MCP Verify Data Processing Agreement Overview and Client B2C Toolkit

Last Updated: December 19, 2025

About:

This document is designed to address two perspectives: the Business-to-Business (B2B) relationship between MCP Insight and its Client, and the Business-to-Consumer (B2C) relationship between the Client and the end user.

​1. Client Privacy Notice (B2B)

​​As a provider of anti-fraud and compliance solutions, MCP Insight (“MCP”) acts as a Data Processor on behalf of the Client (the “Data Controller”). Our Verify product is designed to ensure consumer consent via Two-Factor Authentication (2FA) before a charge is placed on a mobile phone bill.

​Data Collected & Processed:

• ​MSISDN (Mobile Station International Subscriber Directory Number): Used to route the SMS PIN to the consumer’s device.
• ​Date/Timestamp: Used for audit trails and to ensure the validity period of the PIN.
• ​PIN Code: Generated by MCP and re-entered by the consumer to verify possession of the device.

​Purpose of Processing:

The sole purpose of this processing is to provide secure authentication and fraud prevention services. MCP validates that the PIN entered by the consumer matches the PIN delivered to the MSISDN provided, thereby confirming the consumer’s intent to purchase.

​Data Retention & Security:

MCP retains this data in accordance with statutory requirements for financial compliance and fraud investigation. Data is encrypted in transit and at rest, and is never used by MCP for marketing purposes or shared with third parties outside of the necessary telecommunications infrastructure required to deliver the SMS.

2. Consumer-Facing Disclosure (B2C)

​The Client should include the following text (or a variation of it) within their own Consumer Privacy Policy to be transparent about using MCP’s Verify service.

​Payment Verification & Security

​To protect you from unauthorized charges and to ensure the security of your purchase, we utilize a third-party verification service called Verify, provided by MCP Insight.

​How it works:

When you choose to pay via your mobile phone bill, we (via MCP Insight) will send a one-time PIN (OTP) to your mobile number (MSISDN) via SMS. To complete the transaction, you must enter this PIN into our checkout page.

​What data is processed?

In order to facilitate this security check, the following information is processed:

• ​Your mobile phone number.
• ​The date and time of the request.
• ​The verification PIN.

Why we do this:

This process confirms that you are in possession of the mobile device being charged and have consented to the transaction. This data is used strictly for authentication and fraud prevention purposes. For more information on how we handle your data, please see our [Link to Main Privacy Policy] or contact our support team.

​

Implementation Note

​Ensure that the “Consumer-Facing” text is easily accessible via a link on the checkout page, specifically near the “Send PIN” button, to comply with transparency requirements under GDPR or similar data protection regulations.

To ensure high conversion and compliance, a Just-in-Time (JIT) statement should be placed directly where the friction occurs—usually right above or below the “Send PIN” or “Verify” button.

​Here are three versions ranging from a compact tooltip to a more detailed notice.

​Option 1: Compact & User-Friendly (Best for Mobile)

​This version focuses on speed and reassurance. Use this if you have limited screen real estate.

Secure Verification

We will send a one-time PIN to your mobile via MCP Verify to confirm your purchase and protect you from fraud. Standard message rates apply. [Link: Privacy Info]

​Option 2: Compliance-Heavy (Best for Strict Regulators)

​Use this if the service is operating in a highly regulated market where explicit transparency about the “who” and “why” is mandatory.

How we protect your payment:

To securely authorize this charge to your mobile bill, we use MCP Verify to send a 2-step authentication PIN. By clicking “Send PIN,” you agree to receive an SMS for the purpose of identity verification and fraud prevention. Your number is processed solely for this security check. [Link: Data Privacy]

​Option 3: The “Tooltip” or “Pop-over”

​If you prefer to keep the checkout page clean, you can use a small (i) icon next to the MSISDN input field that triggers this text:

Why do I need to do this?

We use a third-party security partner, MCP Insight, to ensure that you—and only you—are authorizing this transaction. This 2-step verification protects your mobile account from unauthorized charges by confirming you have physical possession of your device.

​Implementation Best Practices

​Placement: Position the text so it is visible without scrolling when the user is entering their mobile number.

​Visual Hierarchy: Use a slightly smaller font or a subtle grey colour so it doesn’t distract from the primary Call to Action (the button), but remains legible.

​The Link: Ensure the “[Link]” points specifically to the “Payment Verification & Security” section of the Client’s privacy policy that you drafted earlier.