Mobile Connect offers two authorisation products namely:
Mobile Connect Authorisation enables an application or service to request that an End-User approve an event via a prompt which is displayed on their mobile device. The developer can customise this prompt to suit the needs of their application or service.
Mobile Connect Authorisation can be described as an extension of Mobile Connect Authentication such that Mobile Connect authenticates an end user and also secures a response from them to an explicit question asked by the application or service (in contrast to the implicit question for the authentication, which is “can you confirm that it is you”).
Mobile Connect Authorise offers a basic level of assurance (LoA2). It provides for a Yes/Cancel response from a user who has access to the device. It cannot confirm if the user who responded is the person who they claim to be.
Mobile Connect Authorise Plus offers a higher level of assurance (LoA3). It involves two factors: something I have (a device) and something I know (a pin) and therefore it provides a higher level of confidence that the person who is responding is who they claim to be.
Service providers can choose one or both products for use in their applications based on the required level of assurance.