SIM Fraud Detection
“Which SIM cards are being used for fraud?”
Book a demo and get a free trial of the full platform: data science agent, fine-tune capabilities, and forward-deployed engineer support.
By submitting, you accept the Terms and Privacy Policy.
Loved by data scientists, ML engineers & CXOs at
A real-world example
Which SIM cards are being used for fraud?
Telecom fraud costs carriers $39B globally per year. SIM-based fraud schemes (SIM swaps, SIM boxes, IRSF) are increasingly sophisticated and operate through coordinated rings. A mid-size carrier loses $35M annually to fraud, and traditional rule-based systems catch only 40% of cases, with 30% false-positive rates that overwhelm fraud teams. The fraud signal is in the network: burner SIMs activated in batches, calling patterns to premium numbers, and device-change sequences that match known fraud playbooks.
How KumoRFM solves this
Graph-learned network intelligence across your entire subscriber base
Kumo builds a fraud network graph connecting SIMs, subscribers, call/data sessions, and device changes. It learns that SIMs activated within 48 hours of each other, sharing IMEI devices, and generating calls to the same set of international premium numbers form fraud rings. The graph structure reveals that a single suspicious SIM is connected to 50 others through shared activation locations and calling patterns. Traditional models evaluate each SIM independently and miss these ring-level signals entirely.
From data to predictions
See the full pipeline in action
Connect your tables, write a PQL query, and get predictions with built-in explainability — all in minutes, not months.
Your data
The relational tables Kumo learns from
SUBSCRIBERS
| subscriber_id | activation_date | channel | id_verified |
|---|---|---|---|
| SUB301 | 2025-02-28 | Online | Y |
| SUB302 | 2025-02-28 | Online | N |
| SUB303 | 2025-01-15 | Retail | Y |
SIMS
| sim_id | subscriber_id | imei | activation_store | status |
|---|---|---|---|---|
| SIM001 | SUB301 | IMEI_A001 | Store_22 | Active |
| SIM002 | SUB302 | IMEI_A001 | Store_22 | Active |
| SIM003 | SUB303 | IMEI_B445 | Store_08 | Active |
CALLS
| call_id | sim_id | destination | duration_sec | timestamp |
|---|---|---|---|---|
| CL01 | SIM001 | +882-1234567 | 180 | 2025-03-01 |
| CL02 | SIM002 | +882-1234567 | 175 | 2025-03-01 |
| CL03 | SIM003 | +1-555-0199 | 320 | 2025-03-01 |
DATA_SESSIONS
| session_id | sim_id | data_mb | timestamp | tower_id |
|---|---|---|---|---|
| DS01 | SIM001 | 2.1 | 2025-03-01 | TWR_445 |
| DS02 | SIM002 | 1.8 | 2025-03-01 | TWR_445 |
| DS03 | SIM003 | 850 | 2025-03-01 | TWR_102 |
DEVICE_CHANGES
| change_id | sim_id | old_imei | new_imei | timestamp |
|---|---|---|---|---|
| DC01 | SIM001 | IMEI_A001 | IMEI_A002 | 2025-03-02 |
| DC02 | SIM002 | IMEI_A001 | IMEI_A003 | 2025-03-02 |
Write your PQL query
Describe what to predict in 2–3 lines — Kumo handles the rest
PREDICT BOOL(SIMS.FRAUD_FLAG, 0, 7, days) FOR EACH SIMS.SIM_ID WHERE SIMS.STATUS = 'Active'
Prediction output
Every entity gets a score, updated continuously
| SIM_ID | SUBSCRIBER_ID | ACTIVATION_AGE | FRAUD_PROB |
|---|---|---|---|
| SIM001 | SUB301 | 3 days | 0.92 |
| SIM002 | SUB302 | 3 days | 0.94 |
| SIM003 | SUB303 | 46 days | 0.03 |
Understand why
Every prediction includes feature attributions — no black boxes
SIM SIM001 -- 3-day activation, shared IMEI
Predicted: 92% fraud probability
Top contributing features
Shared IMEI with other SIMs
2 SIMs on same device
31% attribution
Calls to premium international numbers
12 calls to +882
26% attribution
Co-activation pattern
Batch of 5 SIMs
19% attribution
Data usage anomaly
< 5MB/day (SIM box pattern)
14% attribution
Device change velocity
2 swaps in 48h
10% attribution
Feature attributions are computed automatically for every prediction. No separate tooling required. Learn more about Kumo explainability
PQL Documentation
Learn the Predictive Query Language — SQL-like syntax for defining any prediction task in 2–3 lines.
Python SDK
Integrate Kumo predictions into your pipelines. Train, evaluate, and deploy models programmatically.
Explainability Docs
Understand feature attributions, model evaluation metrics, and how to build trust with stakeholders.
Bottom line: A carrier losing $35M annually to SIM fraud that deploys Kumo's graph-based detection catches 85% of fraud rings with a 5% false-positive rate, recovering $25M+ per year. Kumo reveals the ring structure through shared IMEIs, co-activation patterns, and coordinated calling behavior that per-SIM rule engines cannot see.
Related use cases
Explore more telecom use cases
Topics covered
One Platform. One Model. Predict Instantly.
KumoRFM
Relational Foundation Model
Turn structured relational data into predictions in seconds. KumoRFM delivers zero-shot predictions that rival months of traditional data science. No training, feature engineering, or infrastructure required. Just connect your data and start predicting.
For critical use cases, fine-tune KumoRFM on your data using the Kumo platform and Data Science Agent for 30%+ higher accuracy than traditional models.
Book a demo and get a free trial of the full platform: data science agent, fine-tune capabilities, and forward-deployed engineer support.
