SAP Knowledge Base Article - Preview

3419916 - How to avoid SMS pumping with different mobile numbers?


Current flow

When malicious user on registration page gives a mobile number and click on the get code. Then change the number again and click on get code. There is action of changing a wide set of numbers subjected to SMS pumping. Then it can be changed IP as well so that the IPs are not blocked by SAP CDC when requesting more than 3 otp codes from that IP. This SMS pumping activity is creating an additional SMS costing for client.

This trigger can be visible with endpoint:

Expected flow:

Is there option with OnBeforeSendSMS to filter such examples of multiple SMS send with different mobile numbers-to give error response on screen? Or any other option within RBA rule that could help client to adjust their flow?



  • SAP Customer Data Cloud
  • RBA rules


SAP Customer Data Cloud all versions


CDC, Gigya, OnBeforeSendSMS, RBA,, sending SMS, phone number , KBA , CEC-PRO-PNS , Privacy & Safety (Consent, RBA - Risk-Based Authentication) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.