Verify Fraud Guard

(information)

Info

Fraud Guard is now GA (Generally Available) and available to all Verify customers at no extra cost. Fraud Guard is enabled by default for all Verify customers.

Verify Fraud Guard is now supported for customers using custom verification codes only in Standard or Max protection levels.

Currently only the SMS channel is supported.

Verify Fraud Guard uses automatic SMS fraud detection to block suspicious messages from being sent by your Verify Service. It works by analyzing your current and historical SMS traffic for unusual patterns. When it detects fluctuations in SMS destination traffic or SMS pumping fraud, Fraud Guard automatically blocks the prefix of the destination of the suspected fraud.

Verify Fraud Guard: Enhanced with Segment Data

We are excited to introduce a powerful new feature for Twilio Verify's Fraud Guard, now integrated with Segment. This enhancement leverages Segment's comprehensive profile and event data to significantly improve the accuracy of our SMS Pumping product Fraud Guard.

For customers utilizing both Verify Fraud Guard and Segment, this one-click integration offers a substantial boost in fraud detection capabilities. By incorporating Segment's data, our Fraud Guard model becomes more precise, effectively blocking fraudulent activities and minimizing the risk of SMS pumping fraud by tracking user behavior across multiple phone numbers.

This feature is currently in Private Beta, which means that we're actively looking for early adopters to try it out and give feedback. Contact Twilio Sales to learn more about this feature and enable it on your account for free!

Enable Fraud Guard

When creating a new Verify Service, you will be prompted on whether you want to enable or disable Fraud Guard.

For an existing Service, you can enable or disable Fraud Guard in your Twilio Console by navigating to Twilio Console > Verify > Services page and selecting your Service. This will open the Service settings page where you can select the SMS tab and adjust the Enable Fraud Guard option for that Service.

Once Fraud Guard is enabled on your Service, no further action is needed and your protection will begin immediately.

Protection levels

You can fine tune your Service's Fraud Guard protection level from cautious to aggressive blocking to best suit your business needs.

To adjust your protection level, navigate to the Twilio Console > Verify > Services page and select your Service. This will open the Service settings page where you can select the SMS tab and adjust the Protection Level. You'll notice there's three options available: Basic, Standard, and Max.

Basic: The foundational level of fraud protection with cautious blocking. It provides a good balance between blocking fraudulent activities and minimizing false positives. We recommend using this if you primarily have a domestic presence in North America which consists of low fraud risk countries.
Standard: The default protection level with moderate blocking. When the degree of fraud blocking increases, it is important to note that false positives may also slightly increase (<1%). We recommend using this mode if you have high value signups coming in from users all over the globe and would like to strike a balance against maximizing user conversion with minimum friction.
Max: The highest level of protection with aggressive blocking. It is essential to consider that false positives may occur occasionally (<2%). Our team is dedicated to continually optimizing the system to maintain a high level of accuracy. We recommend using this mode if you have a global presence to better protect yourself in high fraud risk countries.

Fraud detection process

Twilio uses a baseline of expected Verification data to find outliers in behavior based traffic patterns. We combine behavioral data with known explicit fraud schemes to filter out bad behavior.

Our model is always changing and uses multiple parameters to determine fraud. Examples of things we may temporarily block could include:

Verifications to a specific region, country or locale we know is engaging in SMS pumping
Verifications in a country your Account has never sent SMS to previously
Verifications with parameters and characteristics that would suggest non-human behavior

We understand the importance of balancing security and the customer experience, and our team is committed to refining our algorithms to provide the best possible protection without compromising your customer experience.

Preventing false positives

Like any fraud prevention feature, there's a small chance our models may flag legitimate users as suspicious. We're constantly monitoring our results and adapting the fraud detection model to keep false positives extremely low.

