Unibeam, a SIM applet approach to mobile authentication, verification and fraud prevention

Unibeam, a SIM applet approach to mobile authentication, verification and fraud prevention. It collects and binds user authentication directly from within the SIM. Because it is based on the SIM as an applet, it can also trigger pop-up messages and questions to the users, which enables new use cases that require user-validated information and acknowledgment.

I had a chat with a kindred spirit, Ran Ben – David, Unibeam.  On the TADSummit blog we’ve covered SIM applet based innovations, for example Wadaro, and Mobile Connect based approaches to authentication, verification and fraud prevention .

Wadaro shows SIM apps work at scale and are easy to deploy. A SIM applet based approach has the benefit of binding the device ID, SIM ID, phone number, and the application ID. This makes it attractive to banking and crypto apps. I’ll not get into a discussion on the pros and cons of each approach. Rather say we’re at a point where action and experimentation matters much more than waiting for the creation of a global standard API (Camara) that is only a small piece of the mobile authentication, verification and fraud prevention solution.

Unibeam is deployed in MNOs, and in PoCs (Proof of Concepts) with large telcos. Regulators are mandating action on SIM swap. Pointing to the Camara API standard is perplexing to say the least. Identity solutions are NOT finalized, and they’re evolving as criminals are evolving their attacks. Solutions need to evolve in hours/days/weeks, not be standardized.

Within telcos most engineers who lived through OneAPI, understand Camara is repeating history, they have chosen to keep quiet and do what is asked for the sake of their families. To demonstrate independent thought from the groupthink imposed by the GSMA is career limiting. I find my work being ignored by the GSMA, Ericson, Nokia, Mobile Ecosystem Forum, etc. In fact some ask their members to ignore my work. Hence why I use the term groupthink. Being purposefully ignored is an endorsement, as well as a sad indictment on the state of the industry in not doing what is best for the customer and telco, rather the Camara vendor.

My recommendation is to experiment with multiple solutions, do Camara to keep the corporate politicians and big vendors quiet, however, more importantly, SIM based and Mobile Connect based solutions enable telcos to understand the practical realities, and help build a business plan focused on customers’ needs.

Regardless of SIM based, Camara based, etc., MNO must act given the rapid growth and sophistication in targeted scams. To do nothing means MNOs cede mobile authentication, verification and fraud prevention to others such as passkeys, rolling code apps, etc. Depending on your preferred analyst it’s a market of mid-tens of billions today.

There’s no need for a global standard until the solution is mature. So what if only 30% of consumers are protected as one carrier rolls out a solution in a country, it’s better than 0%, and in time it will grow. So what if one operator uses a SIM app and another uses Mobile Connect, you’ll see what works best and can aggregate. Just do something today!

Identity verification and risk is a large established market with many global players delivering broad industry focused solutions, e.g. Mastercard (Ekata), Experian, Transunion, AsiaVerify, trustingSocial, Id.layr, Okta, LexisNexis, Prove, Telesign, Seon, Socure to name just a few. Claiming you have a global standard SIM swap API demonstrates a technology focus, not a customer focus.