How Prove’s Global Fraud Policy Stops Phone-Based Fraud Others Miss

Phone numbers have long been considered a reliable identity anchor: one person, one device, one number. But that premise no longer holds. Phone numbers are increasingly losing their trustworthiness, and fraudsters understand this better than anyone. Phone numbers are recycled, reassigned, virtualized, and increasingly weaponized, and fraudsters are exploiting that reality at scale.

Recycled numbers, eSIM-driven attacks, and Mobile Virtual Network Operator (MVNO) fraud now surface precisely where trust matters most: account opening, authentication, and recovery. Legacy phone-based controls weren’t built for this environment, so organizations respond by layering on friction that frustrates real users and still fails to stop fraud.

Prove’s Global Fraud Policy (GFP) was built for how phone fraud actually works today. It is an always-on, adaptive policy engine that continuously evolves Prove’s fraud signaling and applies those signals to each transaction input. In doing that, it enables organizations to capture modern phone-based fraud without sacrificing user conversion. Leading digital businesses already rely on Prove’s Global Fraud Policy to protect their most critical customer journeys, because it delivers a level of phone intelligence and enforcement no point solution can replicate.

Why “Looks Legit” Is No Longer Enough

In the U.S. alone, carriers recycle tens of millions of phone numbers each year, often reissuing them within weeks. A number that once belonged to a verified customer can quickly be reassigned to someone else, yet many businesses continue to treat that same number as a durable trust signal. Independent research shows the scale of the problem: when sampled, more than 80% of numbers available for reassignment were already recycled and susceptible to SMS-based account takeover.

At the same time, eSIM adoption has exploded. Hundreds of millions of eSIM-enabled devices now ship each year, and phone numbers can be provisioned, rotated, and discarded entirely in software. For fraudsters, this is a gift, because:

• Recycled numbers inherit trust they no longer deserve
• eSIMs make possession cheap, temporary, and scalable
• Bots can cycle through carrier-backed numbers faster than reputation systems can react
  

To most legacy fraud systems, these numbers still look legitimate. They’re mobile. They receive SMS. They come from valid carriers. And that’s the crux of the problem.

There is a growing gap between what a phone number appears to represent and whether it actually belongs to the person using it, creating ideal conditions for account takeover, fraud, and false approvals.

Why Legacy Phone Controls Fail

Recycled phone fraud succeeds because it exploits a core assumption embedded in legacy identity systems: that phone numbers change ownership slowly and that possession implies legitimacy. That assumption no longer holds.

Most traditional controls still treat phone signals as static and incomplete:

• Phone tenure is evaluated without visibility into disconnects or reassignment
• Possession is conflated with ownership
• Historical legitimacy outweighs current context
• SMS confirms delivery, not continuity, intent, or identity
  

This creates a critical blind spot: possession can be real while ownership is false.

‍Recycled and eSIM-enabled numbers routinely pass reachability and tenure checks, allowing fraud to slip through the moments where friction is intentionally low, including:

• Account opening and registration
• Dormant account reactivation
• Account recovery and password resets
• SMS-based step-up authentication
  

The result is predictable and costly: false approvals, account takeovers, bot-driven account creation at scale, and escalating customer friction that still fails to stop the attack.

Prove’s Global Fraud Policy: Built for How Phone Fraud Works Now

Global Fraud Policy is an always-on enforcement layer designed to prevent  modern, phone-centric fraud. Every transaction is evaluated in real time to answer a single question: Does this phone number represent legitimate, current ownership, or borrowed trust?

To make that determination, GFP continuously evaluates trusted signals of possession, ownership, and reputation, including:

• Ownership continuity and carrier disconnect events
• Recycled and reassigned number patterns
• Short or suspicious tenure associations
• Excessive identity churn tied to a single phone number
• Indicators of temporary, automated, or low-reputation phone usage
• Device to phone number relationship
  

Unlike legacy tools that rely on static thresholds, GFP enforces policy. It produces clear pass/fail outcomes with explainable reason codes that surface recycled phone fraud, eSIM abuse, injection risk, and other modern attack patterns. The result is faster decisions, fewer false positives, and outcomes that fraud, risk, and engineering teams can confidently stand behind.

All of this happens by default. There’s no tuning, no rules to manage, and no lag between new fraud patterns and enforcement. As attacks evolve across the Prove network, GFP adapts in real time, protecting account opening, authentication, and recovery flows without adding friction for legitimate users.

That’s the difference between reacting to phone fraud and enforcing trust at the speed it actually breaks.