Phone verification gateways

In BILLmanager, fraud protection is implemented through mandatory verification of clients by mobile phone number. Third-party phone number verification systems are used for this purpose. To connect BILLmanager to such a system, add a phone verification gateway.

Clients without a verified number will not be able to order services covered by fraud protection. Clients can verify their phone number:

• On the main page of the client area → click Verify phone number. The button is hidden if the client has a verified number. 
• In the cart → the Verify phone number button replaces the Pay button. The mechanism works when a client without a verified number orders a service with a fraud protection system.

Fraud protection

To enable fraud protection:

1. Enter Provider → Global settings → Client verification.
   1. Specify at what point the Phone number confirmation is required:
      • before paying for the order;
      • after paying for the order;
      • after registration.
   2. Specify the Number of attempts to receive a code and Number of attempts to enter code. Read more in Global settings.
   3. Click Ok.
      After saving the settings, the sections Settings → Fraud protection and Integration → Phone verification gateways will appear in the left menu.
2. To specify for ordering which types of products and tariffs, the client must have a verified phone number:
   1. Enter Settings → Fraud protection.
   2. Select the provider → click Product types.
   3. Set the required values for the selected product types with the Enable and Disable buttons.
   4. Select the product type → click Tariffs.
   5. Set the required values for the selected tariffs with the Enable and Disable buttons.
   6. Return to Settings → Fraud protection.
   7. Select a provider → click Enable.

The settings will become inaccessible once protection for the provider is enabled. To access the settings, disable the protection for the provider.

You can configure the periods which will be covered by the verification when ordered. Click Periods in the relevant section and enable the required periods.

Creating a new gateway

To add a new gateway, enter Integration → Phone verification gateways → click Add:

1. Creating a gateway. Select the service:
   • SMS center (call);
   • TeleSign;
   • Clickatell;
   • Devino Telecom;
   • GREENSMS;
   • MobilMoney;
   • QuickTelecom;
   • SMS center
   • http-SMS;
   • SMS Traffic;
   • TurboSMS;
   • http-SMS — If the required service is not available, use a universal gateway.
2. Gateway parameters. Fill in the data for integration with the messaging service:
   • Name — the name of the gateway in BILLmanager;
   • Provider — select the provider for which this gateway will be used. Leave the field blank so that the gateway is used for all providers;

   • Notification types — select the types of notifications that will be sent through this gateway. If no sending gateway is configured for the notification, it will be sent through the first gateway suitable in terms of sending method.

      Example

     Example 1. Two gateways are configured in BILLmanager to send notifications. In the settings of the first gateway, the types "Send invoice" and "Provider message" are selected for sending. Nothing is selected in the "Notification types" field in the second gateway settings. All types of notifications will pass through the second gateway except those specified in the settings of the first gateway.

     Example 2. Two gateways with id 10 and 15 are configured in BILLmanager to send notifications. The same notification types are selected for both gateways. Notifications will be sent through a gateway with a smaller id - 10. If messages have not been sent through the gateway with id 10 for some reason, the gateway with id 15 will not send those messages.

   • Number filter — a number filter set by a regular expression. Only numbers that satisfy the regular expression can be verified through the gateway. If no filter is set, any phone number can be verified through the gateway. Before verification, all characters that are not digits are removed from the number. Example of an expression to validate numbers from Russia: "^[78][0-9]{10}+$".
   • Priority — the priority by which the gateways are sorted when the client verifies the phone number. The bigger number has the higher priority;
   • Timeout (minutes) — waiting period before sending the code again;
   • Code validity period (minutes) — the period after which the code will be considered invalid;
   • Activate after creation — activate the option to enable the gateway after creation;
   • Message text — message text for users of the specified localization;
   • Specify the data for authentication in the messaging service.

Universal gateway

The form of the universal gateway configuration is different, because the provider needs to specify data to connect to the service via API:

Use macros in the API request template:

• {phone} — phone number;
• {message} — message text generated from an EJS template;
• {sender} — sender's signature. The value from the Sender field is used.

All the necessary information for connecting to the SMS service via API can be found at the service provider's website.

Gateway selection algorithm

When multiple security gateways are added to the system, the selection is performed according to the following algorithm:

1. The gateway with the highest priority among all active gateways is selected. 
2. The specified number is checked against the gateway filter. If the phone number does not satisfy the filter, the gateway is skipped. 
3. When the first suitable gateway is found, the search stops.

Logging

The logs of the connected gateway modules are named as gw<service name>.log or fg<gateway name>.log:

• /usr/local/mgr5/var/fgsmsc.log
• /usr/local/mgr5/var/fgsmsgate.log
• /usr/local/mgr5/var/fgtelesign.log
• /usr/local/mgr5/var/gwclickatell.log
• /usr/local/mgr5/var/gwdevinotele.log
• /usr/local/mgr5/var/gwgreensms.log
• /usr/local/mgr5/var/gwmobilmoney.log
• /usr/local/mgr5/var/gwqtelecom.log
• /usr/local/mgr5/var/gwsmsc.log
• /usr/local/mgr5/var/gwsmscustom.log
• /usr/local/mgr5/var/gwsmstraffic.log
• /usr/local/mgr5/var/gwturbosms.log

Universal gateway

Universal module log file: /usr/local/mgr5/var/gwsmscustom.log.