Many companies ship one-time passcodes to prospects’ telephones to facilitate login processes, whether or not to assist customers arrange an account, use two-factor authentication, or reset a password.
These providers are helpful and needed. Nonetheless, in line with Andrew Konovalskyi, founding father of SaaS firm LoopMessage, most firms spend far an excessive amount of on SMS messages resulting from their sheer quantity and the probability of fraudulent site visitors related to this consumer authentication methodology.
Since SMS messages are unencrypted, there are additionally safety considerations, main Konovalskyi to suggest that companies shift from A2P SMS methods to P2A messaging to scale back prices and safety dangers.
You’ve talked about that SMS messages can price companies substantial income regardless of every message’s low particular person charges. How do these prices stack up over time, if in any respect?
Konovalskyi: In 2024, companies spent billions of {dollars} sending one‑time passcodes to prospects’ telephones. Every quick message can price wherever from 0.8 cents to 75 cents, relying on vacation spot and service, and a few firms ship tens of hundreds of them every day.
Quantity clearly contributes lots to the price of SMS messaging for firms, in that case. Are there every other contributing components that drive up the worth of utilizing SMS?
Konovalskyi: SMS messages are unencrypted and cross by a number of networks, leaving them open to interception and SIM‑swapping assaults. Regulators just lately fined the 4 largest US cellular carriers practically $200 million for illegally promoting buyer location information.
Once we began constructing our personal authentication pipelines, the economics had been surprising. Verifying even 5,000 new every day sign-ups might simply run $5,000 in SMS charges. Extra alarming was the rising wave of “SMS pumping” scams through which attackers set off OTP requests to random numbers, forcing companies to pay for messages no one requested.
These prices and dangers appear stunning given what number of companies depend on SMS messaging to energy their consumer authentication methods. If that’s the case, is there a motive this methodology is so widespread?
Konovalskyi: Most tech firms deal with SMS verification as a price of doing enterprise as a result of it’s ubiquitous. The mannequin, often called utility‑to‑peer (A2P), entails your server sending a one‑time code to the recipient’s quantity over cell carriers. The code passes by a series of aggregators and carriers, all of whom take a lower.
[The problem is], price apart, A2P is inherently insecure. SMS site visitors isn’t encrypted; attackers can intercept messages by spoofing or bribing telecom staff. SIM‑swapping, through which a legal convinces a service to reassign your quantity to their SIM, is now a properly‑documented assault vector. SMS pumping scams artificially inflate your site visitors, forcing you to pay for messages despatched to random recipients.
It might appear, then, that the inefficiency stems from an unwillingness to deviate from trade requirements. Are there various messaging strategies that price companies much less whereas offering higher safety?
Konovalskyi: There’s a higher manner that doesn’t require inventing a brand new protocol. Peer‑to‑utility (P2A) messaging reverses the stream: as a substitute of your system texting a code to the consumer, the consumer sends the code to you thru a safe messenger app.
Your utility generates a brief code and a “deep hyperlink.” When the consumer clicks the hyperlink, their most well-liked messenger opens with the pre‑crammed code; they hit Ship, and also you validate the response. As a result of the message travels over finish‑to‑finish‑encrypted channels, intermediaries can not learn or alter it.
For many companies, adopting P2A requires two parts: the power to generate deep hyperlinks and the power to obtain inbound messages. The WhatsApp Cloud API, launched in 2022 and revised in late 2024, lets companies obtain limitless inbound messages totally free, even on the starter plan. Apple doesn’t but provide a public iMessage API, however third‑social gathering suppliers similar to LoopMessage host numbers throughout the iMessage ecosystem and ahead inbound messages to your utility.
P2A sounds good in principle, but when it’s much less widespread than the A2P system, doesn’t that make it much less accessible?
Konovalskyi: At first look, this may look like a distinct segment workaround, however the numbers inform a distinct story. WhatsApp now boasts over 3 billion month-to-month energetic customers throughout 180 nations and 60 languages. It accounts for round 38% of the world’s inhabitants and 69% of web customers outdoors China. Over 200 million firms use WhatsApp Enterprise to speak with prospects.
In the meantime, 1.56 billion individuals worldwide use iPhones, giving iOS a 27.93% share of the worldwide smartphone market and greater than 61% of the market in the USA. Meaning most of your prospects have already got the apps wanted to undertake P2A with out downloading something.
How do prices evaluate between A2P and P2A methods?
Konovalskyi: Not like SMS, inbound messages on platforms like WhatsApp and iMessage are sometimes free or practically free. Twilio’s pricing for a WhatsApp “authentication dialog” ranges from $0.0014 to $0.0768 per session, lower than a tenth of the price of sending a single SMS.
However when you obtain an inbound WhatsApp message from any contact, it is going to be counted as a free user-initiated dialog. In our personal checks, transferring to P2A lowered per‑consumer verification prices by greater than 90%.
Wonderful synopsis. As an skilled in SaaS, do you’ve got any recommendation for companies trying to scale back messaging prices?
Konovalskyi: Transferring from A2P SMS to P2A messaging isn’t only a technical improve; it’s a strategic shift that may improve safety, enhance buyer expertise, and unlock money for development.
As somebody who has seen either side of the equation, my recommendation is easy: audit your authentication or verification spend, run a pilot with messaging‑primarily based codes, and measure the outcomes. In a enterprise local weather the place effectivity and belief are priceless, P2A is an funding that pays for itself many instances over.
