Sometimes you can get around this by porting a real number into Google Voice. Other companies will use APIs that will correctly identify it as a VoIP number however.
I run security at a fintech, we reject voip phone numbers due to proven fraud activity. The org has made the business decision based on historical fraud data, what others do is a risk management decision. Lots of customers out there, not a lot who will leave if you reject voip numbers, in my experience. The goal is not serving as many customers as possible, it’s about operating at the intersection of risk appetite and profitability.
We can’t have nice things because of humans in the aggregate. My apologies. It’s certainly not personal.
That is a vanishingly small percentage of the market that it is not worth catering to when the vast majority of such numbers are used for fraud rather than by users who want security and privacy.
True, but the original sin was using phone numbers as proof of identity. The fundamental problem is average users cannot use passkeys, manage their own crypto keys, or understand that for identity to work, there cannot be an authority based recovery method.
The market simply does not care, and businesses are acting accordingly and picking the lowest friction option with acceptable levels of fraud.
What’s odd to me is that they dont even have a method for more advanced users to not use numbers. I think perhaps Digital Credit Union may be the only bank in the US using passkeys.
Thanks! I’ll look into these. Thought it was simpler lookup of metadata, but these seem like robust offerings that make sense for even more protection.
Same as VPNs. Sure, there are plenty of legit reasons to use one (just line a VoIP line) but there are enough people using them for illicit reasons that companies will ban traffic.
it's a calculation - how much exposure to fraud does google voice net you, and how much additional revenue. if the math maths such that supporting google voice loses money, you don't support google voice. this idea that it somehow reflects on the value or character of voip customers in general is expanding beyond the factors that actually influence the decision.
What'll really grind your gears is if you have a cheap MVNO like Mintsim and that too is blocked as a "prepaid" and have no landline or office phone.
Those of us who are U.S. citizens who live outside of the U.S. suffer a LOT because growing disallowances like these.
Sometimes you can get around this by porting a real number into Google Voice. Other companies will use APIs that will correctly identify it as a VoIP number however.
Fraud potential.
of course - but aren't there valid voip users out there? or should we just consider all voip users as not worth serving?
I run security at a fintech, we reject voip phone numbers due to proven fraud activity. The org has made the business decision based on historical fraud data, what others do is a risk management decision. Lots of customers out there, not a lot who will leave if you reject voip numbers, in my experience. The goal is not serving as many customers as possible, it’s about operating at the intersection of risk appetite and profitability.
We can’t have nice things because of humans in the aggregate. My apologies. It’s certainly not personal.
What if someone wants to have different phone numbers for security or privacy purposes. What options are there that wouldn’t get caught up in this?
That is a vanishingly small percentage of the market that it is not worth catering to when the vast majority of such numbers are used for fraud rather than by users who want security and privacy.
Hard-line answers like that are why we're all building our own cages from a privacy perspective.
True, but the original sin was using phone numbers as proof of identity. The fundamental problem is average users cannot use passkeys, manage their own crypto keys, or understand that for identity to work, there cannot be an authority based recovery method.
The market simply does not care, and businesses are acting accordingly and picking the lowest friction option with acceptable levels of fraud.
What’s odd to me is that they dont even have a method for more advanced users to not use numbers. I think perhaps Digital Credit Union may be the only bank in the US using passkeys.
Who is "we all?" Most people outside of HN don't care.
I have a side project that uses Twilio. Probably going to have to face this dragon at some point and go down the same risk assessment.
What values for Twilio line type intel do you block? (or equivalent values if you don't use Twilio)
For example, is it just `nonFixedVoip` that should get the boot? Or are `fixedVoip` also spammy?
https://risk.lexisnexis.com/products/phone-intelligence
https://ekata.com/solutions/phone-intelligence-api/
Thanks! I’ll look into these. Thought it was simpler lookup of metadata, but these seem like robust offerings that make sense for even more protection.
We'd all be better off with no phones at all.
Same as VPNs. Sure, there are plenty of legit reasons to use one (just line a VoIP line) but there are enough people using them for illicit reasons that companies will ban traffic.
it's a calculation - how much exposure to fraud does google voice net you, and how much additional revenue. if the math maths such that supporting google voice loses money, you don't support google voice. this idea that it somehow reflects on the value or character of voip customers in general is expanding beyond the factors that actually influence the decision.