TL;DR — Executive Summary
Learn how Silent Network Auth (SNA) technology works, allowing companies to verify user identity without the friction of sending OTP codes.
In the Brazilian digital security and app development landscape, multi-factor authentication (MFA) has consolidated itself as an essential pillar to protect user accounts from unauthorized access. However, traditional authentication methods like SMS OTP or WhatsApp OTP face two major hurdles: friction in user experience (UX) — as users must wait for a text, copy it, and paste it back into the app — and vulnerabilities to sophisticated social engineering attacks like phishing, intercept campaigns, and SIM Swap scams.
To solve these security and UX challenges, Silent Network Auth (SNA) — also known commercially as *Verify My IP* — has emerged. Formed under the international GSMA Open Gateway initiative, this technology is revolutionizing mobile authentication in Brazil, enabling companies to verify a user's cellular identity silently and without password inputs.
---
1. What is Silent Network Auth (SNA)?
Silent Network Auth (SNA) is a network API standardized globally by the GSMA that enables instant, secure verification of mobile number ownership. Instead of sending a one-time password to the user's phone, verification happens at the carrier network infrastructure level by comparing active mobile connection parameters with the user's input.
In Brazil, the three major telecom operators — Vivo, Claro, and TIM — have collaborated to unify these APIs. Developers can access this technology through integrated CPaaS gateways in a standard, multi-carrier format.
Key Benefits of SNA:
- Zero Friction for the User: No codes to copy, no SMS boxes to open, and no app-switching. The entire validation is executed silently in the background.
- Phishing Protection: Because authentication checks happen directly over signaling channels within the active cellular network, hackers cannot intercept OTP tokens via copycat screens.
- SIM Swap Protection: The carrier network is able to identify if a SIM card was recently swapped, aborting automatic login requests if a line hijacking occurred within a specific timeframe.
---
2. Technical Handshake Architecture
The core mechanics of Silent Network Auth depend on crossing the IP address of the active mobile data connection with the records registered inside the carrier's core database.
mermaid sequenceDiagram participant User as User Handset participant App as Backend App participant Gateway as Bulk SMS Gateway participant Carrier as Carrier Network (Vivo/TIM/Claro)
User->{App}: Initiates login / sends phone number (+5511999998888) App->>Gateway: Queries SNA authentication (phone, userIP) Gateway->>Carrier: Asks for IP match verification Carrier->>Carrier: Cross-checks connection IP with SIM MSISDN Carrier-->>Gateway: Returns validation status (Match / No Match) Gateway-->>App: Passes verification confirmation App-->>User: Logs user in (Success)
The Verification Flow:
- User Request: The user inputs their cell phone number into the mobile application using their mobile data network (3G/4G/5G).
- API Dispatch: The application backend catches the request, registers the user's public source IP, and routes a query payload (phone number and source IP) to the Bulk SMS gateway.
- Carrier Routing: The gateway automatically identifies the mobile operator and routes the check request to the carrier's gateway.
- Cross-Check Match: The carrier database cross-references the IP address from the active data session with the MSISDN (mobile number) assigned to the hardware SIM card.
- Authorization response: If they match, a success signal ("MATCH") is returned, and the backend logs the user in instantly.
---
3. Comparison Matrix: SNA vs. Traditional MFA
| Criteria / Channel | Silent Network Auth (SNA) | SMS OTP (One-Time Password) | Authenticator Apps (TOTP) |
|---|---|---|---|
| :--- | :--- | :--- | :--- |
| User Experience (UX) | Excellent (Invisibly executed) | Medium (Requires copying codes) | Low (Requires app switching and inputting) |
| Phishing Resistance | High (Immune to cloned landing pages) | Low (Codes can be social-engineered) | Medium (Vulnerable to proxy phishing tools) |
| SIM Swap Immunity | High (Detects recent SIM changes) | Low (Messages routed to the fraudster's SIM) | High (Independent of carrier network) |
| Processing Latency | < 1.5 seconds | 2 to 10 seconds | Variable (Depends on manual entry speeds) |
| Connectivity Dependency | Requires active mobile data connection | Works on standard GSM/voice signals | Works offline on the handset |
---
4. Integration Code: Querying SNA in Node.js
Integrating Silent Network Auth requires two main backend actions: obtaining a session validation token, and querying the operator API. Here is a Node.js Express example demonstrating how to run the workflow:
javascript const express = require('express'); const axios = require('axios'); const app = express(); app.use(express.json());
const BULK_SMS_API_URL = 'https://api.bulksmsbrazil.com/v1'; const API_TOKEN = 'your_api_token_here';
// Mobile authentication route using SNA app.post('/api/auth/silent-verify', async (req, res) => { const { phoneNumber } = req.body; // Get the customer's public source IP address const userIp = req.headers['x-forwarded-for'] || req.socket.remoteAddress;
if (!phoneNumber) { return res.status(400).json({ error: 'User phone number is required.' }); }
console.log(Initiating silent network authentication for ${phoneNumber} on IP: ${userIp});
try { // 1. Send query payload to the SNA gateway const authResponse = await axios.post(${BULK_SMS_API_URL}/network/sna/verify, { phoneNumber: phoneNumber, clientIp: userIp }, { headers: { 'Authorization': Bearer ${API_TOKEN}, 'Content-Type': 'application/json' } });
const { status, transactionId, carrierMatched } = authResponse.data;
// Check if operator network verified the pairing if (status === 'COMPLETED' && carrierMatched === true) { console.log(User verified successfully via carrier network. Transaction: ${transactionId}); // Issue session JWT return res.status(200).json({ success: true, message: 'Silent authentication completed.', token: 'jwt_mock_session_token' }); } else { console.log(SNA failed: User IP does not match SIM credentials.); return res.status(401).json({ success: false, error: 'Network identity match failed. Please choose an alternative login method.' }); } } catch (error) { console.error('SNA query error:', error.response ? error.response.data : error.message); return res.status(500).json({ error: 'Internal gateway error querying carrier network.' }); } });
app.listen(3000, () => console.log('SNA Auth Server running on port 3000'));
---
5. High-Impact Financial Case Studies in Brazil
Due to Central Bank (BCB) guidelines requiring strong authentication pathways for instant transfers, Brazilian fintechs are leading the adoption of Silent Network Auth:
- Fintech Onboarding Verification: During account registration on mobile apps, SNA silently validates if the user's input matches the active connection SIM card, shutting down fake registrations before fraud accounts can be created.
- Securing High-Value Pix Payments: When a Pix transfer exceeds a customer's typical spending patterns, the banking engine runs a silent background SNA lookup. If the carrier network verifies the connection MSISDN/IP pairing, the transaction is processed without requiring passwords, maintaining an optimal balance between security and user convenience.
To discover details about Open Gateway standards and access our testing sandbox, check our Network APIs page or read our Verify APIs documentation.
Camila Rodrigues
CTO, Bulk SMS
Senior specialist in mobile telecommunications infrastructure, high-performance enterprise messaging, and LGPD compliance for smart communication platforms and APIs in Brazil.