Identity and Fraud Prevention

The identity and fraud prevention capabilities give businesses access to network-level signals that help them verify who their users are and detect anomalous activity that may indicate fraud. These signals come directly from the mobile operator — not from user-submitted data — making them harder to fake and more reliable as a security layer.

All capabilities in this family follow the CAMARA standard and require the user’s explicit authorization before any data is accessed.

Number Verification

What it does: Confirms in real time that the phone number a user claims to own matches the SIM card currently active in their device.

When a user logs in to an application and provides their phone number, there is no inherent way for the application to know that the person entering that number is actually the holder of that SIM. Number Verification closes this gap by asking the operator: “Is the device making this request currently using this phone number?” The operator can answer yes or no based on the active SIM, without revealing any personal data.

Who benefits:

  • Banks and fintechs performing step-up authentication during sensitive transactions
  • E-commerce platforms verifying the identity of buyers at checkout
  • Any application that uses phone number as a form of identity and wants to reduce account takeover risk

Why it matters:

Traditional phone number verification relies on SMS one-time passcodes (OTPs). OTPs are vulnerable to SIM swap attacks, phishing, and SS7 interception. Number Verification does not involve sending a code at all — the verification happens at the network level, silently and instantly. This makes it significantly more resistant to the attacks that target OTP-based verification.

SIM Swap

What it does: Reports whether a SIM card associated with a given phone number has been swapped within a specified time window (for example, the last 24 or 72 hours).

A SIM swap occurs when someone transfers a phone number from one SIM card to another. Legitimate SIM swaps happen when a customer loses their phone or upgrades their device. Fraudulent SIM swaps happen when an attacker convinces the operator to transfer the victim’s number to a SIM the attacker controls — after which the attacker can receive all SMS messages and calls sent to that number, including OTP codes.

Who benefits:

  • Banks and payment providers who want to block transactions when a recent SIM swap has been detected for the account’s registered number
  • Fintech applications performing account changes (password reset, email change, withdrawal address change) that are commonly targeted in account takeover attacks
  • Identity providers who want to add an additional risk signal to their authentication decision

Why it matters:

SIM swap fraud is a serious and growing threat. Once an attacker has control of a victim’s phone number, they can bypass SMS-based two-factor authentication for any account linked to that number. By checking for recent SIM swaps before processing a sensitive request, businesses can stop many account takeover attempts before any damage is done.

Device Swap

What it does: Detects whether the physical device (handset) associated with a phone number has recently changed.

Similar to SIM Swap, Device Swap monitors for a change in the device identifier (IMEI) associated with a subscriber. While a device change is often entirely legitimate — a customer bought a new phone — it can also indicate that a number has been ported to a new device as part of a fraudulent scheme.

Who benefits:

  • Financial services companies that want an additional fraud signal alongside SIM Swap
  • Platforms that have set up device fingerprinting or trust-based access and want to detect when a user’s device environment has changed

Why it matters:

Device Swap adds another dimension to fraud detection. When combined with SIM Swap data and other signals, a recent device change can help a risk engine make a more informed decision about whether to challenge a transaction or require additional authentication.

KYC Age Verification

What it does: Confirms whether a subscriber is above a specified minimum age, based on the date of birth on record with the mobile operator.

The service provider asks: “Is this user at least [N] years old?” The operator responds with a simple yes or no, without sharing the actual date of birth or any other personal information.

Who benefits:

  • Online platforms that need to verify a user’s age before allowing access to age-restricted content (gambling, adult content, alcohol sales)
  • Any service with a minimum age requirement that wants to reduce friction in the age verification process

Why it matters:

Traditional age verification methods — asking the user to enter their date of birth or upload a document — are easy to circumvent and place the burden of verification on the user. KYC Age Verification uses data that the operator has already verified when the subscriber joined, providing a stronger signal with less user friction. Because only a boolean result is returned, no personal data leaves the operator’s systems.

KYC Match

What it does: Validates whether identity attributes provided by a service provider match what the mobile operator has on record for that subscriber.

The service provider submits a set of attributes — such as full name, date of birth, postal address, or national identity number — and the operator confirms which of those attributes match (or do not match) the subscriber record. Individual attribute results are returned, so the service provider knows which fields matched and which did not.

Who benefits:

  • Financial institutions performing Know Your Customer (KYC) checks as part of onboarding or compliance workflows
  • Insurance companies verifying applicant identity
  • Any business that needs to confirm that a user is who they say they are, using an authoritative data source

Why it matters:

Operator subscriber records are the result of a formal registration process — customers must prove their identity to obtain a SIM contract in most jurisdictions. This makes the operator’s records a high-quality, authoritative source for identity attribute verification. Using KYC Match as part of an onboarding flow can replace or supplement more expensive manual document checks.

KYC Tenure

What it does: Reports how long a user has been a subscriber of the mobile operator.

The service provider can ask whether the subscriber’s tenure is above a certain threshold (for example, “has this user been a customer for more than 6 months?”) or request the actual tenure value.

Who benefits:

  • Lenders and financial services companies that use account longevity as a signal of creditworthiness or stability
  • Fraud prevention systems that treat very new accounts with higher suspicion
  • Platforms that want to offer different levels of trust or access based on how established a user’s operator relationship is

Why it matters:

A brand-new subscriber account is a weaker trust signal than one that has been active for years. Fraudsters frequently use freshly obtained SIM cards. By incorporating operator tenure into a risk assessment, businesses can make more informed decisions about how much trust to extend to a user without requiring them to take additional verification steps.