OTP Deliverability: Does Your Provider Do This For You?


Most SMS/voice providers will sell you the impression that sending SMS/voice one-time passwords (OTP), which are used for phone verification, or user authentication, is just a single API call.

It is until something goes wrong, and something always goes wrong. What does your SMS/voice provider do for you then?

We describe three critical levels of OTP deliverability failure that businesses relying on SMS/voice platforms need to think about and ask their providers.

1. When your provider is down

This leads to downtime. Period. Until your provider successfully determines the issue and fixes it.

RingCaptcha has a ‘hot site’ that we can switch traffic over to transparently, without our customers even being aware of it. Furthermore, RingCaptcha has a widget that redefines how easy it is to collect user data and verify the phone number in a single swoop, as well as, Authr (new feature from our OAuth.io acquisition), both of which can use other providers directly, completely bypassing RingCaptcha during failure. RingCaptcha itself is connected to multiple providers so in scenarios when other providers typically fail, we can easily reroute traffic to get SMS/voice OTP through.

2. When your provider’s downstream operator routes are down

This leads to downtime. In some sense, this is worse as your provider needs to rely on the downstream operators to determine the issue and fix it. Providers often mix-and-match operators and partners to maximize their profitability; for some less profitable countries/routes, they often do not have the highest level quality of support, which may aggravate the downtime.

RingCaptcha is connected to multiple providers, and each provider has routes with different attributes, e.g., quality of service, pricing, etc., to downstream operators. During an outage of a downstream route that affects a certain provider, RingCaptcha can easily utilize another provider that is using a different route to remain disruption-free.

NOTE: Without RingCaptcha, when your provider or their downstream partners’ routes face deliverability issues, you would have to resend through a different provider with whom you have to integrate with and negotiate pricing, as well as building this redundancy into your code. So much for the so-called ‘single API call’ implementation.

3. SMS/Voice platform – uncertainty in delivery

The two hardest things about working with an SMS/voice platform is the lack of delivery transparency and multi-level hierarchical dependency between providers and operators. In other words, once you send an SMS/voice OTP (in particular SMS), unless the user successfully verifies, you have little idea if the user actually received the SMS. Even if you discovered that the target failed to receive the OTP, you have to rely on multiple downstream parties to determine location of failure, which is both cumbersome and time-consuming.

This is further complicated by the inconsistencies in how each provider/operator platforms inform you about delivery status.

The ‘uncertainty in delivery’ dampens your ability to react timely, and as a business that relies on SMS/voice to onboard or authenticate users, the possibility of turning away new users as well as locking out existing users is highly disconcerting.

RingCaptcha understands this ‘uncertainty’ issue deeply as we have worked closely with customers across numerous industries and geographical regions over the years.

Conversion rate monitoring

RingCaptcha monitors your conversion rate (number of successful verifications vs. total number of OTP sent) 24×7 thus we can detect changes in conversion rate, which is often due to route outage or degradation, and even in some cases due to a change in the user onboarding flow and user interface (UI) of our customer applications. Once we determine that the drop is due to a route issue, we will reach out to the providers and operators concerned to address the issue. If this fails to resolve the issue in a timely manner, we can just switch delivery over to a better performing route.

Auto fallback

When an OTP is sent and not used within a configurable time period, RingCaptcha can be configured to auto-send another OTP, which can be in an alternative form, e.g., voice (if the initial OTP was sent through SMS). This OTP will also be sent through a different provider increasing the probability that the user will receive it, in case the first OTP has failed to deliver.

Empower the user

RingCaptcha’s widget also empowers the users to re-request for an OTP if they have not received one from their initial request. Like auto-retry, the re-requested OTP will be sent through a different provider to increase the probability of the user receiving the OTP.


If you see that your conversion rate is below expectation, and there are no issues identified at provider/operator level, you can use our Last-Mile project to identify phone numbers that are not verifying with their OTP in real-time, and reach out to them to understand why they are not converting.


Continuous Test & Probe

Our latest project, Uncover (contact hello@ringcaptcha.com for access), enables us to determine conclusively whether an SMS/voice OTP successfully arrives at the target receiver. We use Uncover to probe various provider/operator routes periodically to figure out the best routes, in terms of deliverability, speed, price, etc. It also enables us to be less reliant on providers/operators to troubleshoot issues, which improves our customer support response time.


Let us summarize what all this means:

At a business-level:

  • High conversion:
    • A smooth user signup/login experience
  • Low cost/maintenance
    • Gain access to multiple providers, and operators, and utilize the best combination of routes from them to meet your business need with a single contract

At a development-level:

  • A simple real ‘single API call’ implementation
    • RingCaptcha works behind the scene to ensure that your single API call sends SMS/voice OTP that arrives at the target receiver with the highest probability possible

At an operational-level:

  • High redundancy:
    • Your signup/login function is always available – 24x7x365
  • More visibility into an otherwise black box service
    • You can find out which users are not converting and why in real-time