Overview of MobileMatch
An overview of the MobileMatch Only workflow.
MobileMatch is one of five standardized, best practice workflows that ID DataWeb offers. MobileMatch utilizes a two-step process to 1) verify a person's identity based on mobile carrier data attached to a provided phone number and 2) verify possession of that phone number via a one-time password challenge. Additionally, it screens each verification session for indicators of risk and nefarious behavior.
MobileMatch is an available verification method for the United States, Canada, and the United Kingdom.
- 0 - Country Selection. The user is asked to select the country which they live in.
- If they select US, UK or Canada - they will proceed to MobileMatch. For any other countries, they will proceed directly to BioGovID (step 2.)
- Passive risk analysis is also performed at this step - if the user is deemed high risk (TOR browser, bot behavior, blacklisted IP address) - they will be immediately denied and prevented from proceeding.
- 1a - PII validation. The user will complete the PII form, which includes Full name, Home Address, and Personal Phone Number. Upon completion, the system will analyze the correlation between the PII and the phone number using 3rd party data sources. If a link is established, they will proceed to step 1b - (OTP phone possession check.)
- 1b - MobileMatch Verification. If the user's PII is correlated to their phone number, the last step is to confirm possession of the device. The user can choose between a voice or SMS based one-time passcode to be sent to their phone. Once they receive it, they type it into the screen. This confirms they are in possession of a device registered to who they are claiming to be, with no risk detected, leading to a verified identity.
Integration and Testing
- If your workflow is set to use test data, please follow the instructions here to test this workflow.
- Standalone testing - If this is a pilot, use the link sent to you in the Pilot kick off email. To signup for a pilot, click here.
- If you've created a workflow yourself, you can use the "Copy Link" feature to get a test link.
- If you are looking to do a OpenID connect integration with your application, add your workflow's client id, secret, and scopes to your OpenID connect client, OR follow the process outlined here. Note, you'll need to register your application's redirect URL on your workflow.
- If you are looking to do an API integration, review the steps outlined here: MobileMatch
- If you are looking to hook a verification workflow into one of your existing IAM tools, we more than likely have an integration or package waiting for you! Reach out to your Solutions Architect or account rep for more details.
Updated 7 months ago