What is Fraud Shield?

Plivo recommends that all customers use Fraud Shield to help curb the risk of SMS fraud, such as SMS pumping and account token takeover. Fraud Shield offers two primary features that operate at the destination country level: Geo Permissions and Fraud Thresholds.

Geo Permissions allows you to control the countries to which your SMS traffic is sent. We’ll block (and not charge for) any messages that are intended for countries not included in your destination list.

Fraud Thresholds can be enabled for countries on your designation list. It’s a limit of how many messages can be set per hour to the countries that you have approved. This control allows you to take corrective action if the threshold is breached.

Fraud Shield is a flexible feature that operates at the subaccount level. When you land on the page pictured below, you’ll see your master account selected by default. All the changes made to the master account will be applied to all subaccounts unless those subaccounts are on an override.

What is Fraud Shield

Secure your account by disabling SMS permissions for countries in which you are not active. Set send thresholds to mitigate the risk of SMS pumping fraud. Learn more.

How to configure Fraud Shield

You can specify how Plivo’s Fraud Shield will respond in case of a threshold breach. A breach occurs when your hourly messaging volume exceeds the Fraud Threshold value you have set.

There are three options to choose from in response to a Fraud Threshold breach.

  • Block and Alert means that in the event of a breach, your messages will be blocked with error code 451 for a period of 12 hours. An alert will also be triggered to notify you of the breach.
  • Alert Only will simply trigger an alert. No messages will be blocked.
  • Ignore means in case of a breach, no alert or block will take place.

Fraud Shield alerts can be delivered via email as well as via webhooks (POST request only).

  "auth_id": "MARERE12112",
  "destination_country": "US",
  "block": "no",
  "alert_type": "sms_threshold_breach",
  "message": "Take Action. The number of messages sent exceeded the hourly threshold set."

You can review these settings and make changes on this page.

How to configure Fraud Shield

Manage Geo Permissions and messages per hour fraud thresholds

You can manage Geo Permissions to enable and disable destination countries depending on your business needs. We strongly recommend that you disable message sending to countries where you are not active to protect yourself from SMS pumping attacks. Messages to blocked countries will fail with error code 450.

Plivo’s Fraud Shield classifies destination countries based on RISK levels. To further prevent fraud, set up message-per-hour (MPH) thresholds based on risk for the countries in which you have messaging activity. Fraud Shield also recommends fraud threshold values calculated based on the last 15 days of activity from the selected account to the destination country.

Manage Geo Permissions and messages per hour fraud thresholds

Overriding preferences for specific subaccounts

Default preferences apply to all SMS messages sent from the main account and all subaccounts. However, you can override Geo Permission preferences at a subaccount level.

Specify preferences for a subaccount by selecting the subaccount from the Accounts dropdown, changing your preferences, and clicking “Save Changes”.

Overriding preferences for specific subaccounts

Subaccounts for which Geo Permissions have been overridden appear with an “Overridden” tag next to them in the All Accounts dropdown. To remove this override:

  1. Navigate to SMS > Settings > Geo Permissions in your Plivo console.
  2. Select the subaccount for which you want to remove the override.
  3. Click on Remove Override.