Mobile Identity Glossary

Confused by all the acronyms in the world of mobile identity? From the different types of mobile fraud, to some of the technical terms that carriers use, we’ve got you covered with this handy A-Z glossary of terms.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A

API (Application Programming interface)

A software communication layer that allows applications to communicate with each other.

ATO (Account Takeover)

A form of identity theft where cybercriminals gain access to a victim’s online account and then go on to steal information or make purchases.

Learn how SIM-based device binding can prevent phishing and fraud.

App ID

A unique identifier assigned to a mobile application, essentially acting as a distinct code that allows the app to be recognized and differentiated from other apps on a device or within an app store.

Assertion

A statement from a verifier to an RP (Relying Party) that contains information about a subscriber. Assertions may also contain verified attributes.

Authentication

The process of verifying the identity of a user or device. Common methods include passwords, biometric scans, and two-factor authentication (2FA).

Authorization

The process of granting access to specific resources or services based on a user’s identity.

B

Biometric Authentication

A security process that uses unique biological characteristics (fingerprints, facial recognition etc.) to verify an individual’s identity.

Bundle ID

A unique identifier for a mobile app, used by Apple and Android to identify apps in their respective ecosystems.

C

CAMARA

An open source project within Linux Foundation to define, develop and test standardized Application Programming Interfaces (APIs) designed specifically for the telecommunications industry.

Carrier

Also known as a mobile network operator (MNO), a company that provides wireless services to mobile devices.

Credential

A mobile identity credential is a digital version of a user’s identity stored on a mobile device and used to access online services, applications, and data.

Credential Management

Storing, organizing, and securing login credentials for different apps or services on mobile devices.

D

Device Binding

A security mechanism that establishes a unique and secure link between a mobile application and a mobile device, using its unique identifier.

Learn more about device binding for strong foundational security.

Device Trust

A security process that verifies a mobile device’s security before it can access an organization’s network.

Device fingerprinting

A technique that identifies a mobile device by collecting data about its hardware and software, which is then used to create a unique identifier for the device.

Digital Identity

A digital identity is an online representation of a person’s identity, consisting of identifying data such as their name, age, and other personal or biometric information.

Dual SIM

A mobile phone that can use two SIM cards at once, allowing users to have two phone numbers on the same device.

E

Embedded Identity

Uses the secure mobile network identification mechanism as a trusted foundation for a unique, layered approach to identity, enhancing core digital identity with additional attributes, all built on top of a trusted mobile possession factor.

Learn more about building an embedded mobile identity.

Enrollment

Mobile identity enrollment is the process of creating a digital identity or verifying your identity using a mobile device.

eIDAS Regulation

(Electronic IDentification, Authentication and trust Services) Establishes a framework for digital identity and authentication to build trust in electronic interactions and enable seamless digital services across EU borders by facilitating secure cross-border transactions.

eKYC (Electronic Know Your Customer)

Digital process of verifying a customer’s identity remotely.

eSIM (Embedded SIM)

A non-removable digital SIM card that’s built into a device and allows users to connect to a mobile network.

F

FIDO (Fast IDentity Online)

A cryptographic protocol for user authentication.  FIDO authentication relies on passkeys (cryptographic credentials in the form of a secure key pair, rather than a user password). One key is stored securely on the user’s device, the other on the server of the website or app provider.

FIDO2

The newest set of specifications from the FIDO Alliance. It enables the use of common devices (such as mobile phones) to authenticate to online services on both mobile and desktop environments, using unique cryptographic login credentials for every site.

Facial Recognition

Biometric technology used to identify individuals based on their facial features.

Federated Identity

A single identity used across multiple platforms and services, enabling seamless access without multiple logins.

G

GSM (Global System for Mobile Communications)

Widely used standard for digital cellular networks, allowing for voice calls, text messages (SMS), and basic data services across a global network.

GSMA Open Gateway

A framework of common network Application Programmable Interfaces (APIs) designed to provide universal access to operator networks for developers.

IDlayr is an official GSMA Open Gateway channel partner.

