SMS verification

Use text messages to validate orders.

The majority of internet fraudsters use bots, or programmed scripts, to make illegal
purchases. These fraudulent transactions are expensive and time-consuming. To help reduce fraudulent purchases, introduce a friction step in the process when an order is suspect. SMS verification is a valuable tool that uses friction to prevent fraudsters.

What it does

If an order is suspect, SMS verification requires a customer to verify their order with a secret code sent to them by text message. The majority of fraudsters will be halted by the introduction of any level of friction in the purchase process because they are looking for passive victims. However, even fewer fraudsters will be willing or able to send a text message for approval because the process requires a mobile number and the ability to complete a number of steps. If we notice that a specific phone number is used excessively for SMS verification, it will also block that phone number from future requests.


SMS verification does not change the score.

How it works

When an order is flagged for SMS verification, an email is sent from [email protected] to the email address associated with the order. These orders are flagged by turning on the SMS Verification for Suspicious Orders setting or by creating an order rule. While it’s waiting for SMS verification, the order's status is Investigate.

When the user receives this email message, they can choose one of two links. The first link prompts them to click and confirm the order. The second email prompts them to click if they did not place the order.

Confirm an order

When a customer confirms an order, they’re directed to a page where they can enter a mobile phone number. See the following example.


After they enter a mobile number, the customer is prompted to enter a confirmation


The customer receives a notification when the confirmation code is successful.


Our status changes to Approved. The SMS Check field shows Passed, and the SMS Check Number field shows the phone number that was used to verify the order.

Mistyped confirmation code

If a customer mistypes the confirmation code, they receive an error message. To return to the entry page and try again, they can use the back button in their browser.

Order rejected

When a customer denies an order, they’re directed to a page where they can reject it.


If they click I did not place this order, they receive a confirmation that the order has been canceled and that we've notified you.


Now the order's status is Cancel. The SMS Check field shows Rejected. The order will not be canceled until you manually cancel it, or it's canceled by an order rule. However, not every ecommerce platform allows automated order cancellation. The Order Details section on the Suspicious Order page also indicates that the order was rejected by the score: