Fraud Prevention
Securing earned wage access against account takeover
Earned wage access platforms disburse real money against accrued wages, which makes the payout moment a target for account takeover. The phone number on the worker's account is the authentication anchor: it receives OTPs, resets passwords and confirms bank account changes. A phone intelligence check before payout catches the two main attack vectors: a number that has been SIM swapped, or a disposable VoIP number used to register a fake account in the first place.
The fraud surface specific to EWA
EWA platforms face a fraud profile that differs from standard consumer fintech. Most users are real employees making small, legitimate withdrawals. The volume of genuine micro-transactions creates a pressure to keep friction low. But the same payout flow that works well for legitimate users is attractive to an attacker who has taken over an account, because a wage advance request is expected behaviour that may not trigger standard transaction monitoring rules.
The three moments where phone signals add the most value are registration, bank account changes and payout requests. None of these require additional friction for a legitimate worker; the check runs silently in the background before the action completes.
Three moments to apply phone signals
Screen the phone number supplied by the worker at sign-up. A non-fixed VoIP number at registration indicates the account may have been created at scale rather than by a real employee. This is especially relevant where the EWA platform onboards without direct employer verification on day one.
A bank account change is a common precursor to EWA fraud. Check active status and, once available, SIM swap recency on the phone number before allowing a beneficiary change. A swap in the 24-to-72-hour window preceding the bank account change request is a high-confidence ATO signal. See the active status API for the integration pattern.
Run the phone check immediately before releasing a payout, particularly for first-time withdrawals or amounts above your normal per-worker threshold. If the number has been swapped since the account was created, or since the last successful payout, hold the disbursement for review. The cost is $0.03 per check against the cost of a fraudulent payout.
What a Telebase lookup returns
curl -s 'https://telebase.fatcatremote.com/api/lookup?phone=%2B447700900000' \ -H 'Authorization: Bearer tb_live_xxxxxxxxxxxxxxxxxxxxxxxx'
{
"phoneNumber": "+447700900000",
"active": true,
"carrier": "EE",
"country": "GB",
"numberType": "mobile",
"simSwap": "UNKNOWN", // launching for GB, DE, NL and FR
"simSwapAt": null,
"_meta": { "activeSource": "LINE_STATUS" }
}
A numberType of nonFixedVoip flags a fake registration. active: false on a number that should be reachable flags an account anomaly. A simSwap of SWAPPED with a recent simSwapAt flags potential ATO before the payout goes out. For the full ATO signal framework, see account takeover prevention with telecom signals.