Call forwarding is a simple, low-effort, high-reward attack that can be set up in seconds and stay hidden for long enough to do real damage. It exploits ordinary telephony features to create a silent channel for fraud that looks normal to users.
The Account Takeover fraud no one notices until it’s happened. Except Us.
Call forwarding fraud is one of the most under-recognised threats to banks, fintechs, and payment providers. Unlike SIM Swap, a call forward leaves the customer’s phone working normally. The signal stays on, the apps open, and everything looks fine – except that all SMS OTPs, callbacks, and bank alerts are now being silently diverted to a fraudster.
This is the new frontier of account takeover (ATO) – covert, telecom-enabled, and designed to bypass traditional defences. With a single simple setting, a criminal can hijack a customer’s identity and authorise payments, reset passwords, or convince your fraud team that they’re speaking to the real person.
If you're concerned about ATO and you're checking for SIM Swaps (or even if you're not), then you should also check Call Forwarding from XConnect.
Why Is Call Forward So Dangerous?
As easy as it is high-reward.
No warning signals
The attacker (or victim) sets up Call Forward so inbound calls and SMS OTPs are diverted to a fraudster's number while the victim’s handset continues to ring. This is at the operator level, which means the attacker receives everything.
Fraud alerts go to the fraudster
Where systems rely on SMS OTP or voice as a backstop, the attacker can intercept, confirm, or manipulate attempts by a bank or payment processor in real time to verify account setup, create new payees, and start draining accounts.
Hard to detect
There is no device telemetry, browser signal or conventional client-side trace that reliably shows network-level forwarding. Detection, then, needs operator-grade signals, cross-checks and anomaly detection at the telecom layer.
Damage to business
The consequences are immediate and severe: stolen funds, customer chargebacks, regulatory penalties and lasting reputational harm. Account Takeovers cause situations like the ones M&S, Co-Op and Jaguar Land Rover faced.
How Call Forwarding fraud Is Carried Out
Method 1 – Social engineering
Victims are tricked into dialling short codes like **21*number# or *72 + number, supposedly to fix an issue or reach a ‘supervisor’. This sets an unconditional divert, forwarding every call and message to the fraudster.
Method 2 – Insider collusion
Bribed or compromised mobile-shop or contact-centre staff can add diverts directly via internal systems, often alongside SIM swaps. With one insider, attackers can reroute calls, intercept OTPs, and validate new payees – all under the victim’s name.
Once set, an unconditional divert can stay active indefinitely, enabling repeat thefts and undermining customer trust.
Why Call Forward is even more dangerous than SIM Swap
Call Forward fraud is one of the most dangerous forms of account takeover because it’s almost invisible.
The victim’s phone still has signal, so the compromise goes unnoticed while criminals operate freely. Unlike SIM Swap, there are no alerts, no service disruption and no obvious signs of intrusion. Until you can't access your bank accounts, services and subscriptions.
That’s why if you’re checking for SIM Swap or trying to prevent account takeover, you should also check for active unconditional Call Forwarding.
XConnect’s Call Forward Check identifies these diversions in real time, flagging compromised sessions before the damage is done.
1. Invisible protection
Call Forward Check operates entirely in the background. There are no apps, codes or pop-ups for users to deal with. It quietly verifies network status within milliseconds, keeping the customer journey seamless while ensuring that every login, transaction or callback starts with an assurance of integrity.
2. Login defence
When customers log in or start a new session, a live Call Forward Check confirms their number isn’t silently redirected. If a divert is active, access can be blocked or stepped up instantly. It’s a simple, invisible way to close the first and most vulnerable door to account takeover.
3. Secure new payees
Whenever a user adds a new payee, beneficiary or trusted device, Call Forward Check ensures the registered number is still under their control. If a divert is detected, the system can trigger a re-verification or hold the change, protecting payment journeys before any funds are at risk.
4. High-risk payments
Before authorising large or unusual payments, the platform performs a quick check for active call forwarding. If a divert is detected, you can stop, re-route or step up the authorisation process immediately. It’s silent, fast and removes one of the most common routes to account takeover.
