Resources For You

  1. The 10-Metric Playbook for Evaluating Call Center Customers Before They Cost You

    The 10-Metric Playbook for Evaluating Call Center Customers Before They Cost You

  2. How to Identify Good and Bad Customers in Wholesale VoIP

    How to Identify Good and Bad Customers in Wholesale VoIP

  3. When AI Voice Agents Are the Wrong Choice?

    When AI Voice Agents Are the Wrong Choice?

  4. What to expect from 2026 - FCC's Regulatory Signals That Could Redefine Telecom Compliance

    What to expect from 2026 - FCC's Regulatory Signals That Could Redefine Telecom Compliance

  5. AI Receptionists vs Human Receptionists - Cost, Availability and more Compared

    AI Receptionists vs Human Receptionists - Cost, Availability and more Compared

  6. Best Open Source LLMs for Voice AI - A Practical 2025 Selection Guide

    Best Open Source LLMs for Voice AI - A Practical 2025 Selection Guide

  7. LLM Selection Made Simple - Building High-Performance AI Voice Systems

    LLM Selection Made Simple - Building High-Performance AI Voice Systems

  8. Real-Time Alerting Made Easy with ConnexCS and Pushover

    Real-Time Alerting Made Easy with ConnexCS and Pushover

  9. Top 10 AI Voice Agent Platforms in 2025

    Top 10 AI Voice Agent Platforms in 2025

  10. Is Your Call Center Ready for AI? The 2025 Cost Advantage You Can’t Ignore in India

    Is Your Call Center Ready for AI? The 2025 Cost Advantage You Can’t Ignore in India

  11. Rethink Your Call Center - The 10x Cost Benefit of AI Voice Agents

    Rethink Your Call Center - The 10x Cost Benefit of AI Voice Agents

  12. Introduction to AI Voice Agent Guardrails - What They Are and Why Your Business Needs Them

    Introduction to AI Voice Agent Guardrails - What They Are and Why Your Business Needs Them

  13. Navigating Cold Calling - UK Compliance for Call Centers

    Navigating Cold Calling - UK Compliance for Call Centers

  14. The Complete Guide to Effective Root Cause Analysis

    The Complete Guide to Effective Root Cause Analysis

  15. AI Guardrails - Types and the Legal Risks They Mitigate

    AI Guardrails - Types and the Legal Risks They Mitigate

  16. AI Guardrails 101 - Introduction to AI Safety Nets

    AI Guardrails 101 - Introduction to AI Safety Nets

  17. 7 New Capabilities an AI Calling System Offers

    7 New Capabilities an AI Calling System Offers

  18. The 2025 FCC Compliance Roundup for VoIP Carriers, Providers, CPaaS and UCaaS Operators

    The 2025 FCC Compliance Roundup for VoIP Carriers, Providers, CPaaS and UCaaS Operators

  19. 10 Benefits of an AI Calling System

    10 Benefits of an AI Calling System

  20. What is an AI Calling System?

    What is an AI Calling System?

7 Traffic Metrics That Expose High-Risk Call Centers Before They Blow Up Your Network

You've just onboarded a high-volume call center. The contract looks clean, the onboarding call was smooth, and the revenue projections are exciting. Then, three weeks later, your upstream vendor is on the phone; not for a friendly chat.

Your routes are being blocked, a regulator is asking questions, and your NOC team is drowning in complaints and tracebacks they can't explain.

Here's the uncomfortable truth: the customer never looked risky. Their traffic did, and you missed it.

Risky customers do not walk through your door waving red flags. They present a business case, sign your terms, and then proceed to behave in ways that quietly unravel your network reputation.

Traditional vetting won't save you here. Contracts won't either. What will save you is knowing exactly which traffic metrics to watch, what they mean in combination, and when to act before the situation acts on you.

Why Traditional Due Diligence Fails in VoIP

Most carriers run some form of Know Your Customer (KYC) check before onboarding. Business registration, intended use case, maybe a quick Google search. And then they call it a day.

