Creating an online account may seem simple, but proving that the person behind it is genuine has become increasingly difficult. Fake profiles, automated registrations, impersonation attempts and account takeovers are growing more sophisticated, particularly as generative AI makes it easier to produce convincing names, images, messages and identities at scale.
CelcomDigi is now working with authentication specialist IPification to give social media platforms and other digital services a stronger way to verify users. Instead of relying entirely on SMS one-time passwords, the new approach uses trusted mobile-network information to confirm whether a phone number is genuinely connected to the person using the device.
Moving Beyond Traditional SMS OTP Verification
For years, SMS one-time passwords have been one of the most common methods of verifying mobile numbers. A platform sends a temporary code to the user, who then enters it during registration, login or account recovery.
The process is familiar, but it is not always seamless. Messages can be delayed, users may accidentally enter the wrong code and travellers may have difficulty receiving SMS messages while overseas. Fraudsters can also attempt to intercept OTPs through techniques such as phishing, SIM-swap attacks or social engineering.
CelcomDigi's collaboration with IPification introduces a network-based alternative. The verification takes place automatically through trusted network APIs, without requiring the user to wait for or manually enter an SMS code.
The result is intended to be both more secure and less disruptive. From the user's perspective, verification can happen quietly in the background while the platform confirms that the mobile number and active network connection belong together.
How Network-Based Phone Verification Works
The technology combines CelcomDigi's mobile-network intelligence with IPification's authentication platform.
When a participating service needs to verify a user, it sends a request through the approved API. The mobile network then checks whether the phone number being presented is genuinely associated with the device and connection involved in the request.
This does not mean that the social media platform receives unrestricted access to a user's telecommunications data. The network instead provides a trusted verification result based on predefined checks.
The digital platform receives confirmation that the mobile number is valid and connected to the user's current mobile session, allowing it to make a more confident decision during registration, login or recovery.
By removing the need to type an OTP, the process can also reduce abandoned sign-ups and failed authentication attempts.
CelcomDigi Is Offering the Service Through APIs
CelcomDigi is introducing the verification capability as an API-as-a-Service offering.
This means social media companies, financial platforms, marketplaces and other digital services can integrate the function directly into their existing applications. Rather than building a separate verification system, developers can call the network API whenever stronger identity assurance is required.
Possible integration points include:
The same service could also be used selectively. A platform may allow ordinary logins to continue normally but trigger network verification when a user signs in from a new device, changes a recovery number or attempts to access sensitive settings.
This risk-based approach can strengthen security without placing unnecessary steps in front of every user.
Why Phone Numbers Remain Important Identity Signals
A phone number is not a complete digital identity, but it can provide a useful layer of assurance.
Unlike an email address, which can often be created quickly and anonymously, a mobile number is generally linked to a telecommunications account and an active network subscription. When verified through the network itself, it becomes more difficult for fraudsters to claim ownership of numbers they do not control.
This can help platforms distinguish between legitimate users and automated or fraudulent registrations.
However, mobile verification should not be treated as the only security control. A verified phone number does not automatically prove that every detail in a profile is genuine. It is most effective when combined with other signals such as device reputation, account behaviour, login history and fraud-detection systems.
CelcomDigi's network API therefore provides another layer of confidence rather than replacing broader identity and security checks.
Reducing Fake and Duplicate Accounts
One of the most obvious applications is preventing the mass creation of fake or duplicate accounts.
Fraudsters may use automated tools to register large numbers of profiles for scams, spam campaigns, manipulated engagement or coordinated abuse. Requiring every account to be connected to a genuinely verified mobile number can make this activity more difficult and expensive.
Platforms could also use the verification result to identify situations where the same number is being attached to an unusual number of profiles.
This does not completely eliminate fake accounts, as criminals may still obtain multiple SIM cards or compromised numbers. Nevertheless, it adds friction and gives the platform another signal for identifying suspicious behaviour.
For social networks, messaging applications and online marketplaces, reducing fake accounts can improve trust across the entire service.
Strengthening Protection Against Account Takeovers
Account takeover occurs when an attacker gains control of another person's online account, often through stolen passwords, phishing or reused credentials.
Network-based phone verification could help during high-risk events such as password resets and account recovery. Before allowing a user to regain access, the platform can verify that the claimed phone number is genuinely present on the connected mobile network.
This makes it harder for an attacker to initiate recovery using only stolen personal information.
The technology could also be used when a platform detects unusual behaviour, such as a login from a new device or location. A quick background verification may help confirm whether the genuine account holder is still in control.
This approach may offer a smoother experience than asking users to enter repeated OTPs, particularly when verification needs to happen frequently.
A Useful Defence Against Impersonation and Identity Fraud
AI-generated profile photographs, synthetic voices and realistic text have made impersonation easier.
A fraudster can now create a convincing-looking account with a fabricated profile image, detailed biography and messages written in a believable style. This makes it more difficult for platforms and users to distinguish genuine identities from manufactured ones.
Verified mobile-number signals can provide additional evidence that an account belongs to a real person with an active network subscription.
Platforms may choose to use this information internally for risk scoring or display some form of verification indicator to users. The exact implementation would depend on the platform's policies and privacy requirements.
While mobile verification cannot prove that someone is who they claim to be in every situation, it can make large-scale anonymous impersonation more difficult.
