It is annoying that some of these companies refuse to allow me to use a Twilio number when they insist on using SMS as 2FA. If they are going to insist on the weakest possible form of 2FA and INSIST that I use a number which is subject to SIM hijacking, how are they not liable through negligence?
This is because these companies use APIs to establish trust for numbers which do so using a combination of proprietary telco data, machine learning models, and reports from customers. voip numbers like twilio and google voice are a surprisingly large source of fraud, so often the recommendation returned is to block based on how risk adverse the company is.
This method is highly effective at reducing fraud at the cost of penalizing a minority of legitimate users who actually do have to use Google voice / etc.
It should be noted though that factors like why is this number being looked up are considered too, ie: OTP is less risky than say account creation at a bank.
Can't Google Voice numbers be outside the US? I've read of foreigners trying to take over Google Voice numbers so they can use them like they are in US.
