SMS Pumping Fraud Protection

Malicious actors can use your application's SMS verification step to send thousands of fraudulent verification messages to premium-rate phone numbers they control. SMS pumping can lead to substantial financial losses for your business.

Stop bots and suspicious browsers from requesting verification codes. Link every verification text message to a browser fingerprint and limit the number of verification requests from a single browser.

See on GitHubSee technical tutorial

How to use this demo

  1. Fill out the form below. You can use your real phone number to have a complete experience. We will only use it for this demo and temporarily store it in hashed form.
  2. Click Send code via SMS. An SMS message with a one-time password will be sent to your phone. If you use the default test phone number (+1234567890), we will simulate the SMS message on the screen.
  3. Try requesting another message by clicking Resend code via SMS.
  4. You will only be able to get your second message after 30 seconds, your third message after a minute, and then no more. You are limited to 3 messages per browser per day.
  5. Try creating an account using a different email and phone number.
  6. Try opening this page in incognito mode or turning on a VPN. The daily request limit will still be enforced.
  7. Try creating another account using Tor or a browser automation tool like Playwright. You will be blocked right away.
  8. You can reset this scenario using the Restart button on the top right.

Create an account

Use an international format without spaces, like +1234567890.

Learn more

Use case tutorial
SMS Pumping Fraud
Case study
Jumia SMS fraud