Supporting Better Moderation and Fraud Detection
The collaboration may also improve how platforms detect abusive behaviour.
A verified mobile-number signal can be combined with other information to identify suspicious patterns, including:
Moderation teams could use these signals to prioritise investigations or apply stronger verification before allowing sensitive actions.
For example, a newly created account attempting to send hundreds of messages may be asked to complete additional verification. A long-standing account with a stable history may face fewer interruptions.
This allows security to become more targeted rather than treating every user as equally suspicious.
A Faster and More Seamless User Experience
Security controls are most effective when people can use them without confusion.
Traditional OTP verification creates several points where the process may fail. The SMS may arrive late, the user may switch between applications, the code may expire or the mobile network may temporarily be unavailable.
Automatic network verification removes much of this friction.
A user could enter a phone number and continue through registration while the verification happens in the background. There is no code to copy, no countdown timer and fewer opportunities for human error.
This may be especially valuable for platforms with large numbers of new registrations, where even small improvements in completion rates can make a significant difference.
The challenge will be ensuring that the experience still works reliably when users are connected through Wi-Fi, travelling internationally or using devices with multiple SIM cards. Well-designed fallback options will remain necessary for situations where network-based verification cannot be completed.
The First Malaysian Telco to Partner With IPification
CelcomDigi says it is the first telecommunications company in Malaysia to establish this type of partnership with IPification.
The collaboration places the telco in a growing area known as network APIs, where telecommunications infrastructure is made available to digital platforms through secure, standardised interfaces.
Traditionally, mobile networks mainly provided connectivity, voice calls and messaging. Network APIs allow them to offer additional capabilities such as phone-number verification, device status checks and fraud-prevention signals.
This creates new opportunities for telecommunications companies to support digital services beyond simply carrying traffic.
For developers, the benefit is access to trusted network information without needing to build direct integrations with complex telecommunications systems.
Building on Earlier Verification Partnerships
The IPification collaboration adds to CelcomDigi's existing work in mobile identity and verification.
Earlier in the year, the company partnered with Google Firebase and Telenor Linx to provide mobile-number verification services. Together, these initiatives suggest that CelcomDigi is building a broader portfolio rather than relying on one verification technology or platform.
Different digital services may have different requirements. A small application may prefer a simple authentication integration, while a large social network may require customised APIs, risk controls and higher transaction volumes.
By supporting multiple technology partners, CelcomDigi can offer more flexible options to developers and enterprise customers.
Why Telecommunications Networks Are Becoming Part of Digital Identity
Telecommunications providers occupy a unique position in the digital ecosystem.
They know whether a mobile number is active on their network, whether the associated device is connected and whether certain network-level conditions are present. When used responsibly, these signals can help confirm identity without exposing unnecessary personal data.
This makes telcos increasingly important partners in preventing online fraud.
The shift also reflects a broader industry trend. Mobile networks are evolving from passive connectivity providers into active participants in authentication, cybersecurity and digital trust.
However, this role comes with responsibilities. Network-based identity services must be designed with strong privacy controls, clear consent mechanisms and strict limits on how data is shared.
Users should be able to understand what is being verified and why, particularly when the technology operates invisibly in the background.
Privacy and Transparency Will Be Important
Automatic verification may be convenient, but platforms must avoid making users feel that their network activity is being monitored without explanation.
A responsible implementation should clearly inform users that their mobile number may be verified through the telecommunications network. It should also explain what information is exchanged and whether the data is retained.
The service should follow data-minimisation principles, meaning the platform receives only the result needed to complete verification rather than unnecessary network or subscriber details.
Access to the API must also be carefully controlled. Only approved platforms should be allowed to request verification, and all requests should be logged and monitored for abuse.
Strong governance will be essential as network APIs become more widely used across banking, social media, e-commerce and government services.
Helping Malaysia's Digital Economy Grow More Securely
Malaysia's digital economy increasingly depends on trusted online interactions.
Consumers use digital services for communication, banking, shopping, transport, healthcare and government transactions. When fake accounts and identity fraud become widespread, confidence in these services begins to decline.
Network-based verification can help strengthen that trust by giving platforms a more reliable way to confirm that users genuinely control the phone numbers linked to their accounts.
For businesses, fewer fraudulent accounts may reduce support costs, chargebacks and abuse. For users, stronger verification may mean fewer impersonation attempts and better account-recovery protection.
The technology therefore has potential benefits beyond social media, including financial services, online marketplaces, delivery platforms, digital healthcare and other applications where identity confidence matters.
Final Thoughts
CelcomDigi's partnership with IPification shows how telecommunications networks can play a larger role in improving online identity and security.
By allowing digital platforms to verify phone numbers through trusted network APIs, the service promises a quicker and more seamless alternative to traditional SMS OTPs. It could help reduce fake registrations, strengthen account recovery and give platforms better signals for detecting fraud and impersonation.
The solution will not eliminate online abuse on its own. Phone-number verification remains only one part of a broader security strategy that should include behavioural monitoring, strong account protections and responsible moderation.
Nevertheless, as AI makes fake identities easier to create, reliable network-based signals may become increasingly valuable. The challenge will be delivering these protections in a way that improves safety without compromising user privacy or transparency.


Comments