PHONE AND EMAIL VERIFICATION GUIDE
Best practices for phone and email verification
Now that you understand what phone and email verification are, what the benefits are for you business, and how to implement each – it’s time to look at best practices when implementing these solutions.
Best practices for phone number verification
When collecting new customer numbers at signup, you will want to focus on three critical areas:
- Input: Collecting the number from the user
- Number validation: Ensuring the number is genuine
- Number verification: Ensuring that the customer has access to the number
Country code drop-down menu
To avoid any confusion, it’s best to put country codes in a dropdown menu next to the number collection field. This makes it easier to collect numbers in the recommended E.164 format.
Make sure locations match
Cross reference the country code with the IP address the user is signing up from. While mismatches could indicate legitimate practices (i.e. use of a VPN), it could also be indicative of fraudulent action.
(Re)format to E.164
We strongly recommend all phone numbers be formatted to the industry standard E.164 format.
Confirm numbers are valid
Users will sometimes intentionally enter incorrect data. Avoid this by checking number validity at signup with Number Lookup.
Detect line type
Avoid sending confirmation codes to numbers that are unable to receive them like landlines or SIPs.
OTP for user verification
Send a one-time PIN to users in order to verify they have access to the number they’re signing up with.
This prevents actors from signing up with someone else’s number and helps your business ensure that you are collecting a unique, authentic sign-up.
Use failover channels
If users are in an area with poor reception, they may not be able to receive your SMS or voice OTP.
Define rules and failover channels to ensure delivery of critical authentication codes – or use a solution that takes care of that for you.
Keep numbers editable throughout the customer journey
Sometimes customers enter the wrong number by mistake – maybe they missed a digit or entered their number neighbor.
Display the number they entered and give them the option of correcting any mistakes instead of waiting for an OTP they’ll never receive.
Customer channel preferences
Keep customers verified throughout their customer lifetime with you and store their preferred 2FA channels for quick and easy authentication.
Silent mobile verification
And keep customers protected with silent mobile verification always on in the background to seamlessly authenticate them and keep their account secure.
Best practices for email validation
These are some of the most common best practices to prevent email list contamination and maintaining proper email list hygiene.
Use real-time API
Verify emails for validity at signup using a real-time API email validation tool to minimize the risk of invalid emails entering your database.
This tool should check for mailbox and syntax validity, as well as whether the email is a catchall, temporary or role-based address.
Email double opt-in
Confirm that the person signing up to your service has access to the email address by sending them a single use code, or even a simple link.
Performing either action can ensure that the customer has access to the email address.
Keep code under the fold
When sending any code, take care to ensure that the code will not be visible in the email notification on a mobile device.
Potentially malicious users in possession of someone’s device may be able to see codes above the fold and use them for their nefarious purposes.
Periodically maintain email list hygiene
Keeping email subscriber lists clean by periodically performing bulk checks helps keep your costs down and, more importantly, your email sender reputation up.
We recommend cleaning lists at least twice yearly, or ahead of every big campaign. Remove any invalid, high bounce addresses from your lists.