Safe List

You can mark known phone numbers using the Safe List feature so they are never blocked. This provides an additional safety net against false positives, so the numbers are never erroneously blocked by Fraud Guard or Geo permissions. Add known phone numbers to the Safe List by:

Using the Safe List API
Using the Blocked Verifications tab of Verify Logs in Twilio Console to unblock a phone number so it is never blocked in the future

We also recommend reviewing your Verify Geo Permissions feature to make sure that destinations outside of your business focus are disabled.

You can also take these actions if you suspect false positives:

Fall back to a different verification method like WhatsApp or Email
Create a separate Verify service for your legitimate users which has Fraud Guard disabled
Reach out to your Solutions Architect or contact Twilio Support
Temporarily disable Fraud Guard in Twilio Console

Implement the RiskCheck parameter

The RiskCheck parameter allows you to override Fraud Prevention measures during the start of verification if you are confident in the reliability of the traffic. When implementing the logic for this parameter, exercise caution to ensure an optimal customer experience while maintaining security and protection.

Configure Fraud Guard Geo Permissions

Verify Geo Permissions empowers you to customize Fraud Guard settings on a country-by-country basis. If you come across a business-critical destination where you can manage the risk, you have the option to deactivate Fraud Guard for that specific geographic location. This capability is especially useful during significant product launches when traffic to certain destinations is paramount.

Monitoring

When Fraud Guard detects fraud on your Verify account, you will receive an email notification informing you of the event with a link to view more in your Verify logs. We recommend checking your logs when this happens to ensure that the country prefix being blocked on your behalf is valid.

SMS Fraud Insights dashboard

All Verify customers have access to the Verify SMS Fraud Insights dashboard on Twilio Console. The dashboard illustrates the impact fraud could have had without intervention, and also allows you to discover trends and insights that you can use to better optimize your product against fraud.

To view your dashboard, go to Twilio Console and navigate to Monitor > Insights > Verify > Fraud which will open the Overview tab. There, you'll find several sections relating to your Fraud metrics.

Performance Metrics

This section displays key metrics to monitor fraud that can be exported as a CSV.

Allowed Verification Attempts: The total number of verification attempts sent on the SMS channel without being blocked by Fraud Guard or Geo permissions.
Fraud Blocked Attempts: The total number of SMS verification attempts blocked by Fraud Guard and Geo permissions.
Success Rate: The percentage of approved verifications over the total number of verification sessions created.
Estimated Cost Savings (USD): This is the estimated amount of revenue saved by blocking the send of an outbound SMS verification attempt for a fraudulent number. This is calculated based on the destination country using the Twilio Standard SMS Pricing Guide. For example, if Twilio blocks 67,000 messages to Russia where SMS costs $0.144, we estimate $9,648 revenue saved. Actual amount of revenue saved may vary depending on your pricing plan.

Country	Amount of SMS Messages Blocked	Cost of Terminating Each SMS	Estimated Cost Saved
US	14,000	$0.0075	$105
Kazakhstan	125,000	$0.1440	$18,000
Russia	67,000	$0.1440	$9,648

		Total Estimated Cost Savings	$27,753

Performance and Country Trends

The Performance and Country sections on the Overview tab display blocking and performance trends over time and by country. These visualizations show metrics such as:

Number of blocks due to Fraud Guard versus Geo permissions.
Conversion rate, which is the percentage of approved verifications over the total number of verification attempts.
Percent of fraud instances, fraud blocked attempts, and estimated cost savings per country.

You can get an even more detailed country-by-country analysis by selecting the Top countries tab of the Verify SMS Fraud Insights dashboard. This page displays ranked, exportable lists of countries based on fraud rate, fraud blocked attempts, success rate vs. conversion rate, and cost savings.

Verify Fraud Guard Top Countries Metrics v2.0.

Error logs

Error 60410 will show in the Twilio error logs when an SMS delivery is blocked by Fraud Guard.

You can also view any error messages that occurred via Verify Logs in Twilio Console by opening the Verification details page of a Verification log. See Viewing Logs with Twilio Console for more information.