Industry Voices—Entner: The phone number is becoming the new SSN, and then some

User authentication remains a challenge. (ar130405/pixabay)

It is not a new trend, but as we are becoming increasingly connected, a unique identifier for people is becoming increasingly important. Created in 1936, the original sole purpose of the Social Security number (SSN) was to track Social Security benefits. Almost all Americans have one, receiving a unique SSN shortly after birth, usually at the same time the birth certificate is being processed. The uniqueness of SSNs makes them much better than names to identify individuals in employment records and for banking and insurance purposes. The problem is that they are being used for purposes they were never designed for, which opens the floodgates to fraud and criminal activity such as identity theft.

With the advent of the mobile phone, telephone numbers have transformed from a way to reach a family to reaching an individual. Wireless local number portability, introduced in 2003, has allowed customers to take their number with them when they change operators. Combined with essentially full mobile penetration, the result is that people rarely change their mobile phone number anymore and the number has become almost an extension of the person.

What differentiates the phone number from the SSN is the extensibility and the built-in security of the phone number and the associated device. Mobile phones, especially in the U.S., are the thing that is around us more than anything else. People will leave home without their keys, they will leave home without their wallet, they will leave home without underwear, but they won’t leave home without their mobile device. It is with us all the time. Because it is always on the person, the time lap between a theft and the reporting of the theft is very short. You know immediately when your phone has gone missing. For example, every phone and SIM number has a unique identifier which is registered with the operator’s network. When the phone number associated with the SIM or the phone are no longer in synch, especially when the device appears suddenly at a location far away from where the customer usually is, fraud could be a factor if the phone is being used for a transaction. This is especially true when your phone is active thousands of miles apart within minutes of each other.

Sponsored by Blue Planet, a division of Ciena

NaaS demystified. What's behind the latest evolution and how can CSPs benefit from closed-loop automation and open APIs to help deliver new 5G-based services.

Blue Planet® powers OSS and network transformation with a state-of-the-art, holistic NaaS framework.

People are creatures of habit. There is an old saying in wireless that 90% of people use their phone in the same places 90% of the time. We generally wake up in the same place, we go the same way to work at the same time, day in and day out. The majority of calls go to the same five people. The wireless identity management ecosphere is able to bring a level of security and flexibility that SSNs were never designed for and never had nor will have, all tied to a phone number.

The possibilities are endless. The phone combined with a unique ID and behavior pattern can solve our most vexing security problems. Security measures are based on three factors: something you know, something you have, and something you are.

Something you know is the worst of all the factors. Passwords are something you know and we all know how bad passwords are. Our system for passwords has made it difficult for people to remember and easy for programs to crack. Password retrieval tools are a significant vulnerability to the security of the system. On top of it, people cannot be trusted with passwords. Thirty percent of phishing emails get opened. Ninety-seven percent of users are not able to identify a sophisticated phishing email. Only 3% report a phishing attack to IT or management. Every time a system uses a password for access, you know your security system is a failure. Passwords have to die in order for us to be safe.

Something you have is much harder to fake. Authentication tools ranging from RSA fobs to authentication software are one way to make sure that only authorized individuals get access. The phone is just about the most personal device there is, and theft is almost immediately reported.

Something you are is the most reliable single factor. Our fingerprints or retina are difficult to impersonate. Our behavior pattern of where we go, when we go and what we do is even more difficult to fake.

Just imagine this scenario: You wake up at your home because your phone’s alarm went off at the same time as always, pressing the snooze button twice. As you get up, you check your messages and your favorite app. By combining your location with your device interaction both roughly at the same time and the same applications, the system knows you are most likely you. You take a shower and then leave your home at the same time as every workday as you head to the gym. Your phone and car synch their Bluetooth for hands-free calling and you call your mother. Since you regularly stop at your favorite coffee drive through, the system asks you if you would like your usual order. You agree and the system contacts the coffee drive through with your order and the time of arrival based on your normal route, traffic conditions and the length of the drive-through line. As you get to the window, your latte is hot and steaming. The barista verbally checks you are you, verified by the NFC chip in your phone. The barista hands you your coffee and you get automatically charged for your beverage because your phone number is tied to your favorite credit card. After the gym you head to work, where as you approach your office the phone lets you know which parking spots are still open. Since you are showing up at the usual time and followed your usual morning routine, the automatically locked door opens for you as it identifies your phone as you near the door. As you sit down at your desk you boot up your computer. When you are at the login screen, you provide either a fingerprint scan or retina scan with your phone and the computer provides access. The level of security can be tailored to the situation but predominantly relies on factors “you have” or “you are.” Things that are unique and are difficult to give away. Short of a James Bond-type effort, such a system that ties together your phone number with your device and your behavior is as secure as it gets.

This is what is possible with a phone number and will become reality in the next few years. Say goodbye to passwords, all thanks to phone numbers and how they are interconnected through your device to other databases, financial institutions and biometric data.

Roger Entner is the founder and analyst at Recon Analytics. He received an honorary doctorate of science from Heriot-Watt University. Recon Analytics specializes in fact-based research and the analysis of disparate data sources to provide unprecedented insights into the world of telecommunications. Follow Roger on Twitter @rogerentner.

"Industry Voices" are opinion columns written by outside contributorsoften industry experts or analystswho are invited to the conversation by FierceWireless staff. They do not represent the opinions of FierceWireless. 

Suggested Articles

A related Report and Order removes secondary non-federal operations from the 3.3-3.55 GHz portion to ready the band for commercial users.

The FCC adopted rules permitting expanded use of 50 megahertz of mid-band spectrum in the 4.9 GHz (4940-4990 MHz) band.

The proportion of LTE data traffic supported by T-Mobile's 600 MHz spectrum more than doubled year on year, a new Tutela report shows.