Geolocation

The process of determining the location of a mobile device.

H

Hardware Security Module (HSM)

A physical security device that protects cryptographic keys and sensitive data used in mobile identity verification.

I

IDaaS (Identity as a Service)

A cloud-based service that manages user identity and access.

IMEI (International Mobile Equipment Identity)

A unique 15-digit number that identifies a mobile device.

IMSI (International Mobile Subscriber Identity)

A unique identification number assigned to a specific SIM card.

Learn more: MSISDN or IMSI – the difference and why it matters.

Identity Proofing

Processes that confirm a user’s identity using a mobile device, including biometrics, personal and mobile network data.

Inherence Factor

Something you are (biometric), such as your fingerprint or face. One of the 3 types of authentication factors.

J

JWT (JSON Web Token)

An open standard for securely transmitting information between parties as a JSON (JavaScript Object Notation) object.

K

Knowledge Factor

Something you know, such as a password. One of the 3 types of authentication factors.

Learn how to remove the dependence on shareable knowledge factors.

L

Level of Assurance

Indicates the degree of confidence a service provider has in a person’s claimed digital identity, such as on a mobile device.

Lifecycle Management

The process of overseeing a user’s digital identity on a mobile device throughout its lifecycle—including creation, provisioning, usage, and access removal—while ensuring security and compliance by regulating data access at all times.

Liveness Detection

Technology used to ensure that a biometric sample is from a live person and not a spoof.

Login

The process of using a mobile device to log in to an application or website.

M

MFA (Multi Factor Authentication)

A login method that requires users to provide more than just a password to access an account. Commonly involves asking users to use an OTP via SMS, an authenticator app, or a biometric authentication.

MNO (Mobile Network Operator)

Also known as a mobile carrier, a telecoms company that provides wireless voice and data services to mobile phone subscribers.

MSISDN (Mobile Station International Subscriber Directory Number)

A mobile phone number, composed of a country code where the SIM is registered, a network code which identifies the network operator, and a subscriber number.

Learn more: MSISDN or IMSI – the difference, and why it matters for Mobile Identity.

MVNO (Mobile Virtual Network Operator)

A company that sells mobile services to customers, without owning the network infrastructure.

Man-in-the-middle (MITM) attacks

Cybercriminals who intercept messages using malware or rogue networks, allowing them to read messages, track locations, and steal authentication codes without users’ knowledge.

Mobile Data Connection

Also known as cellular data, a wireless internet connection (typically 3G, 4G or 5G) that allows users internet access on mobile devices, via a carrier/service provider.

Mobile Device Verification

A process that confirms a user’s identity using their mobile device. It can be used to verify a user’s identity or to authorize a mobile device.

Mobile Identity

A mobile identity is a credential that can be used to verify a user’s identity via their mobile device. It serves as a trusted foundation for secure transactions within mobile applications, such as logins and other digital interactions. As a key component of the digital economy, mobile identity plays a crucial role in facilitating secure transactions and interactions in the digital realm.

Learn how to turn mobile phone numbers into digital identities.

Mobile Wallet

A digital wallet that’s stored on a smartphone or smartwatch, which allows users to make payments and store digital versions of cards, passes, and tickets.

Multi-SIM

Allow users to have multiple SIM cards on the same device, which can be used for different phone numbers.

mDL (Mobile Driving License)

A digital version of a driver’s license that’s stored on a smartphone. Also known as a digital driver’s license (DDL).

mIDaaS (Mobile Identity as a Service)

A cloud-based service that verifies user identity and controls access to resources using mobile devices.

N

NFC (Near-Field Communication)

Short-range wireless technology used for contactless communication between devices.

O

OTP (One Time Password)

A unique code that can only be used once to verify a user’s identity during a login attempt or transaction. Typically sent via SMS.

The problem with SMS OTPs: Why this 2FA method isn’t as secure as you think.

P

PSD2

The European Commission administers the second Payment Services Directive (PSD2), an EU Directive that regulates payment services and payment service providers throughout the European Union and European Economic Area.

