Regulatory Compliance

SIM swap signals for FCA affordability and lending checks

An account takeover during a lending application is a foreseeable harm under FCA Consumer Duty. If an attacker takes control of a customer's phone number via a SIM swap, they can intercept OTPs, amend the application and redirect funds. A SIM swap check at the point of affordability assessment adds a practical layer of protection. Telebase is launching a real-time SIM swap detection signal. Early access is available now.

Why SIM swap matters in a lending context

Lending applications are high-value targets. A completed loan application, with funds disbursed to an attacker-controlled account, represents a direct financial loss to the lender and harm to the victim whose identity and creditworthiness were used. The Consumer Duty outcome on financial protection requires firms to take reasonable steps to protect customers from foreseeable harms, including fraud enabled by account takeover.

SIM swap attacks often occur at exactly the moment a customer is engaged in a high-value transaction: a loan application, a withdrawal request or a change of bank account details. The attacker monitors for these moments and times the swap to intercept the OTP sent for verification. Checking for a recent SIM swap before proceeding past the OTP step is a proportionate control.

What a SIM swap signal tells you during affordability checks

A recent SIM swap on the phone number associated with an application is not evidence of fraud on its own. Legitimate customers change SIMs. What it is, is a reason to apply additional verification before proceeding. The risk questions to ask are:

A SIM swap signal is most useful as one input into a broader risk score, not as a standalone block condition. Combine it with device signals, velocity checks and identity verification outcomes for a more robust picture.

FCA expectations and Consumer Duty

The FCA's Consumer Duty requires firms to act to deliver good outcomes for retail customers, including protecting them from harm that is reasonably foreseeable. Account takeover during a lending application is foreseeable, well-documented and technically preventable. Firms that have not implemented reasonable controls, where those controls are available and proportionate, are in a weaker position when explaining a loss event to the regulator.

SIM swap detection is not currently mandated by name in FCA rules, but the principle of proportionate fraud controls is. Including it in a documented risk control framework supports the kind of audit trail Consumer Duty expects. For the wider picture of how phone-based signals map to FCA financial crime systems and controls expectations, including for cryptoasset businesses, see FCA PS24/17 and phone-based risk signals.

Live signals available now

While SIM swap detection is launching, the following Telebase signals are live today and support lending risk decisions:

Live signals are available at 0.03 USD per query, no contract, no minimum spend, billed via Paddle.

SIM swap detection: launching

Telebase is registering SIM swap data feeds with mobile network operators carrier by carrier. The signal will return a timestamp of the most recent SIM swap event for a queried number, enabling a recency check at the point of application. The current API response returns simSwap: UNKNOWN while feed registration completes. Early access is being offered to lending and affordability teams who want to integrate ahead of general availability.

Early access: SIM swap detection is launching.

If you are building or reviewing lending fraud controls and want to include a SIM swap signal, get in touch to discuss early access.

Get early access