Telco signals overview

The Phone information widget includes a Telco attributes section that surfaces carrier-level data directly from mobile network operators (MNOs). Where standard phone enrichment tells you about a number's history and digital footprint, telco signals tell you what is happening to that number right now at the network level.

Five signals are available: an HLR lookup for number status and carrier details, a CNAM lookup for the registered name, SIM swap detection, porting history, and a telco risk score. All five return inside the Phone information widget under Telco attributes.

Note: Telco signals are premium add-ons billed separately from standard Phone and Fraud API usage and coverage is country-specific. Contact your account manager or support@seon.io to enable signals or confirm coverage for a market.

The Home Location Register (HLR) is the GSM network database that holds a live record for every active mobile subscription. An HLR lookup queries that database through a mobile network operator and returns the number's current status, carrier, and roaming state.

A number that is invalid, inactive or sitting on an unexpected roaming carrier is a meaningful signal during onboarding or step-up checks. HLR gives you that information before a transaction clears. HLR results appear in the Home Location Register (HLR) subsection of Telco attributes and are returned in the hlr_details API object:

Learn more: Please check the Phone API response section for a detailed technical breakdown of the response fields, along with response samples.

Caller Name Delivery (CNAM) links a phone number to the name displayed on a recipient's caller ID. SEON's CNAM lookup returns the name registered to a number, which you can compare against the name a customer provided during onboarding or at checkout.

A mismatch between the CNAM value and the customer of record is a supporting signal for impersonation and synthetic identity attempts. Treat it as corroborating evidence alongside other risk signals, not as a standalone determination.

CNAM results appear in the Caller Name Delivery (CNAM) subsection of Telco attributes and are returned in the cnam_details object:

Note: CNAM availability is country-dependent and subject to local regulations and telecom providers. For coverage details, contact support@seon.io.

A SIM swap moves a phone number onto a new SIM card. Attackers use it to take control of a number, intercept SMS authentication codes and reset account credentials. The swap itself is usually invisible to device signals and digital footprint checks — the number looks exactly the same from the outside.

SIM swap detection identifies whether the SIM behind a number was recently replaced and when it happened. The timestamp and days-since value let you act on recency: a swap that occurred four days ago carries a very different risk profile than one from six months ago, and your rules can reflect that.

SIM swap results appear in the SIM swap subsection of Telco attributes and are returned under sim_swap:

Note: SIM swap coverage is country-specific. For countries where onboarding has not been completed, SIM swap fields return null. Enabling an additional country requires submitting an onboarding application through SEON; approval typically takes two to three weeks from submission.

Phone number porting moves a number from one carrier to another. Fraudsters port numbers to seize control of them, sustain scams, or obscure their identity. A number with multiple recent ports is a meaningful flag; one that has stayed on the same carrier for years reads as lower risk.

This signal returns whether the number was ported, when it last happened, how many times it has been ported within the lookback window, and details of the previous carrier — useful for phone identity stability checks, synthetic identity detection, and lending and underwriting risk.

Coverage is limited to select countries, and the lookback window varies by market: the US covers the last 90 days, the EU the last 180 days. A porting event outside the window returns no history, even if porting occurred further back.

Results appear in the Porting history subsection of Telco attributes and are returned under porting_history:

The telco risk score is a machine learning score derived entirely from carrier-level signals. It analyzes patterns associated with a phone number, such as receiving authentication requests from multiple countries in a short period and returns a normalized score between 0 and 100. Higher scores indicate higher risk.

The score appears as Risk score at the top of the Telco attributes section and is returned under telco_risk_score in the API response. Use it as a single numeric input for rules and automated decisions. Combined with other telco signals, it gives your models a layered view of carrier-level risk.

HLR & CNAM lookups, SIM swap, porting history and the telco risk score are extensions to the standard Phone API. Once enabled under your account, you can add the relevant values to include inside the config parameter of a Phone API request, or inside the phone config object of a Fraud API request.

Learn more: Visit our Phone API request page for detailed information on request configuration.