Operators: We make GSMA Open Gateway easy, fast and profitable - want to know more..?

※ FAQs

Ask Sekura.id

We attempt to answer as many questions as we can here, but we know that we have as many different questions and use cases as we have customers. Can’t find the answer here? Get in touch, below.

Coverage and operators

Sekura.id prides itself on the sheer number of customers it can reach globally. This is done via our contracts with over 75 operators globally. The questions we’re asked most often relate to coverage and operators – see below, and reach out to the team if you don’t see an answer to your question.

Sekura is live in the United Kingdom and EU: Spain, German, France, Italy, Netherlands, Austria, Croatia, Hungary, Ireland, Greece, Portugal, Romania and other European countries

USA, Canada, Brazil, Mexico, India, Indonesia and South Africa are all available too.

Sekura.id are adding more territories all the time – reach out to us for up to date coverage or if you can’t see the country you’re interested in.

MNO stands for Mobile Network Operator. They may also be known as a ‘Carrier’ in the US or just a ‘telco’.

Mobile network operators play a crucial role in establishing our identity through the SIM (Subscriber Identity Module) in our phones. The SIM card, provided by these operators, contains unique information that identifies and authenticates us on their networks. This identification is essential for various services, including making calls, sending messages, and accessing mobile data.

When you insert a SIM card into your phone, it connects to the mobile network operated by your chosen provider. The SIM card holds important details such as your phone number and subscriber information, enabling the network to recognise and authorise your device. This process ensures that only authorised users can access the network services associated with that SIM card.

In addition to basic communication services, the SIM card plays a pivotal role in security measures, such as two-factor authentication for online accounts. Many services send verification codes to the mobile number linked to your SIM card, adding an extra layer of security to your digital identity.

Sekura.id takes this one stage further, identifying a customer from their SIM card meaning they do not have to take part in the 2FA process – it’s passive and automatic and so fast that we actually have to build some friction in.

Not yet; it’s possible that some of the services will not be available in all countries, or from all operators. The main
three services (MPM, SIM Swap, Call Forward) are usually available first, with others following. We can provide a per-country breakdown of what is available where. Reach out to the team for full coverage.

Depending on the available and existing services, this
can vary. We have some operators that can be switched on almost immediately and others where some contracting work is ongoing. We’d say reach out to us if you’re looking for coverage somewhere specific.

MVNO stands for Mobile Virtual Network Operator. A
virtual operator uses an MNO service. For example, in
the UK giffgaff, Tesco Mobile, etc

A full MVNO uses all services available of the parent
MNO, in this scenario, we are likely to get full-service
access (Sim Swap, Call Forward, etc.). An example of
those
are Talk-Talk, ASDA Mobile, BT-Mobile, etc

THIN MVNO use the infrastructure of the MVNO for
coverage, but are otherwise independent. (Sky Mobile)
They use their own customer management systems,
marketing, devices, sales, etc.

These smaller mobile companies, known as Mobile Virtual Network Operators (MVNOs) are different from the major mobile companies in that they often share their host operator’s technology and systems and therefore do not have their own distinct service offering.

There are two types of MVNO. In case of ‘light’ MVNOs such as Tesco Mobile and GiffGaff, their service is partitioned on a host MNO’s infrastructure (in these cases it’s O2 and EE) and the host network data can be shared.

However, for ‘full’ MVNOs like Lycamobile and
Sky Mobile that have their own number range and independent service infrastructure making it difficult to access services as these MVNOs have not yet delivered mobile identity solutions.

The good news is Sekura.id is working on agreements with Lycamobile and Sky to provide direct mobile identity data moving forward.

Services

Here’s our FAQs for services – can’t see what you’re looking for? Check out the rest of the FAQs, below and get in touch if there’s anything we can help you with.

As a company we focus 100% on direct mobile operator connections. We also support mobile operators by sharing best practice and how to expose their data in a safe, secure and compliant way. 

Sekura.id’s coverage is unrivalled with connections with 75+ operators globally and over 2.5bn people covered. 

Our APIs are unique and our services are similarly unrivalled for accuracy and security. We also connect your service astonishingly easily and quickly. Find out in detail from one of our experts exactly what the Sekura.id USPs are

Yes. Sekura has a wealth of expertise specifically within
mobile identity. This ranges from supporting mobile
operator enablement, partner go-to-market planning, through to end customer sales support where applicable. 

Sekura.id are often consulted when a country’s operators collaborate to offer their data to the market.

With Sekura.Id’s vast experience in the mobile identity space, there are few companies with the specialist knowledge that Sekura.id has.

