|
|
|
|
|
|
by yashap
1261 days ago
|
|
|
We’ve had the same problems. We use Twilio for SMS based OTP login, lost lots of money to toll fraud, and spent lots of time putting up various mitigation strategies to reduce it. Now we only lose a bit of money to toll fraud, but if was lots of engineering effort and $$ down the drain. My main suggestion would be to avoid any sort of flow, like SMS OTP login, that allows triggering SMS messages without being logged in. Just do a more traditional login, SMS OTP isn’t worth the headaches. Haven’t tried Twilio Verify, didn’t exist when we were solving these problems ourselves. But like most fraud prevention, it’s probably far from perfect, better to just avoid fraud-prone workflows if you can. |
|
|