SIM Swap Detection
SIM swap checks before high-value transactions
A SIM swap in the hours before a large withdrawal, transfer or payment authorisation attempt is one of the strongest fraud tells available: it means someone other than the account holder may now control the number that receives the one-time passcode. Checking for a recent SIM swap immediately before releasing funds, not just at login, closes a gap that most authentication flows leave open. Telebase's SIM swap detection is launching; early access is available now for teams building this check into their transaction flow.
Why the moment of the transaction matters more than the moment of login
Most account security is built around login-time checks: password, device fingerprint, sometimes an OTP. A SIM swap attacker often already has a valid session, either because they swapped the SIM before login or because the account was already compromised through other means. The window that matters most is the point where funds actually move: a withdrawal, an international transfer, or authorisation of a large payment. That is the moment an attacker needs the OTP to complete their objective, and the moment a SIM swap check has the highest chance of catching them before money leaves the account.
What a SIM swap check adds at this step
A recent SIM swap does not prove fraud; legitimate customers change SIMs for ordinary reasons, a lost phone, a new provider, an international trip. What it does is change the risk calculus for a specific transaction at a specific moment. Practical questions to build into the decision:
- How recent is the swap relative to the transaction attempt? A swap within the last 24 to 72 hours, immediately followed by a large transaction request, is a materially different situation from a swap that happened weeks ago.
- Is the transaction unusually large or unusual for this customer? Combine the SIM swap signal with existing transaction-monitoring thresholds rather than applying it universally to every transfer regardless of size.
- Has the destination account, device or IP also changed recently? A SIM swap alongside a new payee or a new device is a stronger combined signal than either alone.
A recent swap is a reason to step up verification before authorising the transaction, for example a callback, a delay, or an alternative authentication method, rather than an automatic block. See interpreting SIM swap age for risk decisions for how to think about the recency threshold in more detail.
SIM swap detection: launching
Telebase is registering SIM swap data feeds with mobile network operators carrier by carrier. The API already returns the field: a query today for a GB, DE, NL or FR number returns simSwap: "UNKNOWN", the true and current value while that registration completes, rather than a fabricated SWAPPED or NO_SWAP result. Early access is available now for fraud and risk teams who want to design the check into their transaction flow ahead of general availability.