Sekura’s model is to work with strategic partners. With focus on partner success, Sekura.id
enables partners to deliver mobile identity services to their end customers with whom they have long-standing relationships of trust. Partnering with Sekura.id ensures a mutually beneficial relationship. Contact our partner team at partners@sekura.id

Yes, Mobile Number Verify is a real-time service that
checks that the mobile number given by the user is
actually being used at the time of the transaction.
Note* Mobile Number Verify is surfaced via the SAFr
Auth product

The SIM Swap services comes in different formats
depending on how we receive the data from the mobile
networks. In some territories we can get the
date/timestamp of the last SIM Swap, in others, the
operators will tell us if the SIM has been changed in the
last 24 hours (SIM Swap 24) and in others they give us a
time range of when the last swap occurred (SIM Swap Range)

It’s also worth noting that Sekura.id returns SIM Swap information in real-time and not by using static database information that can be up to three or four days old.

Yes, SAFr Auth as an orchestrated service has the capability to fail over to another authentication channel should it be needed. This can include SMS OTP or WebAuthN. 

The key takeaway is that you can guarantee that your customer can be authenticates 100% of the time.

Number verify works by authenticating the mobile
number being used matches that of a mobile
number given during registration or transaction. The
mobile device initiates a data connection to the
mobile network and through the passing of secure
tokens can authenticate the mobile number
matches.

We currently only offer age/DOB data on the main
account holder in most countries, but we’re working
with the mobile operators to expand this service.

There is no fuzzy matching available from the mobile
operators, we are only able to match on the data
provided. For example, Jim vs James would lead to a
partial match with no match on first name but a match
on the surname and address details.

Mobile number is always required – this is the ‘primary
key’ that we use to identify the operator and request
all data attributes. For most services we only need the
mobile number (e.g. for SIM Swap we need the mobile
number only and the operator returns the data and
time of the last SIM swap) but for MPM we also need
the name, address and sometimes the DOB of the
user to match against.

There are examples of mobile intelligence being
utilised to aid credit scoring.

It is particularly relevant, and useful, when it is difficult to assess a customer with a thin credit file – this customer is likely to have a mobile phone and a trust relationship with their Mobile Network Operator which is easy to query. 

Use cases

With myriad use cases being a superb match for our services, we’re still seeing new use cases almost every day – even ones we never thought of. Below are some use case-related FAQs. Get in touch if there’s anything specific we can discuss with you.

Concentrating solely on Mobile Network Operator data through the SIM card, Sekura.id provides passwordless, frictionless, robust, authentication, verification and fraud prevention services.

The key takeaway is that this is all done without passwords, usernames and 2FA – all the cryptography needed is already in the SIM card and has been since 1991 – unhackable, unspoofable and totally secure.

We call it an awesome login experience for customers that just happens to have robust security built in.

Sekura.id’s insight is typically used throughout the lifecycle of a customer to determine risk and data accuracy as part of initial customer onboarding, if someone is applying for a product, through to decisioning transactional risk, authentication, or changes in account
details.

Emphatically, no: deployments are live across a multitude of sectors and verticals.

Any enterprise with a digital presence requires support trying to build confidence in their existing or prospective customers.

Active examples range from retailers onboarding customers, crypto companies securing transactions and taking care of AML and KYC or maybe insurers or car rental firms trying to work out whether details submitted are accurate.

We’re constantly discovering new use cases – try us with yours.

Sekura,id have worked closely with the UK Government
Cabinet Office and the Government Digital Service
(GDS) on where mobile data can play a role in
Government and public sector use cases and are happy to share/discuss as needed.

Customers typically will include known fraud cases to test the usefulness of mobile data as part of a POC. The mobile operators are not able, and would not, classify results as ‘fraud’ or ‘not fraud’ but instead present the facts only to the customer (name does/does not match, SIM was swapped on date X etc.) who then have the
option to incorporate this into their risk-decisioning flow.

It’s also worth knowing that the data itself is not seen by Sekura.id nor retained, the match (or lack of) is reported and the enterprise interprets the results in their flow.

Commercial

It’s important for us to know that you’re happy with your service. Should you have any queries on commercial issues, reach out to our team who’ll be very happy to discuss commercial terms.

Services are typically charged for per-transaction. The
commercial modelling, however is influenced by
longevity of commitment and the size of volumes.

Our commercial team will discuss how this works and in many cases will create a bespoke solution based on your unique circumstances and requirements.

 

Sekura pricing is based on transactional rates. The
rates are influenced by commitments and volume.

Delivery and support.

Our specialist delivery team takes care of everything and are here to support your POC and live service from end to end as well as providing support 24/7. Good to know, but if you need more, reach out to us.

