From blind bots to network-aware agents: securing mobile banking with MCP and Orange SIM swap API
Published: July 8, 2026
When an AI support bot cannot see what happens at the network layer, it leaves banks vulnerable to fraud and customers stranded in customer service loops. By connecting the Model Context Protocol (MCP) to real-time telecom insights, financial institutions can instantly detect account takeover triggers during high-risk operations.
The structural blindness of conversational banking
Most conversational AI bots operating in fintech are data-siloed. They access customer profiles, transaction histories, and core banking databases. However, when a user attempts a critical operation—such as registering a new device for contactless payments like Apple Pay or changing credit card limits while traveling—the bot remains fundamentally blind to the physical infrastructure carrying the request: the mobile network.
If a fraudster executes a SIM swap attack (cloning a victim’s phone number onto a new SIM card), they can bypass standard SMS-based two-factor authentication (2FA). When the bank’s AI assistant greets the customer, it cannot differentiate between the legitimate account owner and an attacker exploiting a freshly swapped SIM card.
To bridge this visibility gap, conversational architectures require real-time, programmatic access to telecom security signals.
Architecture: how MCP turns network APIs into native AI tools
The Model Context Protocol (MCP) functions as an open standard that enables Large Language Models (LLMs) to safely consume external data sources and tools through a unified protocol. Instead of hardcoding complex, proprietary integrations for every network gateway into the banking application logic, developers can expose GSMA Open Gateway standard APIs directly to the AI agent as native capabilities.

When a customer initiates a high-risk transaction or reports a payment failure within the chat interface, the LLM autonomously evaluates whether it requires network-layer verification.
Through the MCP server, the agent invokes the standardized CAMARA SIM Swap API provided by the operator.
Step-by-step resolution workflow
- Step 1: The user trigger: A customer attempts to pay for a hotel room in Berlin using their smartphone, but the contactless payment is repeatedly declined by the bank’s automated fraud detection system.
- Step 2: Contextual analysis: The customer opens the banking support chat. The AI assistant assesses the intent: troubleshooting a declined mobile payment during international travel.
- Step 3: Programmatic network query: Recognizing this as a high-risk scenario capable of masking an account takeover, the bot uses its MCP toolset to call mcp__network_api_check-sim-swap using the customer’s phone number (+33200112244).
- Step 4: Real-time telemetry consumption: The Orange Developer infrastructure processes the request against live network state logs and returns the exact duration since the last SIM card modification.
- Step 5: Immediate risk mitigation: The network confirms a SIM swap occurred less than 48 hours ago. Adhering to the bank’s security policy, the bot maintains the payment block, informs the user transparently about the specific security rule, and routes them to verified customer service channels (+33222222222) to prevent further exposure.
The dialogue with the customer become easier:
Bank support : Hello, how may I help you?
Customer : Hi, l’am at an hotel reception in Berlin. I tried to pay the bill with my phone but each time the payment is refused. Could you fix this please ?
Bank support : I understand you’re having trouble making a contactless payment with your phone at a hotel in Berlin. Let me check a few things that might be causing this issue.
First, let me verify if there has been any recent SIM card change on your phone, as our security policy blocks contactless phone payments if the SIM was changed less than 2 days ago.
mcp__network_api_check-sim-swap
I found the issue! There has been a SIM swap (SIM card change) on your phone within the last 48 hours. According to our security policy, contactless payments by phone (such as Apple Pay or other mobile payment methods) are automatically refused if the SIM card has been changed less than 2 days ago.
This is a security measure to protect your account from potential fraud. You’ll need to wait until 2 full days have passed since your SIM card change before you can use contactless phone payments again.
In the meantime, you can use your physical credit card for the payment at the hotel. Please contact our customer service at +33222222222 if you need further assistance or have any questions about this security measure.
Is there anything else I can help you with today?
Business benefits for financial institutions
1. Significant reduction in account takeover (ATO) financial losses
By verifying the age of the SIM card before authorizing device enrollment or high-value mobile payments, banks stop SMS interception attacks before they yield financial damage.
2. Reduced operational costs for support centers
Instead of routing ambiguous payment failures to tier-2 human support agents who must manually query internal fraud systems, the MCP-enabled bot autonomously diagnoses the telecom-level root cause in seconds.
3. Transparent, high-trust user experiences
Instead of issuing generic “Payment Declined” errors that frustrate traveling users, the assistant provides immediate clarity on security policies, protecting consumer trust even when an operation is restricted.
Ready to equip your conversational agents with real-time network intelligence?
Talk to sales
Do you want to reach directly for any additional details or follow-up?




