Update: I have been pondering over some posible solution for this, and the primary reason for concern for me here was how would businesses verify phone numbers authentically in India considering both approaches look flawed. After some basic hacking and testing at my end, I have a probable solution which seems to be working for India.

Current Flaw in Approach 2 (Similiar to ZipDial):

Currently, the Caller ID can easily be spoofed to the Regular phone numbers (080349xxxx) like the ones used by ZipDial, using any VoIP service, and it is very difficult for the system to detect the spoofed ID. However the caller id cannot be spoofed through a regular phone connection from within India.

This, got me thinking, if there could be a way to block VoIP services from reaching the numbers, then Approach 2 could very well get the job done.

Solution

And, there came the Indian Telcos to the rescue. Indian Telcos provide two kinds of numbers in India:

1. Regular Phone Numbers (080XXX) and

2. Toll Free Numbers (1800XX)

What I discovered after some testing at my end was, that the Indian Telcos did not allow the VoIP routes to reach the Toll Free Numbers. This is a very different behaviour than the US Telcos who allow this, however this seems to be the saving grace for us.

Hence, if services like ZipDial start using Toll Free Numbers instead of the regular phone numbers for verification, it could work well.

How I tested this

1. Usually when dialling from VoIP services the Phone number is prefixed with the country code, so I tried calling the toll free number as 911800XXX, and the call didnt complete as expected.

2. Dialing only the toll free number from a VoIP service, wouldnt work as then the call will be routed to US, as its a US/Canada Country code.

Conclusion

So far, I havent found a flaw in this approach and tried about 7 different VoIP operators. If any of you find a way to call the toll free numbers in India from a VoIP service, please post a comment.

I have also communicated this approach to the ZipDial team, and they are working on testing it throughly from thier side. Lets hope they announce something positive soon, as thier intent to launch this kind of service was quite innovative in the first place.

Posted Earlier: Phone number verification services are designed to confirm, that a given phone number is in service and belongs to the said user. It a great way to increase trust for websites and businesses.

Verification services are often used reduce spamming, fraud etc. Businesses which would use such services, would include:

• Lead generation companies
• Ecommerce sites
• Social networking sites
• Internet forums
• dating sites
• wikis etc

These services can be categorized primarly by two approcahes:

1. The business initiates the verification to a customers phone (via sms or by making an automated phone call to the customer)

2. Customer initiates the verification from his phone (by sending a sms or by dialing a phone number)

Lets look in more detail as how these services would work, and why both these approaches fail to work for India.

1. The business initiates the verification to a customers phone (via sms or by making an automated phone call to the customer)

 This approach normally is based verifying a PIN number. What I mean, by this is that businesses would generate a randomPIN number at thier end and this is sent to the customers phone via a sms or an automated phone call IVR. If the phone belongs to the intended user, he would recieve this PIN and then would be able to verify the PIN. Traditionally, this has been used by almost all businesses in India.  

Pros:

  - Verification is completly credible as its PIN number based, which is generated at the business end, hence very difficult to beat/cheat.

Cons:

 - Won't work very well anymore in India, due to new TRAI regulations as lots of numbers could be present in the do not disturb registry, and SMS might never reach customers.

 - Can be missued by spammers by entering anonymous phone numbers which could lead to customer complaints being registered to TRAI on businesses, leading to heavy penalty. 

2. Customer initiates the verification from his phone (by sending a sms or by dialing a phone number)

In this approach, the customer is asked to send an sms to a random phone number or call a random phone number and then the verification is based on identifying the caller id of the customer phone via sms or phone call. This sounds like decent approach and recently, there have been services launched around this approach, however it is not at all credible and very easy to beat or cheat. We will see later in this post, how.

Pros:

- Will work as per TRAI regulation, as customer is the one initiating the call/sms.

- No spam and less intrusive for a customer.

Cons:

 - Verification of the phone is not at all credible. The system can easily be fooled as there are many services through which you can send sms, phone calls with custom caller id.

Initially, I had planned to end this post here, but I got feedback, to include a sample case study on how a system using approach no. 2, could be fooled and why that method is not credible. So here we go...

Case study - ZipDial to verify service 

As per ZipDial's website - "ZipDial to verify is used for instant verification of your customers' mobile numbers and can be used on your site for account registration, login, CAPTCHA, transaction confirmation, authenticated voting, etc."

Thier marketting pitch

- SMS free Mobile Verification

- Toll-Free for both mobile and landline users, including international

- Compatible with latest TRAI regulations

- Go live on your site in 30 minutes!

The most intresting of the above statement to me was "Go live on your site in 30 minutes!". So I decided to check this out, but to my dissapointment, I was able to cheat this system without any issues. I have even made a dummy website as a Proof of Cheat Concept in just 15 minutes, which is even lesser than thier promised time to go live.

How does the cheat work:

1. Open www.zipdial.com and click on the ZipDial to verify image. Now enter the phone number you want to verify with zipdial. Dont worry, enter any number for example 918030050099, and press the green arrow key.

 (Note: This is zipdials number itself, which we will verify as our own by cheating the system)

2. Note down the last 2 digits of the random number given by zipdial in the next screen.

3. Now, open  the site I coded up as an example for this post http://antizipdial.alwaysdata.net/ and enter the details you asked for as shown below:

Once you submit the button, you should see the ZipDial to verify service showing you number as verified within a few seconds. Yeah it was that easy :)

This leaves me to wonder, big businesses like Myntra, Flipkart using services like ZipDial are left open with a big loop hole.

Some Additional Notes 

1.  I have nothing against ZipDial, it has been just used as a case study to show how simple it is to beat such services.

2.  Just to put how easy it was me to cheat the system:

    a. It took me a total of 15 odd minutes to write this up

    b. The hosting is hosted at a free site

    c. It does not cost any money to beat the ZipDial service as ZipDial disconnects my calls from thier side, and hence my calls are free

3. Please dont use this for illegal purposes, as this is only meant for information

Please, retweet this post if you are able to succesfully verify on ZipDial using this information.