What a Phone Number Reveals: Fraud Signals Before Full KYC

A new user enters a phone number at signup. It looks like a string of digits. It is not.

Before you send a verification code, that number is already telling you things: whether the line is mobile or VoIP (Voice over IP), which carrier issued it, whether the country of registration matches the country the user declared, and whether the number is reachable at all. None of that requires the user to do anything — you have it the moment they enter the digits.

This post explains what those signals mean, how fraud teams act on them, and how Didit's multi-channel phone verification fits into a low-friction fraud filter at the front of any onboarding flow.

Key takeaways

• A phone number carries intelligence before an OTP is sent: line type, carrier, country of registration, and reachability are all readable signals.
• VoIP (Voice over IP) numbers can be provisioned instantly without carrier identity checks and are a common tool in fraud operations. A VoIP number from a user claiming to be a retail banking customer is a yellow flag worth investigating.
• Country-of-registration versus declared-country mismatch — the number is registered to a carrier in a country the user did not claim — is a low-cost, high-value fraud signal.
• Reachability testing across multiple channels (SMS, WhatsApp, Telegram, RCS, voice) reveals whether a number is genuinely active, and a number that fails across all channels is unlikely to belong to a legitimate user.
• Phone intelligence is a first filter: at fractions of the cost of a document check, it stops low-effort fraud and calibrates downstream spend. It does not replace document or biometric verification.

What a phone number actually contains

Strip away the format and a phone number has two meaningful parts: a country code and a subscriber number. Together, they encode more than a delivery address.

The country code anchors the number to a regulatory jurisdiction. It tells you which national numbering plan the number belongs to — and therefore which carrier group and line-type categories apply.

The number prefix (the leading digits of the subscriber number) maps to specific carriers and number blocks via the national numbering plan. Number portability complicates this: a number originally assigned to one carrier may have been ported to another. Current carrier lookup reflects where the number sits today, not where it started.

The line type is the most actionable classification. Mobile numbers are issued by carriers that require SIM registration — most jurisdictions mandate identity verification at SIM purchase, providing a baseline assurance that a human identity is attached to the number. VoIP numbers can be provisioned programmatically, at scale, from online services, without any carrier identity check. Landlines carry a third profile: reachable for voice but not SMS, associated with a fixed location rather than a mobile individual.

The fraud signals in a phone number

Line type: VoIP is the disposable email of phone numbers

In the same way that a disposable email provider exists to generate throwaway addresses for users who want to complete a signup without leaving a traceable identity, VoIP services exist — in part — to generate phone numbers that behave like mobile numbers but are not tied to a carrier-verified SIM.

Fraud rings use VoIP numbers to receive OTPs (one-time passcodes) at volume: one virtual phone number service can provide thousands of receiving numbers, each used once and discarded. A user presenting a VoIP number in a KYC flow for a regulated financial service is presenting a credential that, by construction, has no carrier identity assurance behind it.

This does not mean every VoIP number is fraudulent. Legitimate users — particularly in business contexts or for privacy reasons — do use VoIP numbers. The signal's value is in calibration: a VoIP number from a user claiming to be an individual retail banking customer is a different risk profile than a VoIP number from a developer testing an API.

Carrier and country-of-registration mismatch

A user declaring they are located in Spain but presenting a phone number issued by a carrier in a different country, with no plausible explanation (travel, expat residency), is a flag worth investigating. Fraudsters often use number inventory purchased from jurisdictions with weaker SIM registration enforcement or from markets where number pools are cheaper to acquire.

The signal is most useful in combination: a VoIP number from a carrier in a country different from the user's declared nationality, combined with an IP address from a third country, creates a risk profile that is hard to explain with legitimate use.

Reachability across channels

Reachability testing is both a verification step and a fraud signal. Sending an OTP and checking whether it is received confirms the number is active and controlled by the person presenting it. But multi-channel reachability adds granularity.

A number that is reachable via SMS but not WhatsApp could mean the user does not use WhatsApp — a normal outcome. A number that is unreachable across SMS, WhatsApp, Telegram, RCS, and voice simultaneously is very unlikely to be a legitimate, actively used personal phone number. Numbers in this category often belong to number-cycling fraud tooling or numbers that were registered for verification purposes and then abandoned.

Multi-channel delivery also benefits legitimate users: OTP delivery over WhatsApp or Telegram is faster, more reliable in low-signal environments, and free of SMS carrier charges for users who have the apps installed.

Number age and churn signals

Phone numbers are sometimes recycled — a carrier reassigns a number that has been inactive for a period. A recently recycled number inherits the history of its previous holder, creating a risk: the new user may have been issued a number that was previously associated with fraud, or fraud tools may be targeting a number based on its prior owner's accounts.