The problem? None of that tells you how a customer will actually behave on your network. A perfectly registered LLC with a polished deck can generate the same illegal robocall patterns as a fly-by-night operation running off a prepaid SIM card. KYC tells you who someone says they are. Traffic data tells you what they're actually doing.

Over 60% of robocall scams originate from VoIP, and the operations behind them often start their life looking like legitimate businesses. Sales conversations are aspirational, they reflect intent, not behaviour.

And even genuinely legitimate businesses can drift into problematic traffic patterns as they scale campaigns, change call list sources, or bring on new dialler setups.

The moment a customer sends their first call, you have real-time intelligence that no onboarding form can match. Traffic metrics are the only reliable, continuous signal of risk you have; and most carriers aren't reading them early enough.

Now that we know why the old playbook fails, let's define exactly what "risky" looks like in practice.

What Makes a Call Center "High-Risk" for Carriers?

Risk in VoIP is not a single event, it's a pattern. A call center doesn't become a problem because they once had a weird call volume spike.

They become a problem because their traffic consistently behaves in ways that conflict with the norms of legitimate telephony.

Practically speaking, high-risk call centers expose carriers to three categories of harm:

Regulatory exposure - spam, robocalling, CLI misuse, and STIR/SHAKEN non-compliance. The FCC has already levied massive fines against carriers found to be facilitating illegal robocall traffic, with penalties reaching into the hundreds of millions.

Vendor complaints and route instability - upstream providers terminating routes or applying traffic penalties because your customer's calls are getting flagged at the destination.

Operational overload - your NOC and support teams spending disproportionate time managing a single account that keeps generating incidents and traceback requests.

The critical nuance here: risk is pattern-based, not event-based. One anomalous hour of data might be noise. A week of overlapping anomalies across multiple metrics is a signal you can't afford to ignore.

So what are those metrics, and what exactly are they telling you? Let's get into it.

The 7 Traffic Metrics That Reveal High-Risk Customers

These are not generic KPIs pulled from a call center benchmarking report. They are early warning indicators, the kind that, when interpreted correctly, give you a 48–72 hour head start before a complaint lands on your desk.

1. Answer-Seizure Ratio (ASR) Instability

ASR is the percentage of attempted calls that result in a live answer. It is one of the oldest quality metrics in telephony. A healthy ASR in the VoIP world typically falls between 60–70%. Traffic with a 1–2% success rate is classified as junk traffic, unwanted by any vendor, anywhere on the route.

For call centers, the benchmark varies by use case. Outbound sales campaigns naturally run lower than inbound service lines. But what separates a risky customer isn't just a low ASR, it's volatility.

A customer whose ASR swings from 45% down to 8% overnight has probably shifted traffic types, changed call lists, or is running test bursts to probe routes. That's not a bad day. That's a behavioural shift.

If you're setting thresholds, treat anything below 15% on sustained outbound calling as a major concern. Any sudden drops of more than 20 percentage points should trigger an immediate investigation.

A low ASR tells you calls aren't landing. The next metric tells you why that might be and it's even more revealing.

2. Average Call Duration (ACD) Extremes

Average Call Duration is exactly what it sounds like: the mean length of completed calls over a given period. Spam calls average around 45 seconds, while identified calls from legitimate businesses average closer to three minutes.

Very low ACD, think sub-30 seconds consistently, suggests your customer is generating abandoned calls, robodials that get hung up on immediately, or blasts that hit answering machines and disconnect.

Extremely uniform call durations are equally suspicious: natural human conversations vary. If a call center's ACD is suspiciously consistent say 12 seconds on every call, the traffic is likely scripted or automated.

Think of it like this: if every "conversation" in your restaurant lasted exactly 4 minutes and 32 seconds, you'd suspect something was off. Healthy traffic shows natural variation because real conversations are, well, unpredictable.

Duration tells you what happens after the call connects. The next metric focuses on calls that don't even get that far.

