Twilio introduces new features to secure messaging

April 04, 2024
Written by
Reviewed by

Twilio introduces new features to secure messaging

Twilio is excited to introduce powerful new features that enhance the security and reliability of your messaging experiences in GA.

SMS Pumping Protection for Twilio Programmable Messaging

SMS pumping fraud, or artificially inflated traffic (AIT), occurs when fraudsters use mobile number input fields on websites or apps to send SMS messages, including one-time passcodes (OTP) or app download links. The fraudsters send these messages to numbers that they control and receive a share of the revenue from sending these fraudulent SMS messages. This spike in traffic drives up costs for businesses sending messages in countries where mobile operators provide these financial incentives.

SMS Pumping Protection uses automatic fraud detection to block messages flagged as being suspicious for SMS pumping fraud from being sent.

SMS Pumping Protection for Programmable Messaging is generally available to protect against AIT. Opt into automatic SMS Pumping Protection today in the Twilio Console .

New SMS Pumping Protection Insights for TPM (Coming Soon)

SMS Pumping Protection Insights offer data visualizations and filtering capabilities to:

  • Monitor estimated cost savings from SMS Pumping Protection
  • Analyze trends in messages scanned by SMS Pumping Protection
  • Understand the geographic breakdown of your SMS Pumping Protection

You can find SMS Pumping Protection Insights in the Console by navigating to Monitor > Insights > Intelligence.

Messaging Intelligence in the Twilio Console

RiskCheck Parameter

The RiskCheck parameter on Twilio Programmable Messaging and Verify APIs empowers you to adjust the level of risk protection for each message, enabling better customization at the message level instead of just the account level. RiskCheck will help customers maximize conversion while keeping costs low.

Analyzing transactions across its Super Network, Twilio can derive intelligence that reduces fraud risk and helps your business maintain compliance with many local and regional regulations. With RiskCheck, you can now determine when to utilize these proprietary tools for each message, giving you more flexibility if you run multiple use cases through a single phone number.

Using a single phone number to support multiple use cases with different risk profiles will see an immediate benefit. For example, suppose you want to secure messages used for 2FA (SMS OTP) from SMS pumping fraud. In that case, you can enable (default behavior) the RiskCheck feature to take advantage of the built-in protection. In contrast, you might turn off the RiskCheck feature for a marketing message that does not need the same level of protection.

The RiskCheck currently protects against SMS pumping fraud. The same RiskCheck parameter will soon support trust and compliance features, such as maintaining compliance with TCPA regulations.

Global Safelist API

Twilio's Global Safelist API is a powerful tool that empowers you to manage a curated list of trusted phone numbers and destinations. With this API, you can define custom rules and criteria to identify safe and verified phone numbers, such as known customers, partners, or approved contacts. By maintaining a Global Safelist, you can ensure that messages sent to these trusted numbers permanently bypass protective features, ensuring timely delivery of critical communications to our valuable customers.

Use the Global Safelist API to manage trusted phone numbers for Fraud Guard on Verify or SMS Pumping Protection on Twilio Programmable Messaging.