SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site, support.twilio.com, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to help.twilio.com, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.

API Onboarding Guide: Verify SNA, Lookup Identity Match, Lookup SIM Swap, and More

Before we begin

This page provides guidance on how to submit your onboarding request for the following APIs that require approval:

  • Verify SNA (Silent Network Authentication)
  • Lookup Identity Match
  • Lookup SIM Swap
  • Lookup Call Forwarding
  • Lookup Reassigned Number
  • Lookup SMS Pumping Risk

The Lookup API and Verify SNA provide access to potentially sensitive end-user data collected by Twilio from diverse sources. Before granting access, it's essential to confirm that all necessary requirements are met.

Product Requirements
Verify SNA Carrier Approval*
Lookup Identity Match Carrier Approval*
Lookup SIM Swap Carrier Approval*
Lookup Call Forwarding Carrier Approval*
Lookup Reassigned Number Signed authorization letter on your own company letterhead which authorizes Twilio to query the RND on your behalf.
Lookup SMS Pumping Risk

Twilio approval granted with the following details:

  • Company Name
  • Account SID
  • Use Case
  • Website or Application URL
  • Estimated Monthly Volume

*Find more details on how to get carrier approval below

Carrier Approval Process

For access to carrier data, there is an approval process that Twilio will manage for you with the carriers. We can only start this process for you once the below data has all been submitted. This process can take 2 to 4 weeks.

Documenting User Flow

Carriers require review of the customer's web/app flow; to understand where the user enters their details and when data is requested
- Account Creation or Modifications: Authentications associated with the creation of a new user account
- Login Events: Authentication associated with app/site logins
- Transaction Events: Authentications associated with other user transactions

Examples of screenshots & callouts

We highly recommend that you download the examples for better clarity:

Screenshot_2023-04-28_at_4.01.12_PM.png

Screenshot_2023-04-28_at_4.02.01_PM.png

Data Processing Disclosure Requirements - Overarching Principles

1. Customers are expected to make full disclosure in their terms and conditions/privacy policy that end user data is being shared with 3rd parties to verify identities and detect/protect against fraud. It is strongly recommended that specific reference is made to the fact that 3rd parties include Mobile Network Operators

2. Where Legitimate Interest (GDPR) is used as the legal basis for processing customers must be able to confirm that a balance test has been conducted to make this determination

Specific Requirements

USA

Silent Network Authentication, SIM Swap
You must have the following language in your Terms and Conditions:
"You authorize your wireless carrier to use or disclose information about your account and your wireless device, if available, to < Customer Name> or its service provider for the duration of your business relationship, solely to help them identify you or your wireless device and to prevent fraud. See our Privacy Policy for how we treat your data."

Netherlands

Identity Match, Silent Network Authentication, SIM Swap
You must collect explicit consent from end users with the following language:

English: I agree that < Customer Name > verifies my credentials with my Telecom Provider to prevent fraud. My credentials will be shared with Twilio and my Telecom Provider. My Telecom Provider will share the result via Twilio to < Customer Name >. In the Terms & Conditions and on the privacy statements of the < Customer Name >, Twilio and your Telecom provider you'll find further details.

Dutch: Ik geef toestemming dat < Customer Name > mijn gegevens verifieert bij mijn telecom aanbieder om fraude tegen te gaan. Hiervoor zullen mijn gegevens worden verstrekt aan Twilio en Telecom aanbieder. Mijn Telecom aanbieder zal het resultaat weer via Twilio aan < Customer Name > verstrekken. In de algemene voorwaarden en de privacy statements van zowel < Customer Name >, Twilio als jouw Telecom aanbieder kun jij hier meer over lezen.

Great Britain, Italy, France

Identity Match, Silent Network Authentication, SIM Swap

Your Privacy Policy and/or Terms and Conditions page must describe your Legitimate Interest in the consumers identity data and how it will be used. You will be asked to direct our operations team to the portion of your policy page where this is described. This will be reviewed by the Mobile Network Operators of the region who may ask for modifications to the language if it does not adequately describe how the data will be used.

Germany

Silent Network Authentication
You must share a screenshot of where your workflow explicitly notifies customers that you will use their profile information to silently authenticate the user with their mobile provider.
Identity Match, SIM Swap
Your Privacy Policy and/or Terms and Conditions page must describe your Legitimate Interest in the consumers identity data and how it will be used. You will be asked to direct our operations team to the portion of your policy page where this is described. This will be reviewed by the Mobile Network Operators of the region who may ask for modifications to the language if it does not adequately describe how the data will be used.

Indonesia

Silent Network Authentication
You must show that you have obtained legitimate and necessary consent from the End User to acquire, collect, process, analyze, store, display, publish send and/or distribute the personal data, the consent of which also includes a consent to the Network Operator and/or relevant authorized party who cooperate with either Party.

Spain

Identity Match, SIM Swap, Silent Network Authentication
You must submit your Privacy Policy and Terms and Conditions pages, which will be reviewed by our carrier partners. The carrier partners may ask to have specific wording changed or added in these policies before permitting you to use these features.

Specifically for Identity Match, you will need to provide screenshots of your workflow where end users agree to the Terms and Conditions.

Canada

Silent Network Authentication, Identity Match, SIM Swap
You must have the following (or substantially similar) wording in your Privacy Policy or Terms and Conditions: “You authorize your mobile carrier to disclose your mobile account details for the purpose of verifying your identity. Those details may include your name and address.”

Access to these products in Canada also require registration through CNLPC. Details on this process can be found here.

Submit your request

Complete the Customer Information and Use Case Form and submit. We recommend that you prepare the necessary screenshots in advance of submitting the request.

If you need assistance to fill up the form you can contact us at accsec-onboarding@twilio.com 

 

Have more questions? Submit a request
Powered by Zendesk