3. Short Duration Call Ratio (SDR)

SDR measures the percentage of calls under a defined short threshold, typically 10 to 15 seconds. It's one of the cleanest, most direct indicators of spam or scam activity in a call center's traffic.

A legitimate outbound sales call, even when the prospect hangs up immediately, tends to last at least 15–20 seconds. That is enough time for a ring, an answer, a polite refusal, and a disconnect.

Calls that terminate in under 10 seconds are almost always indicative of no answer, immediate rejection, or automated traffic probing for live picks.

Spam robocalls increased 20% year over year in 2025. Much of that volume is characterised by exactly this pattern i.e. high-frequency, sub-10-second calls blasted across large number ranges. A customer with an SDR above 40% combined with high call volume is one of the clearest red flags you can encounter.

Short calls alone are uncomfortable. Add high volume on top, and you've got something that demands action immediately.

4. Post Dial Delay (PDD) Patterns

PDD is the time between when a call is initiated and when ringing begins at the destination. It's one of the most consistently overlooked metrics in carrier risk monitoring, which is precisely why it's worth paying attention to.

High or erratic PDD can indicate a customer routing calls through multiple carriers in rapid succession, testing route quality across different paths, or generating signalling stress on your infrastructure.

Think of it as the VoIP equivalent of a shopper who picks up every item in the store to check the price before buying anything. Except here they're doing it 10,000 times an hour.

Sudden PDD spikes on a customer's traffic can also precede route failures or vendor complaints, acting as an early warning of routing instability. If you're not already monitoring PDD per customer alongside ASR and ACD, you're missing a layer of signal that's entirely free to collect.

Now let's zoom out from individual calls and look at how volume and timing reveal intent at scale.

5. Traffic Burst Behaviour (CPS & Time Patterns)

Calls Per Second (CPS) measures how rapidly a customer is initiating calls. Legitimate outbound call centers, even the aggressive ones, follow recognizable patterns. They ramp up in the morning, peak around midday, taper off in the evening, and go quiet overnight. It follows the rhythm of business. Risky customers break that rhythm.

You'll see sudden CPS spikes that double or triple baseline volume within minutes. Traffic concentrates in unusual time windows (3 AM bursts are a classic tell), or campaigns that appear and disappear within hours. Such indications suggest short-duration fraud runs.

A sudden, unexplained surge in outbound calls, especially outside regular business hours, is a strong indicator of robocall scam activity. This holds true whether the spike is driven by automated diallers, recycled call lists, or coordinated campaign launches that the customer conveniently forgot to mention during onboarding.

If you want to dive deeper into how dialler behaviour affects traffic patterns, we have a detailed breakdown of VoIP dialler types and their unique characteristics worth exploring.

CPS tells you how fast traffic is moving. CLI integrity tells you whether it has any right to exist at all.

6. CLI Integrity and Number Presentation

Caller Line Identification is where fraudulent intent often reveals itself most directly. Risky call centers exhibit several telltale CLI behaviours:

  1. Rotating through large blocks of numbers,
  2. Presenting numbers that don't match the geographic origin of the traffic,
  3. Using sequential or randomly generated numbers, or
  4. Presenting numbers that simply don't exist in any numbering plan.

This is more than just cosmetic. CLI misuse has a direct link to regulatory exposure and STIR/SHAKEN compliance failures.

Bad actors place calls from phone numbers they're not authorized to use and which don't route back to them. This is done to masquerade call origin and reduce traceability.

You should fancy a look at the top VoIP vulnerabilities carriers face, including CLI spoofing, which is worth bookmarking for your compliance team. If a customer's caller ID presentation looks like someone generating random strings, treat it exactly that way.

Bad CLI tells you something's wrong with the number. Bad destination patterns tell you something's wrong with the campaign itself.

7. Destination Pattern Irregularities

Where a customer sends calls matters enormously. Legitimate call centers have relatively stable destination profiles. They're calling their customer base, prospects within defined markets, or specific geographic regions aligned with their business.

