Pulse
Call TrackingReal-Time BiddingRouting PlansIVR BuilderPay Per CallConversation AIAI Quality AnalysisPost-Call TranscriptionFraud IntelligenceAI Real-Time ReportsPayout ManagementClosed-Loop Attribution
Signal
Virtual NumbersNumber IntelligenceAI Predictive DialerCampaignsVisual IVRAI Voice AgentsRevenue BuilderWorkforce ManagementCommunication HubCall Management
Company
PricingBlogCase StudiesIntegrationsEventsAbout UsCareersContact
Sign in
Pulse — pulse.teldrip.comSignal — signal.teldrip.com
Try PulseTry Signal freeTalk to sales
Back to blog
Pay-Per-Call13 min read· Nov 2025

The publisher fraud taxonomy we use in production

Spoofed CIDs, repeat dialers, short-call attacks, bot traffic, GEO laundering — the seven fraud patterns we block at the carrier edge, and how to detect them.

Pay-per-call fraud is a taxonomy problem before it's a technical problem. Most networks that get burned aren't running bad detection — they're running detection tuned for the fraud patterns they saw two years ago. The fraud ecosystem evolves faster than most operators' threat models. Here's the full taxonomy of patterns we actively block at the carrier edge, with detection signatures for each.

Pattern 1: Spoofed caller ID (CID fraud)

The most prevalent and oldest pattern. The publisher presents a call with a caller ID that doesn't match the actual originating number — often a premium local DMA number to pass geo-targeting filters. STIR/SHAKEN attestation exposes this at the carrier level: a B-attestation (origin known, but not the relationship to the called number) or a C- attestation (only partial verification) should trigger additional scoring before the call reaches a buyer.

Detection signals: STIR/SHAKEN attestation level < A, geographic mismatch between originating carrier and presented DMA, CID presenting as a landline registered to a business in a different state.

Pattern 2: Repeat dialers

The same underlying number calling multiple times within a short window, sometimes with light number rotation (incrementing the last 2–3 digits) to avoid exact-match dedup. The tell: the call audio pattern is identical or near-identical across multiple "unique" callers. We use acoustic fingerprinting on the first 15 seconds of call audio to detect this.

Detection signals:Same caller audio fingerprint across >3 calls in 24h, number range clustering (sequential or near-sequential CIDs), same ambient noise profile across multiple calls from different presented numbers.

Pattern 3: Short-call attacks

This pattern is designed to pass duration-based quality filters. A fraudulent call connects, stays on the line for exactly the minimum qualifying duration (often 90 seconds), then disconnects without any qualified conversation. The audio often contains background noise or recorded content to simulate a conversation.

Detection signals: call duration clustered precisely at the quality threshold (within ±5 seconds), voice activity detection showing only one-sided audio, sentiment scoring returning neutral/negative throughout.

Pattern 4: Bot traffic and automated dialers

Automated dialers connecting to pay-per-call networks, often using SIP trunks or VOIP infrastructure. The sophistication ranges from simple autodialers to systems that play recorded human responses. Detection here relies heavily on acoustic analysis: machine- generated audio has characteristic artifacts that human speech doesn't, and the response latency pattern (perfectly consistent turn-taking) doesn't match human conversation.

Pattern 5: GEO laundering

A call originates from a low-value DMA or from offshore, then gets routed through US-based forwarding infrastructure to present as a local number in a premium market (Florida, Texas, California). Buyers pay premium prices for the high-value geo; publishers pocket the arbitrage.

Detection signals: carrier-of-record mismatch with the presented number's area code, VOIP origination flags, IP-based geolocation of the originating trunk not matching the presented number geography.

Pattern 6: Call recycling

Previously processed leads — often callers who already spoke with a buyer and didn't convert — are repackaged and re-sold as fresh calls. This is harder to detect without cross-network intelligence, but within a network, caller phone number history lookups catch most recycling. We maintain a 90-day call history per caller and flag any number that appears in the history of a different publisher's campaign.

Pattern 7: Consent fabrication

The publisher submits calls claiming the caller provided TCPA-compliant consent, with a fabricated or backdated timestamp. This is the highest-stakes pattern from a legal perspective — it exposes the buyer and the network to TCPA liability on calls they believed were clean.

!
Detection requires independent verification: We validate consent timestamps against our own infrastructure logs where possible, and require publishers to submit consent records with a signed token that we can verify cryptographically. Timestamps that predate the publisher's registration in our system, or that cluster suspiciously (all consents collected within a 2-minute window), are flagged for manual review.

Carrier edge vs. post-call scoring

Most fraud detection happens post-call — the call completes, scores run against the recording, and the publisher gets charged back or blocked. This is necessary but not sufficient. Carrier-edge blocking runs pre-connection: calls are assessed on telephony-layer signals (attestation, CID, originating carrier) before they're connected to a buyer. Edge blocking is faster and doesn't consume buyer capacity, but it can't see audio-layer signals. The two systems are complementary — edge blocking handles patterns 1, 2, 5; post-call handles 3, 4, 6, 7.

Related articles
Pay-Per-Call

Setting RTB floor prices by vertical: a 2026 playbook

12 min readFeb 2026
Attribution

Closing the loop: server-side conversion APIs in 2026

14 min readMar 2026
Conversation AI

AI voice agents + human escalation, without the uncanny valley

10 min readJan 2026

Ready to close the loop on your
revenue stack?

Teldrip Pulse handles call tracking, RTB and attribution. Signal handles telephony, AI voice agents and outbound. Spin up a free trial in minutes.

Try Pulse Try Signal freeTalk to sales
7-day free trial on Signal · Cancel any time