5. Account recovery
When a customer resets a password or reclaims access, fraudsters often exploit call forwarding to impersonate them. Running Call Forward at this stage confirms that the number is genuine and reachable, preventing attackers from hijacking the process and ensuring recovery remains in the hands of the rightful owner.
6. Call-centre safeguards
Contact-centre agents can poll the Call Forward signal before sharing sensitive information. If an active divert is detected, the system flags it automatically so the agent withholds details. It’s an invisible pre-check that keeps phone-based customer interactions safe from redirection and impersonation fraud in real time.
7. Preventing losses
A single divert can drain accounts within minutes. Call Forward Check detects it before money moves. By stopping transactions where call forwarding is active, enterprises reduce reimbursements, protect balances, and demonstrate proactive control to auditors – preventing loss, protecting customers, and lowering operational costs simultaneously.
8. Meeting regulation
Regulators increasingly expect banks and fintechs to address telecom-enabled account takeover. Call Forward Check provides a clear, auditable control that proves due diligence. It fits within existing KYC, AML and reimbursement frameworks, offering a fast, measurable way to evidence prevention without impacting service or customer experience.
9. Protecting trust
When a bank tells a customer “we called you and you approved it,” confidence evaporates. Call Forward Check prevents that scenario entirely. It safeguards voice channels, ensuring communications genuinely reach the right person and preserving the trust that underpins every digital relationship between a brand and its users.
10. Seamless integration
Deployed through a single API call, Call Forward Check fits directly into existing fraud or authentication flows. It adds no friction and requires no interface changes. Built on operator-grade infrastructure, it’s fast, reliable and ready to scale globally through XConnect’s SAFr platform or GSMA Open Gateway APIs.
11. Proven in practice
Real-world cases show how easily call forwarding leads to loss. UK and US banks, Indian fintechs and logistics scams all exploited a single diverted line to intercept OTPs. Each case would have been stopped instantly by a live network check. Proof that prevention beats post-incident investigation every time.
12. Privacy assured
No personally identifiable information leaves the operator network. The API returns only a minimal true, false or unknown signal – nothing else. Built to GDPR and ISO 27001 standards, Call Forward Check delivers network-level certainty with complete privacy, encryption, and an audit trail regulators can depend on.
An extra layer of defence. With zero friction.
Call Forward Check runs silently in the background. The user doesn’t need to enter anything, install an app, or change their behaviour. It simply checks directly with their mobile network whether the number in use has a permanent call divert active. The response takes milliseconds and returns a straightforward result: Pass (no divert), Fail (divert active), or Unknown.
Because it doesn’t interrupt the user journey, it can be placed at critical points like login, transaction approval, or onboarding adding a powerful fraud signal without slowing anything down. If a risk is detected, businesses can step up checks only when needed. That means stronger protection against Account Takeover, with zero impact for genuine users.
Result? Happier customers.
Who uses Call Forward Check?
Leading banks, fintech platforms, insurers, gaming operators, and crypto exchanges use Call Forward Check to protect high-risk user flows such as login, payment approval, account recovery, and new payee setup from covert call-divert fraud. It’s equally valuable for e-commerce, BNPL, and digital-service providers that rely on voice OTPs, callbacks, or telephone verification and need to know those calls reach the real user.
You can also combine Call Forward with other checks like SIM Swap, SAFr Auth or SAFr Pulse to validate number status, confirm device presence, and detect anomalies before authentication – creating a seamless, multi-layered defence that stops silent account takeover before any money moves.
Trusted. Proven. Privacy-First.
Call Forward Check is already live with leading mobile operators worldwide, protecting over a billion users. It meets GDPR, ISO 27001 and all major compliance frameworks, returning only what you need – a true, false or unknown. No personal data ever leaves the network, ensuring every check is private, secure and auditable.
This is not theory – it’s real, field-tested technology from the team that created the original GSMA Mobile Identity APIs. Built for scale, deployed in days, and proven across industries, Call Forward Check closes the final gap in account takeover defence – with no friction and no compromise.
How can I try Call Forward Check?
We can give you a sandbox environment to allow you to try Call Forward out.
Our customer, partner, onboarding, technology and delivery teams are all experts, totally knowledgeable about what we can do (and what we can’t) and are all yours during your XConnect journey, from initial enquiry, to POC, to switching on live service.
