Pay-per-call fraud is a taxonomy problem before it's a technical problem. Most networks that get burned aren't running bad detection — they're running detection tuned for the fraud patterns they saw two years ago. The fraud ecosystem evolves faster than most operators' threat models. Here's the full taxonomy of patterns we actively block at the carrier edge, with detection signatures for each.
Pattern 1: Spoofed caller ID (CID fraud)
The most prevalent and oldest pattern. The publisher presents a call with a caller ID that doesn't match the actual originating number — often a premium local DMA number to pass geo-targeting filters. STIR/SHAKEN attestation exposes this at the carrier level: a B-attestation (origin known, but not the relationship to the called number) or a C- attestation (only partial verification) should trigger additional scoring before the call reaches a buyer.
Detection signals: STIR/SHAKEN attestation level < A, geographic mismatch between originating carrier and presented DMA, CID presenting as a landline registered to a business in a different state.
Pattern 2: Repeat dialers
The same underlying number calling multiple times within a short window, sometimes with light number rotation (incrementing the last 2–3 digits) to avoid exact-match dedup. The tell: the call audio pattern is identical or near-identical across multiple "unique" callers. We use acoustic fingerprinting on the first 15 seconds of call audio to detect this.
Pattern 3: Short-call attacks
This pattern is designed to pass duration-based quality filters. A fraudulent call connects, stays on the line for exactly the minimum qualifying duration (often 90 seconds), then disconnects without any qualified conversation. The audio often contains background noise or recorded content to simulate a conversation.
Detection signals: call duration clustered precisely at the quality threshold (within ±5 seconds), voice activity detection showing only one-sided audio, sentiment scoring returning neutral/negative throughout.
Pattern 4: Bot traffic and automated dialers
Automated dialers connecting to pay-per-call networks, often using SIP trunks or VOIP infrastructure. The sophistication ranges from simple autodialers to systems that play recorded human responses. Detection here relies heavily on acoustic analysis: machine- generated audio has characteristic artifacts that human speech doesn't, and the response latency pattern (perfectly consistent turn-taking) doesn't match human conversation.
Pattern 5: GEO laundering
A call originates from a low-value DMA or from offshore, then gets routed through US-based forwarding infrastructure to present as a local number in a premium market (Florida, Texas, California). Buyers pay premium prices for the high-value geo; publishers pocket the arbitrage.
Detection signals: carrier-of-record mismatch with the presented number's area code, VOIP origination flags, IP-based geolocation of the originating trunk not matching the presented number geography.
Pattern 6: Call recycling
Previously processed leads — often callers who already spoke with a buyer and didn't convert — are repackaged and re-sold as fresh calls. This is harder to detect without cross-network intelligence, but within a network, caller phone number history lookups catch most recycling. We maintain a 90-day call history per caller and flag any number that appears in the history of a different publisher's campaign.
Pattern 7: Consent fabrication
The publisher submits calls claiming the caller provided TCPA-compliant consent, with a fabricated or backdated timestamp. This is the highest-stakes pattern from a legal perspective — it exposes the buyer and the network to TCPA liability on calls they believed were clean.
Carrier edge vs. post-call scoring
Most fraud detection happens post-call — the call completes, scores run against the recording, and the publisher gets charged back or blocked. This is necessary but not sufficient. Carrier-edge blocking runs pre-connection: calls are assessed on telephony-layer signals (attestation, CID, originating carrier) before they're connected to a buyer. Edge blocking is faster and doesn't consume buyer capacity, but it can't see audio-layer signals. The two systems are complementary — edge blocking handles patterns 1, 2, 5; post-call handles 3, 4, 6, 7.
Ready to close the loop on your
revenue stack?
Teldrip Pulse handles call tracking, RTB and attribution. Signal handles telephony, AI voice agents and outbound. Spin up a free trial in minutes.
7-day free trial on Signal · Cancel any time