[richbell]

> I don't see how this is categorically different than your kid "accidentally" buying movies on Amazon prime or something like that. No way a credit card company would accept a chargeback in that scenario.

The issue isn't the scale or volume, per se, it's that a bad actor has set up premium numbers (that cost $$$ to message) and is systematically wracking up fraudulent charges via websites sending 2FA codes. Twilio is seemingly aware of the fraud campaign targeting its users, but is not doing a great job protecting them and forcing them to bear the costs.

A better analogy, I think, would be a crime ring skimming credit cards at a gas station and wracking up charges that should be obvious fraud (different country, large amounts, etc.); and when a victim contacts their CC company they go "oh yeah that Shell station is notorious for fraud we've had lots of complaints recently" but refuse to chargeback.