We’ll be in touch to support activation; our dedicated delivery team, work hand in hand with our partner team. 

Once all of the necessary paperwork is in place we will provide you the credentials for your technical team to start the service.

The service is proven across many geographies,
sectors and use cases. In the event you still wish to
run a POC, these will be charged at the agreed rates.

We aim to onboard a new client within 10 working days in the UK.

This includes Operator setup (contractual onboarding),
client access setup (direct API credential integration),
and product testing.

Technology

Like all the best technology, Sekura.id’s APIs are simple but powerful. Easy to connect to and providing risk-decisioning, awesome logins and robust security, they’re unique and the envy of the industry. Want to know, more? See below or reach out to the team.

The Sekura.id API is a single integration for all Sekura.id services and is simple to integrate. Any client technical team with experience of third-party API integration will find it simple to set up and test – in our experience this can take between a day and two weeks to complete, depending on resource availability.

Yes. The Sekura.id API is a standard JSON-based REST
API.

Our API relies on provision of a mobile number as the
‘primary key’ for a user, enabling us to provide data
or signals on that individual. In order to return this
data we need to identify which mobile operator a
number belongs to, so that we can request the user
data from the correct source. Sekura.id uses a mobile
number ‘discovery’ service that identifies the mobile
operator that a given mobile number is currently
allocated to.

The SAFr platform is architected to support instruction
rather than configuration. As a result, we have
instructed the platform to maintain a latency of 32ms,
ensuring consistency for our partners.

It’s sent over HTTPS. This can either send the values or
send a hash of the values

Typically, the frauds signals are applied to relevant use
cases either directly as a Boolean flag or as part of a
scoring/orchestration process. An SDK is not required
to access the signals as they are triggered server to
server. The exception is SAFr Auth, as that is triggered
from the device itself.

Yes, all of our mobile data services are available in a
single API call to the Sekura.id endpoint. Our service
includes a number of data product options which can
be called in isolation, or in any combination to allow
you to build a dataset that works for your use case.

If you already take one service, another can be added and will be carried out during the same API call.

Yes – all of the countries and mobile operator
services that Sekura.id is connected to are available
through the single Sekura API

This depends on several factors beyond Sekura.id’s
control (access to third party services, internet speed, mobile operator service speed) but on average it is between 1.2 and 1.8 seconds for a round trip, end-to-end.

 

Sekura.id’s platform is one of the fastest and greenest available – our ultra-low code maximises speed while scalability is built-in meaning that spikes in traffic are taken care of immediately.

Yes, there is a Sekura.id Sandbox environment that we can provide access to, including test (dummy) mobile numbers and user data to test against other products.

We focus on giving the customer the best possible
solution to fix the problem – by offering granular API
responses we can ensure you are only paying for
what you need.

We have a portal that allows for demonstration of the
outputs to some of the signals available.

The SAFr platform is cloud-agnostic to better support our various global partnerships and expedite further geographical reach, however the platform can also be delivered on-premise also if
needed.

Data Privacy

Compliance is key – everything we do in every market has to be fully compliant and our agreements, services and technology are all compliance-first. Here’s the data privacy FAQs – get in touch if there’s something specific you like to discuss.

All mobile intelligence checks are made under the
legal basis of consent or legitimate interest. Where
user consent is required, this is gathered through
customer acceptance of service T&Cs.

Legitimate interest allows for the sharing of customer data in anti-fraud use cases where consent is not practical (i.e. where a fraudster has taken over an account) and/or it’s deemed to be in the legitimate interest of one or more of the parties for the data to be shared (i.e. to prevent fraud and tangible financial losses)

We encrypt personal data (e.g. name, mobile number)
before processing and sending to the MNOs. The MNO decrypts the data before processing for the required service, before submitting a response – which no longer contains personal data.

Customer data is at no point saved in the process.

We do not store personal/customer data

Regulation

As with data privacy, regulation is equally as important to  Sekura.id. See below for regulation-related FAQs and contact our team if you need specific details

The most prevalent Sekura.id solutions used to achieve
PSD2 compliance are SAFr Auth and SIM Swap. As
part of the multifactor authentication requirements for
strong customer authentication, SAFr can be
leveraged as a regulatory compliant mechanism to
determine possession. This reduces the reliance on
SMS OTP.

SAFr would be typically deployed alongside SIM
Swap, as this ensures the mobile account has not
been taken over and the session currently active with
the network is genuine.

Sekura.id’s platform and processes are engineered
specifically to support the most stringent of regulations
including the GDPR. At Sekura.id we handle everything from consent management through to ensuring we are not storing any sensitive data.