Developer Pages

# Onboarding fraud prevention

Page contents

# What is onboarding Fraud?

A common threat in today's digital world is fraud during the onboarding process. In this type of fraud, attackers attempt to gain access to your end-user's accounts by tricking them into giving away their onboarding credentials. This is often referred to as phishing.

# Use case

You want to prevent onboarding fraud and provide your end-users with a secure way to onboard to new devices, whilst still offering an excellent user experience.

High-level diagram showing onboarding fraud prevention click-to-zoom

# How it works

Meet Jane, one of your active end-users who has activated MobileID in your mobile app.

  1. An attacker downloads your app.
  2. Jane gets a phone call from the attacker who pretends to be an employee at your company. They inform Jane that someone has gained access to her account. The attacker tells Jane that she needs to authenticate with an eID before they can help her stop this attack.
  3. The attacker starts onboarding in your app with Jane's personal details. This triggers an eID authentication for Jane.
  4. Jane authenticates with her eID, thinking it is to allow the bank to block the attacker. In reality, she is actually approving an onboarding to your app on the attacker's device.
  5. The attacker sets up MobileID credentials with a PIN code and biometrics.
  6. The attacker is asked to perform a Face Authentication, to confirm that it is Jane sitting in front of the device.
  7. The authentication fails.

Fraud prevented!

The attacker is blocked and cannot access Jane's account in your mobile app.

Why Face Authentication instead of Face ID?

In some use cases, native biometrics such as Face ID will not work, and so server-side biometrics such as Face Authentication can be leveraged instead.

You can read about the differences between Face ID and Face Authentication in our feature documentation.

# What it looks like

# For the attacker

The following diagram illustrates what it could look like to prevent fraud during onboarding with MobileID, from the perspective of the attacker.

Diagram showing flow of onboarding fraud prevention from the perspective of the attacker click-to-zoom

# For your end-users

The following diagram illustrates what it could look like to protect against fraud during onboarding with MobileID, from the perspective of your end-users.

Diagram showing flow of onboarding fraud prevention from the perspective of your end-users click-to-zoom

# Implementation

To protect against attackers getting access to your end-user's accounts, you can use our Face Authentication.

Face Authentication is a method that performs the face matching and liveness check on the server side. This allows you to perform Face Authentications across devices to verify that it's the correct end-user in front of the new device.

# Get access

Feature coming soon

Our Face Authentication feature is coming soon. To get early access, you can contact us at support@signicat.com.

# Learn more

Try it out
You can explore how MobileID works in our demo portal
API reference
Have a look at the API reference for how to use MobileID
Last updated: 11/04/2024 07:47 UTC

Reset authentication credentials