PSD3

The Payment Services Directive 3 (PSD3) is a legislative proposal from the European Union that aims to enhance the existing rules (PSD2) governing electronic payments within the EU, with objectives to bolster the security, transparency, and accessibility of payment services for consumers and businesses alike.

Passkeys

A secure digital alternative to passwords that allow users to sign in to websites and apps without entering a username or password.

Phishing

Fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity.

Possession Factor

Something you have, such as a mobile device. One of the 3 types of authentication factors.

Possession Factor Assurance

A security method that requires a user to have a physical device or digital asset to log in. Often used in conjunction with other authentication factors, such as passwords and biometrics.

Learn how a possession-based mobile identity strategy can improve security.

Q

QR Code

A two-dimensional barcode that can be scanned by a mobile device to access information or perform an action, such as visit a URL.

R

Recover

The process of regaining login access to a mobile application, typically through a verification method like email, OTP or security questions sent to a registered account. A process that can sometimes be vulnerable to fraud.

Register

To create a user account within a mobile app by providing personal data such as email address, name, mobile number, password and so on.

Relying Party

A company or organization that depends on a mobile identity provider to authenticate users when accessing services or applications.

Risk-Based Authentication (RBA)

A dynamic authentication system that adjusts the level of security based on the perceived risk of a transaction.

S

SDK (Software Development Kit)

A collection of tools that developers use to build applications for specific platforms.

SIM (Subscriber Identity Module)

A SIM card is a small chip that stores information about a mobile device’s owner, and uses cryptography to secure data and authenticate users on mobile networks.

SIM Security

A SIM card utilizes cryptographic security by storing unique, encrypted keys within its protected memory, allowing it to authenticate itself to the mobile network by performing secure cryptographic operations.

SIM swap fraud

Attackers trick mobile carriers into transferring a victim’s number to a new SIM card under their control. This allows them to receive all OTPs sent to that number, bypassing 2FA entirely. Also known as: SIM Jacking, SIM Cloning.

 

How to protect your customers from the growing threat of SIM swap fraud.

SMS pump fraud

Also known as artificially inflated traffic (AIT), is a type of fraud where fraudsters work with insiders at telecom providers to generate massive amounts of SMS traffic to premium-rate numbers.

SMS spoofing

Hackers manipulate sender information to make messages appear as though they are from a trusted source.

SNA (Silent Network Authentication)

Leverages the cryptographic security of SIM cards and mobile networks for secure, seamless authentication.

Learn how to use SNA for mobile identity, the cryptographically secure technology that’s already being used in every phone.

Secure Enclave

A specialized hardware component in a mobile device, such as a smartphone, designed to securely store and process sensitive identity data—like biometric information and encryption keys—while remaining isolated from the main operating system.

Smishing (SMS phishing)

A phishing attack via text messages where fraudsters send fake messages pretending to be from banks, retailers, or service providers, urging recipients to enter their login details or OTPs on a malicious website.

Step Up

A step-up authentication typically requires a user to provide additional verification when performing high-risk actions on a mobile app.

T

Transact

A mobile transaction is a payment made using a mobile device, used to pay for goods and services, or to send money to another party.

Two-Factor Authentication (2FA)

A security method that requires two forms of identification to access data or resources.

U

U2F (Universal 2nd Factor)

A security standard that allows users to add an extra layer of protection to their online accounts by using a physical security key.

User Consent

Obtaining explicit permission from a user before a mobile application can access or utilize their personal data.

User Credentials

A unique set of identifiers that allow a user to log in to a system or account. Can include a mobile phone number.

V

Verifiable Credentials (VCs)

Are digital representations of aspects of your identity. They are uniquely bound to an individual, who can use them to prove those aspects, similar to physical documents.

Vishing

Voice phishing is a type of phone scam that involves tricking people into sharing sensitive information, such as online banking logins.

W

WebAuthn (Web Authentication)

A W3C standard that enables secure, passwordless authentication using biometrics or security keys.

Z

Zero Trust Security

A security framework based on the principle of “never trust, always verify.”