Note: During conversations with carriers Stacey, our Carrier Relations Manager, and I often get requests for a specific use case that outlines why we feel consent re-verification is such an important service for carriers to provide. The following use case underlines the benefits of consent re-verification to a carrier's subscribers as well as the confusing and negative consequences for subscribers if a carrier chooses not to provide them with such a service.
Consent Re-verification Use Case Details
opens an account with a bank and provides the bank with a cell phone number for
receiving fraud notifications.
few months later, Consumer-1 decides to change phone companies without
porting. (Old line is disconnected and Consumer-1 receives a new
phone number from the new carrier.)
now has a new phone number but has not changed any of the alerts or
notification instructions they had previously provided to the bank.
Consumer-1’s original phone number is reassigned by their original carrier to
now makes a large purchase but the bank suspects it could be fraudulent so they
put a temporary hold on the transaction.
sends an SMS to the cell number on file for Consumer-1 with instructions to
approve and release the transaction if it is valid.
Consumer-1’s notification number has never been updated at the bank, the bank’s
SMS actually goes to a new consumer, Consumer 2. This sets off a
series of negative events:
does not receive the SMS instruction to release the transaction so the purchase
bank notifies the retailer of a higher risk of fraud or potential identity
theft even though the actual consumer was never notified.
receives an unconsented request to approve a transaction which they did not
believes the transaction approval request they received is an attempt to steal
their identity so they report the transaction as fraudulent even though it was
actually a valid transaction that was misdirected to the incorrect cell
Had the consumer’s consent been
pre-verified, the bank would have been told that the contact information was
incorrect and had the opportunity to contact the consumer via another means or
to at least fail the transaction more gracefully. Additionally, the new owner
of the number, potentially a new subscriber to the carrier, would not have been
sent a transaction which they believed to be fraudulent. This
consumer, Consumer-2, now believes that their brand new cell phone account and
perhaps even their identity may have been compromised.
Modified (Consent Re-verification) Scenari
6. Bank executes a consent re-verification transaction by passing the phone number, name and address to the carrier's fraud prevention service provider (e.g., PacificEast)
(agent) returns one of two results:
that the consenting consumer (Consumer-1) is still associated to the provided
number and therefore the bank still has valid consent to communicate with that
that the consumer information provided by the bank is no longer valid for the
provided number. In this case, the bank is able to:
i. use another or secondary number to communicate with
ii. stop sending requests to the number on file
which would falsely alarm Consumer-2 who is now associated to the number
iii. notify the retailer that the verification failed
because of an invalid means of contact, not because of fraud
the consumer’s identity is verified, Bank sends an SMS to the correct and
consented cell number on file for Consumer-1 with instructions to approve and
release the transaction. This notification complies with TCPA for
auto-dialed or texted messages since this is only done when a consumer has
By providing verification that a number IS NOT
associated to the provided name, the carrier is protecting their
current subscriber from identity theft false alarms. By
providing verification that a number IS associated to the
provided name, the carrier is protecting their current subscriber from
having their transactions rejected and their credit cards flagged for fraud. These are both reasonable expectations of any
subscriber. Remember, too, that in both these cases, the consumer’s
information is only released to an agent (like PacificEast) who works on behalf
of a carrier to prevent subscriber fraud.
Finally, let’s consider privacy and consent from the
perspective of the carrier when they are in either the role of the original
carrier or the new carrier. From the original carrier’s perspective,
Consumer-1 had already granted consent to the bank to access their information
and send them messages. (If they had not, the bank would not be trying to
send them this particular message.) If the original carrier has now
assigned Consumer-1’s original phone number to Consumer-2, they can better
serve their new customer, Consumer-2, by providing the bank with enough
information to determine that Consumer-1 is no longer associated to the phone
number, thus preventing the bank from incorrectly sending a message to
Consumer-2 for which the bank, unknowingly, does not have consent.
Therefore, although the original carrier may not have consent from Consumer-2
to verify their account information, by not verifying Consumer-2, they are,
effectively, allowing Consumer-2 to receive a message which may lead them to
think they are the victim of identity theft. It is unreasonable to assume
that a consumer would
opt in to receive false notifications when the
carrier has the power to prevent the false notifications altogether. So
even though Consumer-2 has not consented to the Data User (the bank in this
case) verifying Consumer-2’s data, the carrier should act in good faith to
serve both their former customers (who did grant consent) as well as their new
customers who have a reasonable expectation that their carrier will try to
prevent both willful fraud against them (true positives) and false alarms
In this scenario the carrier is preventing both active fraud
attempts as well as false warnings by using a fraud prevention agent and
service. No consumer data disclosure (other than to the carrier’s
agent) is made, therefore Consumer-2’s data privacy is respected.
An additional benefit to the Carrier is that this fraud prevention agency or
service is free to the carrier and actually provides a revenue stream paid for
by the bank.
From the perspective of the new carrier, their new
subscriber, Consumer-1, has provided consent to the bank and the bank, in turn,
is only attempting to verify the identity of someone who has granted consent
for them to do so. Therefore, when the carrier is in the role of the New
Carrier they are acting on behalf of their subscriber who has asked the bank to
notify them, via phone, of potential issues, including fraud prevention, that
relate to their account operation and safety.