/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
Current flow
When malicious user on registration page gives a mobile number and click on the get code. Then change the number again and click on get code. There is action of changing a wide set of numbers subjected to SMS pumping. Then it can be changed IP as well so that the IPs are not blocked by SAP CDC when requesting more than 3 otp codes from that IP. This SMS pumping activity is creating an additional SMS costing for client.
This trigger can be visible with endpoint: accounts.tfa.phone.sendVerificationCode
Expected flow:
Is there option with OnBeforeSendSMS to filter such examples of multiple SMS send with different mobile numbers-to give error response on screen? Or any other option within RBA rule that could help client to adjust their flow?
Read more...
Environment
- SAP Customer Data Cloud
- RBA rules
Product
Keywords
CDC, Gigya, OnBeforeSendSMS, RBA, accounts.tfa.phone.sendVerificationCode, sending SMS, phone number , KBA , CEC-PRO-PNS , Privacy & Safety (Consent, RBA - Risk-Based Authentication) , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)