VERICODE vericode.com.au

SMS providers, phone numbers, and the cobbler's children

Vericode · 3 June 2026


I tried to sign up to a second account at an Australian SMS provider this week. Same business, separate test environment, perfectly normal reason. It blocked me. The phone number I’d put in was already on file under another account, and the system wouldn’t let it through.

That’s a sensible policy. Same mobile number signing up twice is one of the cleaner fraud signals an SMS provider has at its front door. It stops the same person opening fifteen accounts under fifteen plausible-sounding business names. It stops the spammer who got terminated last week coming back in tonight under a fresh ABN. Reasonable.

What’s interesting is that they’re an SMS provider. Their entire business is moving short authenticated messages between businesses and the people on the other end of phone numbers. They sell trust in numbers. And the way they protect their own onboarding from fraud is by treating the phone number as a fraud signal.

That’s not a contradiction. It’s an admission. The phone number is the only universal identity primitive they have to hand, so they have to use it as both the thing they verify for their customers and the thing they verify their customers by. It works because it’s the only tool in the box. It doesn’t work very well, because I had a legitimate reason to want a second account. So does anyone who’s a contractor at one business and an employee at another. So does anyone porting a kid’s number across plans. So does anyone whose number got recycled to them six months ago and has now inherited a stranger’s history.

The industry’s answer to “phone number isn’t really identity” has been to bolt extra layers on top. KYC, address checks, ABN lookups, credit-bureau pulls. None of those are about the number. They’re about establishing that there’s a real human or a real business standing behind the number, so the number itself can be treated as trustworthy for the next twelve months.

That layer of trust exists at the contract level. It doesn’t exist at the call level. When a customer of one of those businesses then calls into the business, to ask about their loan, to verify a settlement date, to check what email address is on file, there’s no equivalent. The phone number tells the business who’s calling, and most of the time that’s enough. Except for all the times it isn’t.

This is the gap I’ve been thinking about for a while, and it’s the thing Vericode exists to close. But you don’t need to be building it to notice it. Every SMS provider in the country has noticed it already. That’s why they’re using phone numbers as fraud signals at their own front door. They wouldn’t need to if numbers were trustworthy on their own. They aren’t, and the people who know that best are the ones selling them.

The cobbler’s children, etc.

— Chris