Uncategorized

How to Detect Fake Phone Numbers: Fraud Prevention Guide (2026)

Q: What's the false positive rate of phone fraud detection?

Industry standard is 1–3% false positives — meaning 1–3% of real users get flagged as suspicious. Most platforms route flagged users to manual review or extra verification rather than hard blocking, which keeps false positives from costing you customers.

Q: Should I block all VoIP phone numbers?

No. VoIP numbers belong to real users — Google Voice alone has 30M+ active users. Block VoIP only in high-fraud industries (fintech, crypto, free-trial SaaS). For most B2B and e-commerce use cases, flag VoIP for additional verification rather than blocking outright.

Identify fake, VoIP, and high-risk phone numbers in your user database. 5 detection methods + tools for fintech, marketplaces, and SaaS.

Updated May 2026 7 min read By admin110 Uncategorized

How to Detect Fake Phone Numbers: 5 Methods for Fraud Prevention

To catch fake phone numbers before they hurt you, combine five methods:

Carrier database lookup (HLR) — confirm the number is actually in service
VoIP detection — flag virtual numbers
Risk scoring — combine multiple fraud signals
Velocity checks — catch repeated abuse
Pattern matching — known fake number ranges

Real-time API validation at signup catches 80–90% of fake numbers before they enter your system. The remaining 10–20%? That’s where the sophisticated fraudsters live, and they need different tools.

Fake phone numbers cost businesses billions every year. Free trial abuse alone bleeds 5–10% of SaaS revenue. Crypto and fintech platforms watch fake phones get used to multiply airdrops, evade KYC, and create synthetic identities. This guide explains how to identify and block them — without breaking the experience for real users.

What Counts as a “Fake” Phone Number

Not every suspicious number is technically fake. Five categories matter:

Disconnected real numbers — formerly real, no longer in service
VoIP numbers — Google Voice, TextNow, Skype, Twilio (real, but easy to acquire)
Disposable/burner numbers — temporary numbers from Hushed, Burner, or 2nd Line
Recycled numbers — reassigned by carriers after disconnection
Out-of-country numbers spoofed as local — caller ID manipulation

Threat level varies by industry. For B2B sales, all five are usable contacts. For fintech KYC, VoIP and disposable numbers are red flags. For marketplaces, recycled numbers tied to old accounts are the biggest risk.

Context matters. A lot.

Method 1 — Carrier Database Lookup (HLR)

HLR (Home Location Register) is the carrier-level database that tracks which numbers are active, which network they belong to, and whether they’ve been ported. Real-time HLR lookup confirms three things instantly:

The number exists and is in service
Which carrier owns it (or which it’s been ported to)
Country and region code accuracy

HLR catches disconnected numbers and flags numbers that aren’t in any carrier’s database. Most validation APIs include HLR by default. See our carrier lookup guide for the technical detail.

Method 2 — VoIP Detection

VoIP numbers are real and reachable. They’re also cheap and easy to acquire — making them the favorite tool of fraudsters. Detection works by checking the number’s carrier against a database of known VoIP providers (Google Voice, TextNow, Twilio, Skype, etc.).

Carrier: "Google Voice" → VoIP flag = true
Carrier: "Verizon Wireless" → VoIP flag = false

What to do with VoIP flags depends on your industry:

B2B sales — keep VoIP numbers, real users have them
Fintech / Crypto — block or require additional KYC
Marketplace / Free trials — block at signup
E-commerce — flag for manual review

For deeper VoIP detection details, see VoIP number checker.

Method 3 — Risk Scoring (Fraud Signal Aggregation)

Risk scoring combines multiple signals into a single 0–100 score. Common signals:

VoIP / disposable number flag
Number recycled in last 90 days
Country mismatch (US-coded number from foreign IP)
Velocity (number used 50+ times across signups)
Carrier reputation
Format anomalies

A risk score above 70 typically gets blocked or sent for manual review. Below 30 — auto-approved. The 30–70 middle band gets extra verification (SMS code, document upload, etc.).

This is where most platforms fail: they treat fraud as binary. It’s not. There’s a huge gray zone where you need to gather more signal, not block outright.

Method 4 — Velocity Checks

Velocity checks track how often a single phone number appears across signups, password resets, or transactions. Patterns that trigger alerts:

Same number used by 5+ different accounts in 24 hours
100+ failed signups from numbers in the same prefix
Pattern of numbers all from a single VoIP provider

Velocity detection requires logging every signup attempt with the phone number used. Most fraud platforms (Sift, SEON, Stripe Radar) bake this in. For custom systems, build it as a simple count query against your signup logs.

