The Problem
A consumer fintech offering digital lending products was seeing a sharp increase in account takeover (ATO) attacks. The attack pattern was consistent: bad actors were using recently ported numbers, VoIP numbers registered under false identities, or numbers with high spam/fraud signal scores to pass SMS-based 2FA and take over legitimate accounts.
Their existing fraud stack scored applicants by device, IP, and identity data — but phone number quality was treated as binary: either the SMS delivered or it didn't. They had no visibility into what kind of number was receiving their authentication codes or whether that number carried behavioral signals associated with fraud.
In a 90-day window, the fraud team identified 4,200+ suspicious account creation events that had bypassed their existing controls. Fraud losses were up 43% quarter-over-quarter, and manual review queues were overwhelmed.
Impact before VRI
- 61% of identified ATO attempts originated from high-risk number types (VoIP, prepaid, recently ported)
- Fraud losses up 43% QoQ
- Manual review team handling 400+ escalations/week
- False negative rate on phone-based risk signals: effectively 0% (no signal existed)
The Solution
The fraud team integrated VRI's Spam/Reputation Scoring ($0.0070/lookup) and Enhanced LRN ($0.0005/lookup) APIs into two points of their user journey:
At account creation
- Every submitted phone number was scored in real time before the account was provisioned
- Numbers scoring high on VRI's spam/reputation model, or identified as VoIP, prepaid, or recently ported, triggered a step-up verification flow or manual review
- Numbers with fraud-signal combinations (VoIP + high spam score + recent port) were blocked outright
At step-up authentication (suspicious logins)
- When the risk engine flagged a login attempt, the authenticating phone number was re-scored
- Changed carrier or line type since account registration triggered automatic escalation
- This caught SIM-swap attacks mid-flight
The entire integration used VRI's REST API and added 40–80ms to account creation latency — well within their UX tolerance thresholds. The combined cost per lookup (LRN + Spam/Reputation) was $0.0075/lookup.
The Results
| Metric | Before VRI | After VRI | Change |
|---|---|---|---|
| ATO attempts reaching step-2 auth | Baseline | — | -61% |
| Fraud losses (QoQ) | +43% | -31% | Trend reversed |
| Manual review escalations/week | 400+ | 140 | -65% |
| High-risk account creations blocked (first 90 days) | — | 4,200+ | — |
| False positive rate (legit users blocked) | — | <1.8% | — |
The false positive rate of <1.8% meant fewer than 2 in 100 legitimate users experienced any additional friction — an acceptable tradeoff for a 61% reduction in ATO success rate.
What They Said
"Phone number intelligence became a core pillar of our fraud stack almost overnight. VRI's real-time API gives us the signal we needed to stop bad actors at the door without creating friction for real customers. The ROI paid for itself in the first week."
[REPLACE WITH REAL TESTIMONIAL]
Phone numbers carry fraud signals your current stack isn't reading.
VRI's Spam/Reputation Scoring + Enhanced LRN APIs add a real-time phone intelligence layer to your fraud prevention workflow — stopping ATO attacks before they start.