Vodafone has announced the global rollout of its next-generation Number Verify 2.0 service, introducing mobile number authentication that eliminates the need for traditional SMS-based one-time passwords. The service has launched first in Germany, the Netherlands and the United Kingdom, marking the opening phase of what the company describes as a planned global expansion for enterprise customers.
How the Technology Actually Works
Number Verify 2.0 enables businesses to verify a user’s mobile number directly through the mobile network, confirming the number is genuinely linked to that user’s SIM and device, across both app and web journeys, whether the person is connected via mobile data or Wi-Fi. Technically, the system integrates directly with the mobile operating system and the network operator’s entitlement server: when an app initiates verification, it triggers a TS.43-compliant validation of the device’s SIM, which the operator’s backend confirms in exchange for a temporary token, later used in a secure API call to validate or share the associated mobile number.
Vodafone said the process begins only after explicit user consent, after which the verified number is shared instantly with the requesting service, such as a bank or retailer, without the customer manually entering any code. Because the verification relies on cryptographically secured SIM hardware alongside network-level confirmation, the company says the resulting response is virtually impossible to fake, a meaningfully stronger guarantee than SMS OTP, which merely confirms someone typed in a code, not that the legitimate subscriber was the one completing the transaction.
Why SMS OTP Has Become the Weak Link
Vodafone argues that mobile numbers remain among the most widely used digital identifiers for registration, login, account recovery and transaction verification, yet traditional SMS OTP authentication has not evolved to counter modern threats. SMS OTP does not verify whether a session has been compromised through phishing, malware or social engineering, leaving both businesses and consumers exposed even when the code itself is entered correctly.
The company also flagged the growing problem of Artificially Inflated Traffic, where automated bots generate large volumes of fraudulent OTP requests, driving up operational costs for businesses while simultaneously widening the attack surface. Johanna Wood, Vodafone’s Director of Network APIs, said SMS OTP had remained the default authentication mechanism for more than a decade despite operating in an entirely different threat environment than the one it was designed for, and that Number Verify 2.0 gives developers a faster, safer and more seamless way to verify numbers instead.
A Standardised Push Across the Industry
Vodafone’s move is not happening in isolation. Just days before this rollout, AT&T, T-Mobile US and Verizon jointly launched a comparable nationwide, network-based Number Verification solution in the United States through network API specialist Aduna, suggesting the shift away from SMS OTP is becoming an industry-wide convergence rather than a single operator’s experiment. Number Verify 2.0 itself is built on the internationally recognised CAMARA standard, meaning developers can integrate the API once and deploy it progressively across additional countries as operator support expands, rather than building separate integrations market by market.
The service is rolling out first on Android devices, with iOS support and broader multi-operator coverage in each launch market still needed before the technology can deliver the nationwide impact Vodafone is aiming for.
Prof. Triveni Singh, the former IPS officer and cybercrime specialist, said OTP-based authentication has increasingly become a target for cybercriminals through SIM-swap fraud, phishing campaigns, malware and sophisticated social engineering. He said mobile network-based identity verification represents a significant advancement in digital security, but should be deployed alongside multi-factor authentication, behavioural risk analysis and continuous cybersecurity awareness rather than as a standalone replacement.
He added that close real-time collaboration among banks, fintech companies, telecom operators and regulators will remain essential for strengthening trust in an increasingly complex digital payments ecosystem, particularly as more countries begin adopting SIM-based verification standards like CAMARA in the years ahead.
