The most innocuous explanation is someone in management asking "if someone tells us (via API request) to send an SMS to a certain number, and we don't send that message because we're 99% sure they're being defrauded, how do we communicate that to the customer, and what about that 1% chance we're wrong?"
Although the most likely explanation is someone in management going "hold on, we have to spend money to build these safeguards, and we're going to make less money after we deploy them?"
Although the most likely explanation is someone in management going "hold on, we have to spend money to build these safeguards, and we're going to make less money after we deploy them?"