Menu

Expand
Rate this page:

Verify Fraud Guard

Fraud Guard is now GA (Generally Available) and available to all Verify customers at no extra cost. Effective March 27th, 2023, Fraud Guard is enabled by default for all new and existing Verify customers except for those using custom verification codes.

Currently only the SMS channel is supported.

What is Verify Fraud Guard?

This feature helps prevent SMS related fraud on the Twilio Verify product by monitoring your current and historical SMS traffic. When there are unusual fluctuations in SMS traffic patterns in a specific location, this feature will automatically block the prefix of the destination of the suspected fraud.

What type of fraud does it detect?

This feature detects SMS pumping fraud. SMS pumping happens when fraudsters take advantage of a phone number input field to receive something via SMS. If the form does not have enough controls, attackers can inflate traffic and exploit your app. This feature does not detect VoIP, burner phones, or anything voice fraud related.

How does it protect my account?

It blocks SMS transmissions to any destination deemed fraudulent, saving you potential charges to your account.

How do I enable/disable Fraud Guard?

When creating a new Verify Service, you will be prompted on whether you want to enable or disable Fraud Guard.

For an existing Service, you can enable Fraud Guard in your Twilio Console by navigating to Twilio Console > Verify > Services page and selecting your Service. This will open the Service settings page where you can select the SMS tab and enable Fraud Guard option for that Service. You can also alternatively choose to disable this feature anytime for your Service by disabling Fraud Guard.

Can I adjust the protection level for Fraud Guard?

Verify Fraud Guard Protection Modes lets you adjust your protection level on Fraud Guard.There are currently 3 Protection modes offered as Basic, Standard, and Max. These modes are designed to protect your business and customers from fraud and help you tailor the level of protection based on your specific needs. Check it out on your Twilio Console by navigating to the Verify Services page and selecting your Service, where you can view Fraud Guard under the SMS tab.

Screenshot 2023-06-08 at 5.38.32 PM

  • Basic: offers a foundational level of fraud protection with cautious blocking. It provides a good balance between blocking fraudulent activities and minimising false positives. We recommend using this if you largely have a domestic presence in North America which constitutes of low risk countries.

  • Standard: is the default protection mode for any new service onboarded on Fraud Guard with moderate blocking. It provides an increased degree of fraud blocking. While the degree of fraud blocking increases, it is important to note that false positives may also slightly increase (<1%). We recommend using this mode if you have high value signups coming in from users all over the globe and would like to strike a balance against maximising user conversion with minimum friction.

  • Max: represents the highest level of protection with aggressive blocking. It is essential to consider that, with the highest level of protection, false positives may occur occasionally (<2%). However, our team is dedicated to continually optimising the system to maintain a high level of accuracy. We recommend using this if you have a global presence to better fight to protect yourselves in high fraud risk countries.

We understand the importance of balancing security and the customer experience, and our team is committed to refining our algorithms to provide the best possible protection without compromising your customer experience.

What parameters does Twilio use to detect fraud?

Twilio uses a baseline of expected verification data to find outliers in behavior based traffic patterns. We combine behavioral data with known explicit fraud schemes to filter out bad behavior.

Our model is always changing and uses multiple parameters to determine fraud. Examples of things we may temporarily block could include:

  • Verifications to a specific region, country or locale we know is engaging in SMS pumping
  • Verifications in a country your Account has never sent SMS to previously
  • Verifications with parameters and characteristics that would suggest non-human behavior

How can I prevent false positives and mark known phone numbers as safe?

Like any fraud prevention feature, there's a small chance our models may flag legitimate users as suspicious. We're constantly monitoring our results and adapting the fraud detection model to keep false positives extremely low.

You can mark known phone numbers using the Safe List feature so they are never blocked. This provides an additional safety net against false positives, so the numbers are never erroneously blocked by Fraud Guard or Geo permissions. Add known phone numbers to the Safe List by:

You can also take these actions if you suspect false positives:

  • Fall back to a different verification method like WhatsApp or Email
  • Create a separate Verify service for your legitimate users which has Fraud Guard disabled
  • Reach out to your Solutions Architect or contact Twilio Support
  • Temporarily disable Fraud Guard in Twilio Console

What action(s) do I need to take?

Once the feature is enabled on your account, no further actions are needed on your part. This feature is automated and will keep you updated with email notifications that include the status of any potential fraud instances and a link to view more in your Twilio Verify logs.

How much does this feature cost?

There is no charge for this feature.

How do I know it’s working?

When SMS fraud is detected on your Verify account, you will receive an email notification informing you of the event with a link to view more in your Twilio error logs.

How can I monitor SMS fraud on my account?

All Verify customers have access to the Verify SMS Fraud Insights dashboard on Twilio Console. The dashboard illustrates the impact fraud could have had without intervention, and also allows you to discover trends and insights that you can use to better optimize your product against fraud.

To view your dashboard, go to Twilio Console and navigate to Monitor > Insights > Verify > Fraud which will open the Overview tab. There, you’ll find several sections relating to your Fraud metrics.

Performance Metrics

Verify Fraud Guard Performance Metrics v2.0

This section displays key metrics to monitor fraud that can be exported as a CSV.

  • Allowed Verification Attempts: The total number of verification attempts sent on the SMS channel without being blocked by Fraud Guard or Geo permissions.
  • Fraud Blocked Attempts: The total number of SMS verification attempts blocked by Fraud Guard and Geo permissions.
  • Success Rate: The percentage of approved verifications over the total number of verification sessions created.
  • Estimated Cost Savings (USD): This is the estimated amount of revenue saved by blocking the send of an outbound SMS verification attempt for a fraudulent number. This is calculated based on the destination country using the Twilio Standard SMS Pricing Guide. For example, if Twilio blocks 67,000 messages to Russia where SMS costs $0.144, we estimate $9,648 revenue saved. Actual amount of revenue saved may vary depending on your pricing plan.

Country

Amount of SMS Messages Blocked

Cost of Terminating Each SMS

Estimated Cost Saved

USA

14,000

$0.0075

$105

Kazakhstan

125,000

$0.1440

$18,000

Russia

67,000

$0.1440

$9,648

Total Estimated Cost Savings

$27,753

Performance and Country Trends

The Performance and Country sections on the Overview tab display blocking and performance trends over time and by country. These visualizations show metrics such as:

  • Number of blocks due to Fraud Guard versus Geo permissions.
  • Conversion rate, which is the percentage of approved verifications over the total number of verification attempts.
  • Percent of fraud instances, fraud blocked attempts, and estimated cost savings per country.

You can get an even more detailed country-by-country analysis by selecting the Top countries tab of the Verify SMS Fraud Insights dashboard. This page displays ranked, exportable lists of countries based on fraud rate, fraud blocked attempts, success rate vs. conversion rate, and cost savings.

Verify Fraud Guard Top Countries Metrics v2.0

What is the error message in the logs?

Error Log #60410 will show in the Twilio error logs when an SMS delivery is blocked by Fraud Guard.

You can also view any error messages that occurred via Verify Logs in Twilio Console by opening the Verification details page of a Verification log. See Viewing Logs with Twilio Console for more information.

Twilio does recommend reviewing your Verify logs when you are notified of an SMS fraud event to ensure that the country prefix being blocked on your behalf is valid. We also recommend reviewing your Verify Geo Permissions feature to make sure that destinations that are outside of your business focus are disabled.

Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.

Loading Code Sample...
        
        
        

        Thank you for your feedback!

        Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

        Sending your feedback...
        🎉 Thank you for your feedback!
        Something went wrong. Please try again.

        Thanks for your feedback!

        thanks-feedback-gif