You chose to require an SMS OTP for your customers. It is not straightforward at all that the burden of filtering your customers would fall on your provider and not on you -- actually, if the provider you chose does explicitly not provide that filtering, it's effectively on you.
(I have to say that if I were Twilio, I would not have added the "fraud prevention" toggle, because now they can be deemed to be providing that service.)
You chose to require an SMS OTP for your customers. It is not straightforward at all that the burden of filtering your customers would fall on your provider and not on you -- actually, if the provider you chose does explicitly not provide that filtering, it's effectively on you.
(I have to say that if I were Twilio, I would not have added the "fraud prevention" toggle, because now they can be deemed to be providing that service.)