Method 5 — Pattern Matching

Some fake number ranges are well-known. Examples:

555-01XX numbers — reserved for movies/TV, never real
All-zero or all-same-digit numbers — 0000000000, 5555555555
Sequential digits — 1234567890
Test numbers used in tutorials — +15551234567

A static pattern blocklist catches the lazy fraudsters in milliseconds. Combine with the other four methods for full coverage.

Industries That Need This Most

Fintech and Crypto (KYC/AML)

Regulatory requirements force phone validation as part of KYC. Beyond compliance, fraud risk is concentrated here — fake phones are step one of synthetic identity fraud, which costs the industry $20B+ annually. Validation should run at account creation, before any deposit, and before withdrawals above threshold.

SaaS Free Trial Abuse

Free trials get abused by users creating multiple accounts with disposable numbers. Detection at signup blocks 80%+ of trial abuse. The cost: validation runs ~$0.001/signup. Lost revenue from one abused trial: $20–$200. The math isn’t subtle.

Online Marketplaces

Sellers and buyers using fake phones to evade dispute resolution or chargebacks. Validation at account creation, plus re-validation at first transaction, reduces marketplace fraud significantly.

Healthcare and Insurance

Identity verification regulations require valid contact data. Fake phones in healthcare records cause appointment no-shows, claim disputes, and HIPAA exposure.

Real-Time vs Batch — Which Do You Actually Need?

Real-time — validate at the moment of signup or transaction. Required for fraud prevention. Adds 50–200ms to user flow but catches fraud before it happens. Use API integration.

Batch — validate existing user databases periodically. Catches users whose numbers went bad after signup, or who slipped through real-time checks. Run quarterly or monthly. Use bulk CSV upload.

Most teams need both. Real-time for new signups, batch for the existing user base.

Tools

For comprehensive fraud phone detection:

BulkChecker Phone Validator — VoIP detection + risk scoring + carrier lookup, $4 per 10K
IPQualityScore — fraud-focused, includes velocity tracking, more expensive
Twilio Lookup — carrier-only, no fraud signals (see alternative)
Custom integration — combine validation API with internal velocity logging

For fintech and crypto teams handling KYC, see also our crypto exchange user verification guide.

Next Step

Start by validating your existing user database to find current fake numbers. Then add real-time API validation at all signup points. Most teams see signup fraud drop 60–80% within the first 30 days.

Detect fake numbers with BulkChecker →

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

FAQ

What’s the false positive rate of phone fraud detection?

Industry standard is 1–3% false positives. That means 1–3% of real users get flagged as suspicious. Most platforms route flagged users to a manual review queue or extra verification (SMS code) rather than hard blocking — which keeps false positives from costing you customers.

Should I block all VoIP phone numbers?

No. VoIP numbers belong to real users. Google Voice alone has 30M+ active users. Block VoIP only in high-fraud industries (fintech, crypto, free-trial SaaS). For most B2B and e-commerce use cases, flag VoIP for additional verification rather than blocking outright. You’ll lose real customers if you blanket-block.

How does this affect legitimate users?

Real-time validation adds 50–200ms to signup flow, which is imperceptible. Validation results never display to the end user. Only flagged accounts (high risk score) face additional verification — typically an SMS code or document upload — adding 30 seconds to onboarding.

Is phone fraud detection GDPR-compliant?

Yes. Phone number validation is treated as a legitimate business interest for fraud prevention under GDPR Article 6(1)(f). Most validation providers don’t store the numbers they validate, which keeps the workflow privacy-compliant. Always check your provider’s data processing agreement.

Can fraudsters bypass phone fraud detection?

Sophisticated fraudsters can buy real prepaid SIMs or compromised legitimate numbers. No detection method catches everything. The goal isn’t 100% blocking — it’s raising the cost of fraud high enough that fraudsters target someone else. Multi-signal detection (carrier + VoIP + risk score + velocity) blocks 90%+ of automated and amateur fraud.

What’s the difference between phone validation and fraud detection?

Validation answers “is this number real and active?” — useful for cleaning lists. Fraud detection answers “is this number suspicious in this context?” — useful for blocking abuse at signup. Validation is one input to fraud detection; fraud detection adds risk scoring, velocity checks, and pattern matching on top.