Duphlux: Phone Number Verification Alternative to OTPs


@ndjohn here are specific responses to our questions.

As a developer who wants to integrate this to my app or webapp, how would I do that since its your app receiving the flashes?

Ans: Look at it like this, how does your app integrate with payment solutions like Paystack when they are the ones receiving the payments. You send them a request, they take the user through the payment process and return your app a status right? Same with duphlux. Push us a number to authenticate and we send you an authentication status on completion, easy peasy.

Also If buying toll free numbers is what you would do in the long run, why not do it now and use IVR, ie a call is received and the OTP is voiced out to the user or a code OTP is generated and the user inputs it back on the IVR.

Ans: Duphlux is designed to be an alternative to OTP (and eventually replace that experience).

My opinion, having user intention other than flashing makes me more reasurred of the verified user. I don’t imagine building a service that requires me to actually know my user, e.g a FinTech solution and all I need to verify a user number is a miss call.

Ans: Having your user give a missed call is just as secured as having the user input a 6-digit code. It’s even more dependable for any business verifying its users; you can’t simulate a call via your telco, the most you can do is alter your caller id but the actual mobile number on the network making the call cannot be altered. This validates that the number is real and active on the network, your user is actually the one he/she claims to be on your app or in the case of payment systems, the owner of the card/account provided (every account/card is tied to a BVN which has a registered number). I guess you know you can mimic receiving sms messages, have a script generate possible 6-digit combinations to use etc. Not to talk about the low reliability due to high failure rate and delayed delivery when using bulk sms providers. Another security gap, your token is also known by an additional 3rd party, man-in-the-middle attack is possible.