Frequently Asked Questions

TDS Risk is a carrier-derived Mobile KYC and Trust Scoring infrastructure product. It queries live UK mobile carrier data to return real-time fraud and identity signals — including a 0–1000 trust score, SIM swap detection, line type, and identity match scores.

It sits upstream of your existing stack — screening mobile numbers before credit checks, KYC processes, or account creation — so bad submissions never reach your expensive downstream systems.

Trust Score (£0.35) — queries a mobile number and returns a real-time risk score from 0–1000, plus SIM swap data, line type, phoneRisk, and reason codes. Use for fast, high-volume fraud filtering upstream of any other process.

Mobile KYC (£0.45) — performs an identity match against carrier-held records and returns granular scores for name, address, and DOB, plus the isLostStolen flag and synthetic identity reason codes. Use for regulated KYC journeys or higher-risk identity verification.

Most customers use Trust Score for broad filtering and Mobile KYC for specific high-risk journeys.

No — TDS Risk is a complement, not a replacement. It sits upstream of your existing stack. Your credit bureau, fraud bureau, KYC provider, and underwriting engine all stay exactly as they are. TDS Risk just stops bad submissions reaching them.

Think of it as a front door filter — catching fraudulent or invalid submissions before they trigger the processes that cost you money.

TDS Risk currently covers UK mobile numbers — querying live data from all four major UK carriers: Vodafone, EE, O2, and Three. UK mobile numbers in the format 447XXXXXXXXX are supported.

Support for additional markets is on the roadmap. Contact us if you have a specific country requirement.

Both. TDS Risk can be used at any point in the customer lifecycle — new application screening, account renewal checks, high-value transaction verification, or periodic re-screening of existing customer mobile numbers.

The most common use is at the point of new application (upstream of your onboarding stack), but periodic checks on existing accounts for SIM swap detection are also a valid and valuable use case.

If carrier data is unavailable for a specific query, the response will include a riskLevel of -1 and a UC (Insufficient data) or ND (Network status unavailable) reason code. The trustScore may be reduced to reflect the data gap.

Carrier unavailability is rare and typically transient. The audit record will note the data gap.

Yes. £0.35 per Trust Score check and £0.45 per Mobile KYC check — for every customer, regardless of volume. A startup running 100 checks a month pays the same rate as an enterprise running 5 million.

We call this community pricing. It's a deliberate philosophy — volume discounts for large customers come at the direct expense of small ones. We won't do that.

Because we built infrastructure, not a manual process. Traditional providers built their businesses around manual carrier onboarding, manual compliance reviews, and manual customer due diligence. Every bottleneck is expensive, so they pass the cost on.

We built automation all the way down. We're the only company in the UK with pre-approved carrier intermediary status across all four major networks — approved in under a combined hour because our compliance was built into the architecture. No humans in the critical path means no staffing costs to pass on. Infrastructure pricing.

The minimum top-up is kept low so you can start with a small amount and run test checks before committing to a larger balance. There's no time limit — credits never expire, so your test balance stays available indefinitely.

No. Credits never expire. Top up when you need to and use them at whatever pace works for your volume. There's no annual rollover, no monthly commitment, and no pressure to use credits before a deadline.

No setup fee. No monthly fee. No contract. No hidden costs. The audit trail, policy compliance monitoring, and carrier approval are all included in the per-check price. You pay for checks. That's it.

For fraud prevention use cases, the most common legal basis is Legitimate Interest (UK GDPR Article 6(1)(f)). Fraud screening is a widely recognised legitimate interest under UK GDPR and ICO guidance.

Other supported bases include Contract Performance (6(1)(b)), Legal Obligation (6(1)(c)), and Consent (6(1)(a)). You declare your legal basis when creating an API key — TDS Risk validates it automatically and generates compliant privacy wording for your use case.

Yes — your privacy policy must disclose that mobile carrier signals are used for fraud prevention or identity verification purposes. TDS Risk generates the exact GDPR-compliant wording for your use case — copy it and paste it into your privacy policy. We'll then scan your policy URL to verify it's present before activating your API key.

Yes. A standard DPA is available for all customers, covering The Data Supermarket Ltd's role as a Data Processor under UK GDPR Article 28. Contact us to request a copy. Enterprise customers with specific requirements can request a reviewed version.

Phone numbers and identity data submitted in requests are not stored beyond what is required to produce the audit record. The audit record itself — containing the request ID, timestamp, legal basis, declared use case, policy version, and cryptographic signature — is retained as an immutable record.

Full data retention details are set out in the Privacy Policy and DPA.

Yes. The signed audit trail, declared use case recording, and policy version linking are designed to support FCA Consumer Duty evidence requirements and FOS review processes. Every check produces a permanently accessible audit record with a direct download link.

Trust Score checks typically return in under 2 seconds. Mobile KYC checks return in under 2–3 seconds. These are live carrier queries — not cached results — so response time includes a real-time call to the carrier's data source.

UK mobile numbers should be submitted in E.164 format without the leading plus — e.g. 447911123456. The country code field should be set to GB. Numbers submitted in local format (07911123456) may not be processed correctly.

status: 0 indicates a successful response — the check was processed and results are present in the response object. Non-zero status codes indicate errors. Full error code reference is available in the API documentation.

Yes. A sandbox environment is available for testing. Sandbox queries return realistic but non-live responses — useful for integration testing without consuming production credits. Switch to the production base URL when you're ready to go live.

Rate limits are applied per API key. Standard limits are sufficient for most use cases. If you anticipate burst traffic or need higher limits, contact us — we can discuss appropriate configuration for your volume profile.

All four major UK mobile networks: Vodafone, EE, O2, and Three. This covers the vast majority of UK mobile numbers. MVNOs (virtual networks) that run on these networks are also covered via the host carrier.

No. This is one of TDS Risk's core differentiators. We hold pre-approved carrier intermediary status across all four major UK networks. When you sign up with TDS Risk, you inherit our carrier approval instantly — no separate agreements, no 4–6 week per-carrier onboarding process.

Ported numbers receive a PT reason code in the response — indicating the number is not on its original carrier. This is informational, not a risk signal. A PT code alone is not a reason to reject a submission. The trust score and other signals should be considered in full context.

No. TDS Risk checks are carrier-derived signal checks only. They do not involve a credit search, do not leave a footprint on any individual's credit file, and have no impact on a person's credit score or credit history. They are used solely for fraud prevention and identity verification purposes.

No. TDS Risk is not a credit reference agency. We do not hold or query credit data. The signals we return are derived from mobile carrier records — SIM swap history, line type, ownership tenure, and identity match against carrier account data. These are entirely separate from credit bureau data.

Your privacy policy (which TDS Risk helps you update with compliant wording) should disclose that mobile carrier signals are used for fraud prevention purposes. Under UK GDPR, data subjects have the right to be informed about processing — the generated policy wording covers this.

Unlike a credit search, TDS Risk checks are not visible to the data subject on any report or document they might receive.