA to their solution set, and enhanced security against SMS Pumping fraud with Lookup SMS Pumping Risk Score.
Factoring in reliable OTP experiences
The first Twilio solution Persona added to their stack was Two-factor authentication (2FA), part of Twilio’s Verify API. This adds an extra layer of security to sign-ups and subsequent logins by requiring users to provide two forms of identification.
2FA verification is part of a longer verification flow. Vincent explains: “Customers will actually combine this with database verification and look up this number against a database and confirm that the name from the government ID matches the name that's associated with this phone number.”
Hundreds of thousands of users successfully verify with phone 2FA each year. The Twilio Verify API lets Persona customers build one-time passcode experiences for simple, effective account login. These time-sensitive, single-use OTPs replace static passwords to provide greater protection from fraud and data leaks.
“The fact that we can offer this as a lower friction verification type that works across the world is a major win for us,” says Vincent.
“Every verification type we offer sits on a spectrum between driving conversion and deterring fraud.”
Preventing SMS Pumping in real-time
But what about SMS pumping fraud? SMS OTPs can be vulnerable to this type of fraud where fraudsters artificially inflate traffic generating additional SMS costs to the business and reducing conversion rates as a result. Businesses can apply certain measures to mitigate it but it is not always sufficient to stop it.
From late 2021 through 2023, Persona estimated $300k in terms of losses. The company built a fair amount of mitigation tooling around rate-limiting messages by country and even per customer. As part of their response, they implemented Twilio Lookup SMS Pumping Risk Score to enhance accuracy when identifying fraud behavior.
Lookup has been a key piece in their fraud prevention strategy and they haven’t had any major fraud incidents since implementing it.
“Lookup SMS Pumping Risk Score has been a strategic improvement in our fraud prevention engine that coupled with other solutions has helped us avoid any major spikes in the past months in terms of SMS Pumping”
Proving reliability and ROI
While Persona has users from all over the world, many have US numbers. Because of that, the company leverages short codes for maximum deliverability.
“One of the very first things we learned is how these OTP codes can get blocked for various reasons that are opaque to us,” Vincent says.
Having Verify eliminated the need for Persona to worry about phone number acquisition, management and regulatory requirements as it provides a managed phone number pool and carrier-approved templates to maximize SMS deliverability and reduce carrier filtering for non verification use cases.
Today, Persona’s 2FA conversion rate hovers around 98 to 99%.
We can always more or less guarantee [Twilio] will always work right,” says Vincent. “In terms of reliability, we've never had any issues with that rate.
Persona and Twilio continue to improve verification
Persona is already proving that there is a better way to manage verification. By leveraging Twilio Verify and Lookup, reliability is up, and SMS pumping fraud is down. With the help of Twilio, the company can ensure global reliability, compliance, and fraud protection so organizations can build the perfect verification plan for their needs.
But fraud is always evolving, every business is different, and every country has its own regulations—so there are still many challenges to solve. Together, Persona and Twilio will continue to collaborate and innovate verification flows that help keep users safe and protect business goals.