More conversion, less fraud: the right way to do mobile onboarding

No need to choose between fraud and friction — now you can have your cake and eat it

If you do any business online, you already know that the mobile user base has grown to engulf that of desktop in the past five years, and is still growing. But in an age when users expect instant results, if your mobile onboarding experience is out of date, you could be flagging behind the competition.

Strong security for the onboarding process in your app has gone from a nice-to-have to a must-have – and we all know that passwords alone are not sufficient to keep out fraud and spam. The problem is that most standard 2FA (two-factor authentication) irritates users – retrieving codes via email or SMS is a leaky, unreliable process, involving context switches, for users who just want to get started with your app.

Mobile users are now the biggest audience for any online business, and they expect a streamlined experience. 42 per cent of consumers report losing patience with the friction of onboarding requirements and dropping off at this vital part of the funnel, according to research by Liminal. How many users could you be losing at this stage, before they’ve invested any loyalty in your app or service? Might they feel differently if the first experience of dealing with your brand is slick and seamless, rather than disappointingly disjointed?

Why is current mobile onboarding such a pain?

Traditional mobile security is a series of hoops for users to jump through: giving an email or username, then creating a strong, unique password that they need to memorise or store, and then forcing them to exit the app in order to retrieve their OTP or use a separate authentication app. All this leads to a negative first impression of your brand as inconvenient, taking too long, and asking too much.

Worst of all, OTP codes aren’t even secure – malicious actors now have phishing kits designed to trick users into handing over an OTP. Any knowledge that can be shared can be stolen. Even on-device biometrics, like a thumbprint, aren’t actually any safer – they only function as a shortcut for the user’s stored password.

On the other hand, if your onboarding process is extremely lenient, you can have the opposite problem: fraudulent accounts, spambots generating false traffic, and users easily creating multiple accounts in order to enter competitions and take advantage of any limited deals you may offer (also known as offer fraud). While your traffic might look encouraging at first, it develops into a serious problem, and you can lose huge amounts of money on offers which were meant to benefit legitimate users only.

Until recently, this dilemma was impossible to balance – mobile apps had to make a trade-off between a delightful user experience and strong, trustworthy verification.

But with a new technology that uses the impenetrable hardware security in the mobile phone itself, you can silently ensure that every user is legitimate and unique.

Strong security and user satisfaction: get the best of both worlds

SIM-based authentication is the new possession-factor technology that uses the mobile data security that is already built into your users’ phones – meaning all you need is their phone number for silent, secure verification.

With tru.ID integrated into your app, the user enters just their mobile number, and the app communicates instantly with the MNO (mobile network operator) to verify that the given number is the one linked to that SIM. It’s real-time, impenetrable, and based on the powerful security already used the world over by mobile networks – now available to businesses for the first time.

There’s no shareable information involved, meaning less effort for the user and no opportunity for bad actors to intercept a code or password. On the user end, they wait only a couple of seconds, their identity is verified, and they can continue. That means no context switching, no lengthy wait, and no inconvenience.

SIM security provides an invisible, effortless onboarding experience that feels like magic for the user – and powerful security to protect your business from spam, fraud, and duplicate accounts.

To learn more about how your app could benefit, book a free demo with tru.ID.

About tru.ID

tru.ID helps businesses to reduce the threat of cybercrime with a range of mobile identity and authentication solutions for customers and employees. tru.ID offers possession-factor based authentication solutions that leverage the cryptographic security of the SIM card already present in every phone.

This revolutionary approach delivers frictionless, phishing-resistant mobile device security that is easy to implement and simple to use.

tru.ID is already live in 23 markets covering over 2 billion mobile accounts. To find out more, visit our website.

Written by Paul McGuire, CEO of tru.ID

This article was written as part of a paid partnership with tru.ID.


Fraud rings scaling attacks around the clockResearch has revealed a rise in scaled, en masse attacks on company networks happening 24/7.

Four business telecoms trends set to revolutionise the mobile workforceIn this article, we provide four business telecoms trends that will bolster mobile operations.