TL;DR: SNA is still a relatively new replacement for SMS OTP, and provider choice affects consultative support, production success rates, edge-case handling, compliance posture, coverage, and commercial flexibility, according to IDlayr. The real decision is whether the provider can support secure deployment and operational fit, not just deliver an API.
NHIMG editorial — based on content published by IDlayr: What to Look for When Choosing an SNA Provider
By the numbers:
- SNA is still relatively new technology compared to SMS, which has been around for over 25 years.
- In mature markets, real-time MNO coverage of 80%+ of mobile subscribers is achievable.
Questions worth separating out
Q: How should teams evaluate an SNA provider for production use?
A: Start with deployment support, production success rate, latency, edge-case behaviour, compliance posture, coverage, and commercial fit.
Q: Why do SNA coverage claims need careful validation?
A: Because coverage can be based on real-time network access or on historical lookup data, and those two mechanisms do not carry the same trust value.
Q: What do security teams get wrong about SNA and SIM swap fraud?
A: They often assume a binary SNA check is enough to solve the whole fraud problem.
Practitioner guidance
- Validate the deployment journey before you sign a contract Ask the provider to walk through use case selection, fallback design, metrics definition, and launch readiness as a single deployment path.
- Test live authentication behaviour, not demo behaviour Measure success rate and latency in the markets and device conditions you actually support, including Wi-Fi, VPN, dual-SIM, and iOS mobile web scenarios.
- Separate SNA from adjacent fraud controls Treat SIM swap detection, number discovery, and identity verification as distinct capabilities that may need to be combined.
What's in the full article
IDlayr's full article covers the operational detail this post intentionally leaves for the source:
- Question-by-question provider evaluation prompts for consultative capability, technical performance, and coverage.
- Specific guidance on TS.43, NV1.0, Wi-Fi handling, and dual-SIM behaviour in production.
- Commercial diligence topics such as minimum commitments, per-auth pricing, and expansion terms.
- Security and compliance questions covering certifications, residency, retention, and data minimisation.
👉 Read IDlayr's guide to choosing an SNA provider →
SNA providers and SMS OTP replacement: what should teams ask?
Explore further
SMS replacement is no longer a messaging choice, it is an identity governance decision. The article makes clear that SNA is evaluated on trust, resilience, and deployment controls, not just transport. That shifts the programme owner from communications procurement to identity and fraud governance, where authentication design, fallback logic, and operational oversight all matter. Practitioners should treat SNA selection as part of authentication architecture, not as a telecoms buy.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.
A question worth separating out:
Q: Who is accountable when SNA fails in a regulated environment?
A: Accountability sits with the organisation that chooses the control and accepts the residual risk, even if a provider supplies the network check. In regulated sectors, the buyer still owns data handling, fallback design, user-impact decisions, and whether the control is fit for purpose under internal and external review.
👉 Read our full editorial: Choosing an SNA provider: the governance questions that matter