[roblabla]

The real fraud here seems to be the telephony industry's concept of a premium number. That there isn't an enforced standardized way to tell that a phone number will incur extra fees to contact is a failure of the industry. This shouldn't be a hard problem.

[t0mas88]

There is such a system, countries are supposed to report all premium number ranges to the ITU. The problem is that some countries/carriers don't actually do that and then still charge the high amount.

If Twilio wanted to stand up for their customers they would refuse to pay for any premium number that's not in an ITU registered premium range. It will cause a few lawsuits with telecom carriers, but then probably ends this problem once and for all.

Twilio claims this isn't possible, but most mobile operators offer an option to disable calling premium numbers. So either the providers are very customer friendly and eat the cost (unlikely, it would open them up for huge amounts of fraud) or the mobile operators figured out how to block it or push the cost back to the upstream provider.

[suvelx]

Couldn't you not support SMS 2FA for noncompliant countries, and then check that it's not in an ITU registered premium range?