SMS Pumping Risk
SMS Pumping Risk allows you to get real-time risk assessment on a phone number's involvement in SMS pumping fraud. It uses a proprietary risk assessment model that leverages data across our network including signals from Verify Fraud Guard as well as other signals associated with risky carriers, anomalous SMS traffic patterns, and low conversion rates.
Coverage and Limitations: Worldwide support; no carrier information will be returned for Canadian phone numbers. We do not recommend using this product for US or Canadian numbers as they are generally not susceptible to this type of fraud.
Release Stage and Access: Public Beta. To request access, submit this form.
To make a SMS Pumping Risk request, add sms_pumping_risk to the optional query parameter Fields when making a standard Lookup request.
Response properties
The following additional properties are returned for a SMS Pumping Risk request.
| Property | Description |
|---|---|
Carrier |
An object that contains information on the carrier of a mobile phone number. See Carrier property values for more information. |
NumberBlocked |
A boolean that indicates if the phone number is currently blocked by Verify Fraud Guard for receiving malicious SMS pumping traffic. |
NumberBlockedDate |
The date that a phone number was most recently blocked by Verify Fraud Guard, or null if it has never been blocked or processed by Fraud Guard. |
NumberBlockedLast3Months |
A boolean that indicates if the phone number has been blocked by Verify Fraud Guard in the last three months. Returns null if the number has never been processed by Fraud Guard. |
SmsPumpingRiskScore |
The risk score of a phone number being associated with SMS pumping based on patterns in messaging traffic ranging from 0 (no risk) to 100 (risk). |
ErrorCode |
The error code, if any, associated with your request. |
Carrier property values
The following properties are returned in the Carrier object.
| Value | Description |
|---|---|
Name |
The name of the carrier. |
MobileCountryCode |
The three digit mobile country code of the carrier, used with the mobile network code to identify a mobile network operator. |
MobileNetworkCode |
The two to three digit mobile network code of the carrier, used with the mobile country code to identify a mobile network operator. |
CarrierRiskScore |
The risk score of a carrier based on patterns in messaging traffic ranging from 0 (no risk) to 100 (risk). |
CarrierRiskCategory |
The risk category of a carrier based on its risk score. One of: high, moderate, mild , low. |
Suggested implementation logic
How you implement this feature will depend on your own application structure and risk tolerance, however we can provide some general suggestions. When a user enters their phone number to recieve an OTP or other message from your system, you can query the SMS Pumping Risk Score feature to determine whether or not you should send that message.
The primary response property you should queue your integration off of is the SmsPumpingRiskScore. We generally recommend that if the risk score is less than 30 you should consider the phone number to be safe and send out the message as requested. If the risk score is between 30 and 70, you may want to ask the requester to re-submit the request, or add some other form of friction to validate the request prior to sending the message. For scores greater than 70, we suggest you treat the request as highly suspicious.
If you just want to follow the logic that Twilio uses in our Fraud Guard solution for Verify, you can queue directly off of the NumberBlocked parameter and block any messages which return true.
You can also use any combination of the response parameters to build out a fully customized set of conditions to trigger various workflows in your system based on your own risk tolerance levels.
Need some help?
We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.
