Fraud Prevention
How to detect a SIM swap before sending an OTP
A SIM swap transfers a victim's phone number to a SIM card controlled by an attacker. If your authentication flow sends a one-time password to that number, the attacker receives it. The correct defence is to check whether a recent SIM swap has occurred before the OTP is sent, not after. Telebase is launching a real-time SIM swap detection signal for this use case. Early access is available now.
How SIM swap fraud works
An attacker obtains enough personal information to convince a mobile operator, or a rogue employee at one, to transfer the victim's number to a new SIM. The transfer takes effect quickly. From that point, the attacker receives all SMS messages and calls destined for that number, including OTPs sent by banks, exchanges and payment apps.
The victim typically does not notice immediately. Their phone loses signal, which they may attribute to a network issue. By the time they report it, the attacker has already passed SMS 2FA and accessed the account.
SIM swap fraud is particularly common in account takeover attempts against fintech and crypto platforms, where the payout from a single successful attack is high relative to the effort required.
Why checking at the point of OTP dispatch matters
The OTP itself is the vulnerability. Sending it to a swapped number hands the attacker the credential they need. The check therefore needs to happen before the OTP is sent, not as a post-incident forensic step. A real-time SIM swap signal, queried at the moment the user requests a code, gives you the information at the point where it is still actionable.
If a recent swap is detected, the right response is to block the OTP and route the user through a different verification channel, such as a video call or document re-submission, rather than proceeding as normal.
What signals are available now
While SIM swap detection is launching, several live Telebase signals already reduce risk at authentication:
- Active status: an inactive number cannot receive an OTP, flagging a potential port or abandonment
- Number type: a VoIP number cannot be SIM-swapped in the traditional sense, but its presence at authentication is worth reviewing
- Carrier: a sudden carrier change on an existing account is consistent with a port-out, which precedes some SIM swap patterns
- Country: a number now registering in a different country from the account's last known location is an anomaly signal
These signals are live today via the Telebase API at $0.03 per query, no contract, no minimum spend.
SIM swap detection: launching
Telebase is registering SIM swap feeds with mobile network operators carrier by carrier. The signal is in private early access. When live, it will return a timestamp of the most recent SIM swap event for the queried number, or a confirmation that no recent swap has been detected. The current API response returns sim_swap: UNKNOWN while registration completes.
If you want to implement SIM swap checking before an OTP is sent and are evaluating data sources, get in touch to discuss early access.
Get early access