This is unfortunately easier said than done. You'd expect Twilio to let you set a max spending limit in your account settings. Instead this is what they tell you to do: https://support.twilio.com/hc/en-us/articles/223132387-Prote... (notice the PHP snippet too)
Essentially, setting up a webhook to receive alerts from Twilio, and then calling a Twilio API to suspend the account. Your webhook better be up and running flawlessly if you don't want to go bankrupt. Why can't they do it themselves?
This may unnecessary discriminate people from countries which is not your main market and digital nomads using local SIMs. Better is to have per-country (or even per-operator) rate limits which are low by default but high for countries you have a lot of users from.
If any YC companies are running into this, hit me up at chris ampersand stytch.com. We have a great YC deal and can stop toll fraud eating your dollars.
The way I've worked around this issue is by:
- Verifying the phone number before sending SMS. - Using a whitelist of supported countries. - Limit the amount Twilio can charge us
Hope that helps