2-factor authentication (2FA) or one-time passcodes (OTP) are common use cases for toll-free messaging.
Although the type of consent may vary, all business messaging use cases – including 2FA/OTP messaging – requires consent from the end user to send messages. For 2FA/OTP messages, you must have express consent to send a 2FA or OTP text message. Typically, express consent for a 2FA/OTP text message is obtained by informing the user they will receive a 2FA/OTP notification at the phone number they provide, or informing them when they update their phone number in an online profile.
To get your toll-free number verified for a 2FA/OTP use case, you must provide proof of consent. A screenshot or live URL is ideal. If you don't have a screenshot or URL available, then you must provide a thorough, detailed description of how you collect the end user's express consent. 2FA/OTP use cases do not exclude the need to provide proof of consent, and language in T&Cs or Privacy Policy is not sufficient for express consent.
If you need more info on messaging best practices when it comes to consent, please refer to the
CTIA Messaging Principles and Best Practices.
