Information Security

GO-JEK: SMS verifies legitimate users

04 November 20152 minutes

Go JEK Phone Validation

GO-JEK’s motorcycle app is Jakarta’s fastest door-to-door service of its kind, offering 60-minute delivery anywhere in the city, as well as shopping and courier services. Founded in 2010 as a two-wheel transportation company working only via phone calls, GO-JEK has grown to become a leading app that provides a full range of services ranging from transportation and logistics to payment, food delivery, and various on-demand services in more than 50 cities across Indonesia.

The Problem

GO-JEK wanted to find a trusted and reliable method to verify that each person who signed up for their services is a legitimate user and not an automated bot. It was most important that the solution would be simple in order to maintain an easy sign-up process and a great user experience.

The Solution

GO-JEK opted to verify mobile numbers when new users signed up via the app. It chose SMS two-factor authentication via Clickatell which allows GO-JEK to send users a unique code via SMS, which they have to enter into the app to verify their contact details. This action can’t be mimicked by a bot or any software program. Two-factor authentication combines something the user knows (e.g. PIN, password, secret or in the case of GO-JEK a unique code) with something the user owns (e.g. a mobile device or mobile phone).

The Result

Because SMS verification requires human intervention, automated account registrations by unidentified sources are no longer possible on the GO-JEK app. Now, only legitimate users can sign up for the company's services and as a result, there has been a significant decrease in fraudulent activities and a substantial increase in the efficiency of the app.

Interested in two-factor authentication via SMS for your app? Each app is different and you'll need to consider the touch points or data that could put your app, or your customers, at risk. If you were a hacker, what information would you be after – aside from obvious things like login information and credit card details? If you're interested in implementing two-factor authentication for your app or website, download our 2FA buyer's guide to learn more.