What are Network Identity & Risk Signals?
Most fraud doesn’t start with a stolen password — it starts with a hijacked phone number. Fraudsters port a victim’s number to their own SIM, activate call forwarding, or use a stolen device. Once they control the phone number, they intercept OTPs and take over accounts.
tyntec’s Network Identity & Risk Signals query the mobile network directly, in real time, to detect these conditions before any authentication is performed. Each signal is a simple, fast API call that returns a boolean result. No user interaction is required.
In plain terms: before you send an OTP or allow a sensitive action, ask the network — “Is this phone number in a safe state right now?”
The three signals
| Signal | What it detects |
| SIM Swap | Detects whether the phone number has been moved to a new SIM card recently. The primary indicator of account takeover via number porting. |
| Call Forward | Detects whether unconditional call forwarding is currently active on the line. If active, any voice OTP you send will be received by the attacker, not the user. |
| Device Swap | Detects whether the subscriber’s handset (identified by IMEI) has changed recently. A new device on a known number correlates strongly with SIM swap. |
Use them together: SIM Swap alone is a strong signal. SIM Swap + Device Swap together is a near-certain account takeover indicator. Add Call Forward and you have three independent layers of network-level protection.
When each signal matters
Each signal is useful in different scenarios. Understanding which to query when — and what to do with the result — is covered in “When to use which signal” section.
As a quick reference:
| Scenario | Recommended signals |
| Before sending any OTP | Check SIM Swap and Call Forward. Both indicate the OTP will not reach the legitimate user. |
| At login | Check SIM Swap, Device Swap and Call Forward. A recent change at login time is a high-risk signal. |
| Before high-value transactions | Check all three signals. Any single positive is grounds for step-up authentication. |
| During account recovery | Check SIM Swap. A SIM Swap coinciding with a password reset is a classic fraud pattern. |
| At onboarding / KYC | Check Device Swap. A brand-new device combined with a new account is elevated risk. |