Enhance Call Security with PIN-Based Number Masking Using Plivo's API

Jul 24, 2024
Enhance Call Security with PIN-Based Number Masking Using Plivo's API

Plivo is introducing PIN-based authentication to its robust Number Masking API. This feature is designed to expand the utility and coverage of our number masking capabilities, catering to a broader range of use cases, including scenarios where calls originate from numbers that are not part of the number-masking session.

What is PIN-based Number Masking?

PIN-based number masking builds on our existing number masking solution, which anonymizes the phone numbers of parties in a call by using an intermediate virtual number. The new feature introduces a PIN authentication layer, enabling seamless connection even when calls originate from numbers that are not part of the number-masking session. This is particularly useful for situations where users may have multiple phone numbers or when calls are made from a number not previously associated with the application.

For example, imagine a user who signed up on a ride-sharing app with their primary phone number (let's call it Number X). One day, they need to call their driver but find that their primary phone is out of battery. They decide to use a different phone (Number Y) and call from a number that is not part of the number-masking session. Thanks to PIN-based Number Masking, they can still make the call. In such scenarios Plivo will ask for a PIN, and once the caller enters it correctly, the call connects to the driver, all the while keeping both parties' actual numbers hidden.

Who Benefits from PIN-based Number Masking?

This solution is tailor-made for businesses that operate in dynamic environments where end users or service providers use multiple SIMs or phone numbers. Whether it's a delivery service connecting drivers and customers, or a healthcare provider ensuring patient confidentiality, PIN-based number masking ensures that every call is securely connected, regardless of the phone number used.

How Does It Work?

When a call is initiated from an unregistered number, the caller is prompted to enter a PIN. This PIN, either set by the user or automatically generated by Plivo, verifies the caller's identity and connects them to the intended party, all while maintaining the anonymity of both parties' phone numbers.

Getting Started with PIN-based Number Masking

The adoption of PIN-based Number Masking involves a straightforward process, ensuring businesses can easily integrate this feature into their existing systems. Here's how to get started:

  • Account Setup: Ensure you have an active Plivo account. If not, sign up with your business email and acquire a voice-enabled Plivo phone number, essential for creating number masking sessions. You can rent numbers from the Numbers page of the Plivo console, or by using the Numbers API.
  • Creating a PIN-Based Session: Use a simple cURL request to kickstart your number masking session with PIN authentication enabled. This request should include both parties' phone numbers, a flag to enable PIN authentication (is_pin_authentication_required), and the PINs for both parties. You can also specify audio prompts for PIN entry and incorrect PIN attempts. 

 Here’s a basic template:

curl -X POST "https://api.plivo.com/v1/Account/{Auth ID}/Masking/Session" \
-H "Content-Type: application/json" \
-d '{
"first_party": "+919003459XXX", //Delivery agent number
"second_party": "+919840037XXX", //Customer number
"is_pin_authentication_required": true,
"first_party_pin": 1234, // PIN shared with the delivery agent if they use a secondary number.
"second_party_pin": 4321, // PIN shared with the customer if they use a secondary number.
"pin_prompt_play": "https://play.s3.eu-north-1.amazonaws.com/pin_prompt.wav",
"incorrect_pin_play": "https://play.s3.eu-north-1.amazonaws.com/incorrect_pin.wav"
}'

Ensure that is_pin_authentication_required is set to true for sessions requiring PIN verification. This step is vital for authenticating calls from unknown numbers.

  • Configuration and Customization: Tailor the session to your specific needs by configuring optional parameters. These include setting custom PIN prompts and actions for incorrect PIN entries, thus offering a personalized experience for your users. Further details about these attributes can be found in the session object description.
  • Session and PIN Management: Upon session creation, both parties receive the same virtual number. The PIN generated by Plivo will be unique for each party. Customers also have the option to generate unique pins for the parties involved. Plivo's system seamlessly handles the authentication, connecting calls upon successful PIN verification.
  • Monitoring and Feedback: Plivo's infrastructure provides callbacks for real-time updates on PIN authentication status and session interactions. This feature is invaluable for maintaining oversight and optimizing the call experience based on actual usage.

Why Choose PIN-Based Number Masking?

PIN-based number masking enhances security and flexibility, ensuring calls are authenticated even from unregistered numbers. This level of authentication is crucial for businesses that prioritize customer confidentiality and security, such as healthcare providers, ride-sharing services, and delivery platforms. By integrating this feature, businesses can reassure their users that their privacy is protected, and their interactions are secure, no matter which phone number they use.

Conclusion

Incorporating PIN-based number masking into your communication strategy not only enhances security but also provides a seamless user experience across various scenarios. Whether your users need to switch between multiple devices or numbers, this feature ensures uninterrupted and confidential communication.

To implement PIN-based number masking and leverage its full potential, explore our comprehensive developer documentation. Here, you'll find detailed guides, examples, and best practices to help you integrate this feature effortlessly.

Discover how Plivo's API can transform your communication processes by visiting our developer documentation. Empower your business with advanced security features and ensure your users' privacy and satisfaction.

Enhance your call security today with Plivo!

Get Volume Pricing

Thousands of businesses in more than 220 countries trust Plivo’s cloud communications platform

The best communications platform forthe world’s leading entertainment service

Frequently asked questions

How can I perform required DLT registration?

DLT stands for distributed ledger technology. The Telecom Regulatory Authority of India (TRAI) requires any entity who wants to send SMS to register in order to curb unsolicited commercial communication (UCC). Required information includes organizational details, message headers and templates, and required consent information

Read our guide How to Complete DLT Registration for Sending Text Messages in India for information about the process.

Why should I register for a Sender ID?

While it’s not mandatory, Plivo recommends registering a sender ID. Messages sent without a registered sender ID are sent with a generic identifier such as “SMS” or “INFO.”

footer bg

Subscribe to Our Newsletter

Get monthly product and feature updates, the latest industry news, and more!

Thank you icon
Thank you!
Thank you for subscribing
Oops! Something went wrong while submitting the form.