In this interview, Guillaume Bourcy, Chief Identity Officer at Global Telco Consult (GTC), explains how mobile identity is transforming authentication processes. From reducing onboarding friction to integrating biometrics and fraud detection, he details why this technology is emerging as a strategic pillar for companies seeking security and a better customer experience.
Mobile Identity is a system that authenticates a user through their device and mobile network, using information provided directly by telecom operators. Unlike traditional methods such as username/password or SMS codes, this model is more secure, reduces access friction, and can be integrated with other factors such as biometrics or document verification.
To better understand its scope, we spoke with Guillaume Bourcy, Chief Identity Officer at Global Telco Consult (GTC), who has nearly two decades of experience in telecommunications, digital identity, and fraud prevention. Bourcy has led the development of authentication solutions at companies such as TeleSign, co-founded Enabld Technologies, and participated in global GSMA initiatives. In this interview, he explains why mobile identity is gaining ground, the role of Plusmo, and how companies can adopt it to protect themselves while improving their customers’ experience.
Q: We know that identity is no longer a static attribute but is built dynamically. Why do you think today it should be redefined under an adaptive risk logic and not just as a binary verification?
A: You must think in terms of use cases. If I’m going to make a payment or a high-value transaction, we want to verify it with the highest level of security, but without creating unnecessary friction. Today, the way this is done still generates a lot of friction, and that’s where mobile identity can help. However, it’s not a magic solution. Regulations may impose biometrics; for example, in some countries, banks are required to perform biometric checks.
The key is to combine dynamic elements with context: regulation, the use case, and the transaction value. It’s no longer about a single method; before, when the standard was two-factor authentication via SMS or, earlier, just username and password. Previously, you’d register online, receive an email, then a code by SMS, and that was enough. That no longer works: the spread of artificial intelligence (AI), accelerated digitalization, and the pandemic have changed the landscape, moving more services online and forcing us to rethink how we register, authenticate, and manage identities. Today, an adaptable, versatile approach is needed—one that combines different elements such as biometrics, context, and regulation—with mobile identity acting as the core but always integrated with other components.
Q: If these solutions exist, why do many companies still use SMS verification?
A: First, we need to acknowledge the value of SMS: it has worked for decades, works on any device, and is ubiquitous. You can have an old phone or a smartphone, and the message still arrives. The problem is cost and security, especially with international SMS, though this has improved. For large companies, the priority is that it works regardless of the user’s network. Mobile identity, on the other hand, is not yet ubiquitous: today, fewer than 300 networks are connected globally, covering 80% of the mobile population. It’s not yet fully scalable, and companies need to make changes before adopting it. Banks usually lead adoption, followed by other sectors.
Q: Can you give more adoption examples?
A: In Argentina, for instance, the Central Bank issued guidelines that included SIM swap detection. In the UAE, it is rumored that by 2026 banks will no longer be allowed to use SMS OTPs, though this isn’t yet confirmed. This will force alternatives such as mobile identity, passkeys, or combinations of both.
Q: If I owned a company that uses SMS verification, would you recommend evolving?
A: Yes. Although SMS will continue to exist—and I think it will last at least another 10 years—its use will decline. Mobile identity is aligned with new GSMA standards, such as unified network APIs. For a company, now is the time to explore this and not fall behind new attacks.
Q: Regarding what you mentioned about the GSMA, Plusmo launched Plusmo Protect, a comprehensive set of APIs that ensures trust in business transactions through a reliable solution for identity authentication and fraud prevention. Is this approach more robust and secure?
A: Yes, because operators are the “source of truth.” They have information and context about the user that no other source can provide. The ideal is to start with mobile identity and, depending on context or regulation, add biometrics or other factors. The key is orchestrating the identity flow: combining different layers depending on the case.
Q: Do companies already know about these solutions, or is evangelization still needed?
A: In the past, there was little coverage, high costs, and low interoperability. Today that has changed. Rising SMS costs and the perception of lower security have made companies more willing to listen. Mobile identity, passkeys, and other options are gaining traction. That said, much more training is still needed to explain the features of mobile identity solutions.
Q: If a company adopted a mobile identity system, what functionalities would you consider essential to implement?
A: Mobile identity, without a doubt. It reduces friction, improves customer acquisition, and eliminates cumbersome steps such as requesting physical documents. This is key for fintechs or startups that need to scale quickly.
Q: What is Plusmo’s role in this scenario?
A: Its value lies in acting as an aggregator: a single integration with Plusmo connects you with all operators in a country, and if you then want to expand to other markets, Plusmo manages the integration and compliance. With SMS, you could only solve a few use cases; with mobile identity, you can cover registration, authentication, KYC, and the entire digital customer journey with a single API.
Q: Based on everything you’ve said, what final advice would you give organizations?
A: Companies need to move past the “SMS mindset” as the only way. Keeping it as a fallback is fine, but mobile identity enables growth, strengthens security, and lowers entry barriers—even helping with financial inclusion and simplifying the end-user experience.
