Mandatory phone number registration does not and never has prevented fraud.

Plenty of free VOIP services exist, including SMS reception.

Even when the free service providers are manually blocklisted, one-time validations can be defeated with private numbers on real networks / providers for under a dollar per validation, and repeated ongoing validations can be performed with rented private numbers on real networks / providers for under ten dollars per month.

The rent-an-SMS services that enable this are accessible through a web interface that allows connections from tor, vpns, etc - there is no guarantee that the telecom provider's location records of the IMEI tied to that phone number is anywhere close to the end user's real geographic location, so this isn't even helpful for law enforcement purposes where they can subpoena telecom provider records.

This "phone number required" practice exists for one primary reason: for businesses to track non-fraudulent users, data mine their non-fraudulent users, and monetize the correlated personal information of non-fraudulent users without true informed consent (almost nobody reads ToS's, but many would object to these invasive practices if given a dialogue box that let them accept or decline the privacy infringements but still allowed the user to use the business' service either way).

Sometimes, they are also used for a secondary reason: to allow the business to cheap out on developer costs by cutting corners on proper, secure MFA validation. No need to implement modern, secure passkeys or RFC-compliant TOTP MFA, FIDO2, U2F when you can just put your users in harm's way by pretending that SMS is a secure channel, rather than easily compromised by even common criminals with SS7 attacks, which are not relegated to nation-state actors like they once were.

▲

slipnslider 2 days ago | parent | next [-]

>never has prevented fraud.

Interesting, I've heard otherwise but it was anecdotes. Do you have any data on that?

> to track non-fraudulent users

You listed a large number of ways to fake the phone number which is why you believe it doesn't prevent fraud. What is to stop a non-fraudulent user from doing the same thing to prevent the tracking by the company?

	▲	anonym29 2 days ago \| parent [-]
		>Do you have any data on that? The original stated intention of the practice was that "it" [mandatory phone number registration] "prevents fraud" (though this stance was being critiqued by the person who raised it, not defended). I'll concede that it probably has stymied some of the most trivial, incompetent fraud attempts made, and possibly reduced a negligible amount of actual fraud, but the idea that it can "prevent" fraud (implying true deterministic blocking, rather than delaying or frustrating) is refutable by the very reasonable assumption that there is almost certainly no company that implements mandatory phone number registration that has or will experience ZERO losses to fraud. That said, in fairness, this is an unfalsifiable and unverifiable claim, as to my knowledge, there is nothing resembling a public directory of fraud losses experienced by businesses, and there is no incentive for businesses to admit to fraud losses publicly (they may have tax incentives to report it to the IRS, legal incentives to report it to law enforcement, and publicly traded companies may have regulatory incentives to at least indirectly acknowledge operating losses incurred due to fraud in financial reporting), but that doesn't make the claim itself unreasonable or improbable. >What is to stop a non-fraudulent user from doing the same thing to prevent the tracking by the company? The argument isn't that mandatory phone registration unavoidably forces privacy infringement upon all users, just that it does infringe upon the privacy of some (I'd suggest a vast majority) of users in practice.

▲

whatevaa 10 hours ago | parent | prev [-]

Virtual phone numbers are usually blocked for this reason.