LoopMessage Founder Andrew Konovalskyi on the Corporate Costs of SMS Codes

Summary

Andrew Konovalskyi, founder of LoopMessage, warns that businesses are paying heavily for one‑time passcodes (OTPs) sent via traditional A2P (application‑to‑peer) SMS. Although single SMS fees look small, volume, fraud and insecure transmission inflate costs and risk. Konovalskyi advocates shifting to P2A (peer‑to‑application) messaging via encrypted platforms such as WhatsApp and iMessage (through providers) to cut costs and improve security.

Key Points

Businesses spent billions in 2024 on OTP SMS; per‑message cost ranges roughly from 0.8¢ to 75¢ depending on destination and carrier.
SMS is unencrypted, routed through multiple networks and intermediaries, exposing messages to interception, SIM‑swaps and insider risks.
Fraud types like “SMS pumping” force companies to pay for unsolicited messages, increasing bills dramatically.
A2P economics involve aggregators and carriers taking a cut at every hop; that model is costly and insecure by design.
P2A flips the flow: users send back a code via an encrypted messenger opened with a deep link; intermediaries cannot read or alter messages.
WhatsApp and iMessage reach means many customers already have the necessary apps—WhatsApp has ~3 billion monthly users, and iPhone users total ~1.56 billion worldwide.
Inbound messages on platforms like WhatsApp are typically free; Twilio quotes WhatsApp authentication sessions at ~$0.0014–$0.0768 per session — a fraction of SMS cost.
LoopMessage’s tests show moving to P2A cut verification costs by more than 90% in some cases.
Practical advice: audit authentication spend, run a pilot with messaging‑based codes and measure security and cost outcomes.

Content summary

The article is an interview with Konovalskyi explaining why SMS OTPs are an expensive, fragile industry standard. He breaks down the hidden economics — volume, carrier cuts and fraud — and details technical vulnerabilities such as interception and SIM‑swap attacks. He then outlines P2A as a pragmatic alternative that uses deep links and existing encrypted messengers to receive inbound codes, reducing per‑verification cost and improving security without requiring users to install new apps.

Konovalskyi cites concrete data points: billions spent in 2024 on SMS OTPs, carriers fined nearly $200m for selling location data, WhatsApp’s global scale and Twilio pricing comparisons. His recommendation is operational: audit, pilot and scale P2A where it fits.

Context and relevance

This is highly relevant to product, security and finance leaders who manage user authentication costs and customer experience. As regulators tighten data‑handling rules and fraud tactics become more sophisticated, firms face both financial and reputational risk from outdated SMS flows. The rise of global messaging platforms and platform APIs makes migration technically feasible and commercially attractive right now.

For organisations scaling sign‑up or authentication operations, small per‑message fees compound quickly. Moving to encrypted, user‑initiated channels aligns with broader industry trends: minimising third‑party exposure, improving privacy and shaving operational expenses.

Why should I read this

Look — if your company still pays for hundreds or thousands of SMS OTPs a day, you’re literally leaking money and trust. This piece explains, in plain terms, how that leak happens and gives a practical alternative that most customers already support. Quick read, immediate ROI potential.

Author style

Punchy and direct: the interview highlights a clear problem and a pragmatic fix. The point is not academic — it’s about cutting real costs, reducing fraud exposure, and freeing budget for growth. If you’re responsible for user authentication, this is worth acting on.