Launching A Mobile 2FA Process Internationally: 4 Steps You Need To Take

Solve the complexities of launching your SMS-based 2FA on a global scale.

April 29 2016

An enterprise sends an SMS security alert to 100 million customers in China, but it looks like half of them ignore the warning. The company tries a marketing campaign in India but gets a warning from the government that future such messages will be blocked.

Welcome to the complexities of A2P SMS messaging on a global scale. Even with the adoption of 2FA (two-factor authentication) for mobile communications with your customers, there are critical measures you must take to achieve your goals. Without taking the four steps we’ll describe, you’re going to spend more than you anticipated and get a lower response than you expected.

First, let’s review what SMS-based 2FA is and why it’s valuable to sellers, as well as their customers.

The benefits of 2FA

Two-factor authentication is a process of identifying an end-user with two components. In mobile phone applications, the phone serves as one factor of identification while a code sent to the customer provides the other. Alternatively, the phone’s very status – its GPS location and identity – serves as one factor, while the correct phone number serves as a second factor.

While we typically think of 2FA as a security-focused process, it’s also a way of ensuring communications are reaching customers. Without it, an enterprise may be sending messages to customers without any idea of whether they’re reaching their intended audience.

In many current mobile applications, 2FA serves both purposes. For instance, Snapchat uses phone numbers as a 2FA element to both make it easy for users to share the snaps with their friends while keeping hackers at bay.

Step 1: Have The Right Phone Number

You’d think this would be easy enough, but it actually can be a challenge to ensure you have the right number for a customer, due in part to differing cultures. Many customers in India – asked to provide a mobile number – will instead give you their landline number. Our data shows that you can expect on average that 12% of your Indian customers will do so. Mexican customers show similar percentages.

When you send those customers an SMS-based text, their landlines won’t read it.

But there’s a way around this problem – if you’re working with a vendor that knows how to address it. With the right platform, you can immediately determine if the number the customer has entered is a mobile or landline number. If the latter, you have a couple of choices:

  • Prompt the customer to enter a mobile number instead of the one entered.
  • Use the landline number, but send an automated voice message instead of an SMS text.

Of course, your vendor has to know what’s a mobile number and what’s a landline in all of the countries you’re targeting. Chances are, they don’t, which brings us to our second step.

This how Infobip 2FA looks like

Step 2: Make MNO Relationships A Priority

There are a lot of vendors offering attractive, easy-to-use SMS-as-an-API platforms. While many vendors will claim they have a global reach, often you’ll find that the vendors are actually piggybacking on another company’s connectivity to mobile network operators (MNOs).

True enough, if North America is the only region you want to reach, these other vendors will probably be just fine. They likely have direct connections with Verizon, AT&T, Sprint, T-Mobile, Rogers, Telus and Bell – the major MNOs in the United States and Canada.

But are they connected directly with, say, O2 or EE in England? How about SoftBank in Japan? Are they able to provide a direct connection to the 248 million subscribers to Airtel India or the 759 million subscribers to China Mobile? Probably not.

That’s detrimental in two ways. First, they have to pay an intermediary (or two or three) for connections to those countries to get access, which means higher costs passed on to you in higher monthly fees. Second, there’s automatically a greater increase in a technical hiccup along the way because there are more connections to make, so the quality of the service decreases and outages increase.

Step 3: Know The Rules For Each Country’s Market

In the United States, we’re accustomed to an always-on, always-available system of communication between a company and its customers or prospects, with some minor exceptions such as the National Do Not Call Registry. But other countries are much more protective of their citizens.

For example, the Indian government does not want you to bother anyone with a marketing message before 9 a.m. or after 9 p.m. local time. If you send such a message to customers, you may face sanctions. But what if there’s an outage or emergency at 10 p.m. and you want to let customers know about it? That would be fine.

It’s not just a matter of separating your messages based on content, however. You need to register your programs directly with the Indian MNO distributing your SMS texts so it’s clear what type you’re sending in those marketing-prohibited after hours.

Of course, it would be a huge burden on your company to sort through all of those rules and regulations. You can make it much easier on your operations by picking a vendor that has done all of that work already.

A truly global A2P SMS coverage

Step 4: Have A Fallback Plan

In North America and most of Europe, SMS texts virtually always reach their intended audience, and the audience in turn reciprocates by confirming that the text has been received. Numerically, the confirmation percentages in these countries are in the 95-98 percent range.

How about Honduras or El Salvador? You’re looking at confirmation rates in the 50-60 percent range.

Part of the problem is just that the mobile network systems don’t work as well in those countries, and dozens of others, so the message isn’t delivered. Part of it is that the customers may just be less responsive than those in North America and Europe.

Either way, you need a fallback plan – a way of trying again if you don’t succeed the first time. Perhaps you need to send an automated voice message if the SMS text didn’t work the first time – or vice versa.

Beyond the plan, you need to work with a vendor who knows what’s realistic to expect and can monitor the response you’re receiving in your messaging.

Putting It All Together

So those are the 4 steps it takes to launch a successful mobile 2FA process on a global scale. But even if the overall strategy is straightforward, it’s not necessarily easy. Teaming up with the right vendor will make the journey go as smoothly as possible.

To learn more and talk about your company’s global SMS communications needs, contact us.