When developer Jameel Ur Rehman couldn't receive SMS OTPs on his Sri Lankan number to access Cathay Pacific Miles, he uncovered a systemic failure affecting travelers and expats globally. His investigation revealed this wasn't isolated—Reddit threads showed years of unresolved complaints about carrier reliability.


alt="Article illustration 1"
loading="lazy">

Driven by frustration, Rehman built **OnlineOTP** in two weeks: a Ruby on Rails/Tailwind application leveraging Twilio's API to buy virtual numbers and forward SMS to email. The MVP included: 
# Simplified SMS forwarding logic
sms = params[:Body]
from = params[:From]
EmailService.send(to: user_email, subject: "SMS from #{from}", body: sms)
The product immediately faced internal conflict. As Rehman noted:

"The Security guy in me was crying as I built this product... The Pragmatist was satisfied that I had a use case when the product flow was broken."

Market validation uncovered compelling use cases: - Digital nomads needing reliable OTPs across borders - Freelancers managing client accounts internationally - Rural users with unstable cellular coverage Yet three fatal flaws emerged:

  1. Banking Restrictions: Financial institutions systematically block VoIP numbers for OTPs despite accepting them during registration
  2. Trust Barriers: Users hesitated sharing financial OTPs with third-party services
  3. Telecom Policies: Twilio and competitors prohibit OTP-forwarding services in their acceptable use policies

Rehman's conclusion was stark: "The TAM is quite small and will get smaller as banks move towards authenticator apps and passkeys." The project was shuttered weeks after launch—a cautionary tale about innovating in heavily regulated authentication ecosystems where security protocols and telecom restrictions create insurmountable barriers.

Source: Jameel Ur Rehman's blog