Phone number age and churn indicators — how long a number has been active under its current registration — are useful signals for onboarding decisions. A number registered very recently, or showing unusual churn patterns, warrants closer attention for high-value accounts.

Why phone is a first filter, not a final verdict

Phone intelligence and OTP delivery run in sub-2 seconds, require only that the user entered a phone number, and surface risk signals before you spend on document analysis, liveness checks, or AML screening.

At the cost of phone verification in front of a $0.33 KYC core flow, catching a VoIP number or an unreachable line stops the downstream spend and keeps fraudulent sessions out of your document review queue. Legitimate users — who have real mobile numbers from real carriers — barely notice the OTP step. Fraudsters cycling through VoIP inventories face a meaningful obstacle.

Phone intelligence alone is not a complete picture. A legitimate user can have a VoIP number. A fraudster can have a genuine mobile SIM. The signals calibrate your downstream spend and trigger step-up checks; they do not replace identity document verification or biometrics.

How Didit helps

Didit offers multi-channel phone verification — delivering OTPs over SMS, WhatsApp, Telegram, RCS, and voice — meeting users on the channel where they are most reachable and reliable. This multi-channel approach simultaneously tests reachability across protocols: a number that cannot receive delivery across any channel is likely not a legitimate, active personal number.

Within the same session, Didit's composable Workflow Builder lets you layer phone verification alongside:

• IP Analysis ($0.03) — IP-to-country consistency, VPN/proxy/Tor detection, IP risk scoring. Combining IP signals with phone-country mismatch creates a much tighter fraud signal than either alone.
• ID Verification ($0.15) — document verification as the next layer when phone signals indicate review is warranted.
• Passive Liveness ($0.10) — biometric confirmation that the person presenting the number is real and present.
• AML Screening ($0.20) — 1,300+ watchlists, for regulated onboarding flows that need both fraud and compliance coverage.

All of these compose in a no-code workflow: configure in the Business Console what happens when a VoIP number is detected (approve, review, or require document verification), without changing integration code.

Use cases

Consumer fintech onboarding — neobanks and payment platforms use phone intelligence to gate access to the document verification step. A VoIP number from a claimed jurisdiction where VoIP-only users are statistically rare triggers a review flag before the more expensive checks run.

iGaming and age-gated platforms — sports betting and online casino platforms in licensed markets need to confirm the phone number belongs to the person being verified. Multi-channel OTP delivery and reachability testing are standard practice in UK UKGC and EU-regulated gaming.

Marketplace seller verification — platforms paying out individual sellers flag recently-provisioned or VoIP numbers as a signal to require stronger identity verification before activating elevated payout limits.

Step-up authentication for sensitive actions — mid-session re-verification for high-value transactions or account changes uses phone OTP as a fast first factor, with biometric step-up layered in for the highest-risk actions.

Frequently asked questions

Does phone verification replace document verification?

No — it is a pre-filter. Phone intelligence and OTP delivery stop low-effort fraud before you spend on document and biometric checks. They do not replace those checks for regulated KYC.

What is VoIP and why does it matter for fraud?

VoIP (Voice over IP) numbers are provisioned over the internet rather than through a mobile carrier. Because they require no carrier identity verification, they can be created at scale and used to receive OTPs in automated fraud operations. Detecting VoIP numbers at signup identifies this risk profile before the OTP is sent.

Can a legitimate user have a VoIP number?

Yes. Business users, privacy-conscious individuals, and developers often use VoIP numbers. The signal's value is calibration — a VoIP number in a consumer financial services context is a different risk profile than one in a developer testing context — not a hard block.

What happens if the phone number is unreachable on all channels?

Multi-channel delivery failure across SMS, WhatsApp, Telegram, RCS, and voice is a strong signal that the number is not an actively used personal number. Your Workflow Builder configuration determines whether this results in a review flag or a hard block, depending on your risk tolerance.

How much does phone verification cost?

Didit's phone verification pricing is variable by channel and volume. Combine it with IP Analysis ($0.03), Passive Liveness ($0.10), and ID Verification ($0.15) for a layered first-filter stack. 500 free checks per month, no minimums.

Ready to get started?

Phone verification is one signal layer in Didit's composable identity and fraud platform — pair it with IP Analysis, document verification, biometrics, and AML screening in a single workflow.

• Read the docs → docs.didit.me
• See it in the platform → User Verification product page
• Check the price → Pricing — 500 free verifications/month, no minimums
• Start free → business.didit.me