Risky customers do the opposite: rapid geographic shifts, sudden heavy targeting of high-cost or high-risk destinations, or campaigns that sweep through sequential number ranges in a way no human dialler would organically produce.

High call rates to specific number ranges are a hallmark of scam operations targeting specific groups or exploiting known vulnerabilities in phone number blocks.

Destination anomalies often correlate directly with fraud campaigns, grey route exploitation, or IRSF (International Revenue Share Fraud). If a customer who spent three weeks calling US numbers suddenly generates a spike to Caribbean destinations, you should already have your monitoring tools open.

Seven metrics, each with its own story. But the real insight comes from reading them together.

How to Interpret These Metrics Together

One anomaly is data. Multiple simultaneous anomalies are a pattern, and patterns are where risk actually lives.

A single dip in ASR on a Monday morning might mean nothing. A simultaneous drop in ASR, a spike in SDR, an elevated CPS burst, and irregular CLI rotation happening at the same time? That's a customer running a robocall campaign, and you have maybe hours to respond before upstream vendors start escalating.

Here are a few traffic signature combinations to watch for:

Robocalling signature: Low ACD + High SDR + CPS spikes in short windows. The math here is simple, lots of calls, almost none of them lasting, launched at machine speed.

CLI spoofing / fraud campaign: CLI irregularities + sudden geographic destination shifts + low ASR. The customer is blasting calls through numbers they don't own toward targets they're probing.

Route testing / bad actor probing: High PDD variance + destination pattern shifts + traffic appearing outside business hours. Someone is mapping your routing infrastructure, not running a legitimate campaign.

We have documented the top challenges carriers face in identifying illegal robocall traffic from upstream sources. The same principles apply when the risk is coming from your own customers rather than vendors above you.

Now that you know what to look for, let's talk about turning that knowledge into a system.

Building a Simple Risk Scoring Model

You don't need a PhD in data science to build a functional risk scoring model. You need thresholds, deviation tracking, and consistent review.

Here's a simple approach: assign each of the seven metrics a score from 0 to 3 based on how far it deviates from that customer's baseline and from industry norms.

Zero means normal. Three means severe deviation. Total the score across all metrics and categorise accordingly:

0–5: Low risk - standard monitoring, no action required 6–12: Monitor closely - increase review frequency, request traffic breakdown from the customer 13–21: High risk - escalate internally, apply traffic restrictions, initiate formal review

The key is consistency. Run this review on a regular cadence. Daily for high-volume customers, weekly for smaller accounts. Don't wait for an incident to run the numbers.

Setting up automated alerts based on these thresholds is infinitely better than relying on human intuition. We cover email and SMS alert configuration in detail, including how to set ASR and ACD-based penalties that automatically flag or throttle problematic accounts.

A scoring model tells you who to watch. Early warning signs tell you when to worry.

Early Warning Signs You Should Never Ignore

Before the metrics tip into high-risk territory, there are often softer signals that something is shifting. These are the ones that fall below the threshold of a formal alert but should still raise an eyebrow:

Sudden behavioural shifts shortly after onboarding.

A customer who ran normal traffic during their first two weeks and then abruptly changes volume, timing, or destination profile is almost certainly running a different campaign than what they described at sign-up.

Increasing vendor complaints without a clear cause.

If upstream carriers start pushing back on your traffic and the pattern traces to one customer, that customer is the cause. This is usually true even if their metrics look borderline on your dashboard.

Traffic that changes faster than business logic allows.

Legitimate campaign changes take time, new scripts, new call lists, new targets. Traffic that transforms overnight, especially in ways that lower quality metrics, suggests the "campaign" has nothing to do with business operations.

These early signals are precisely why a VoIP network security audit should include customer traffic monitoring as a formal component, not just an afterthought.

You've spotted the warning signs. Now what do you actually do about it?

What to Do When You Identify a Risky Customer?

The goal here is risk management, not punishment. Your first instinct shouldn't be to terminate the account. It should be to understand what's happening and contain the exposure.

Request call samples and detailed breakdowns. Ask the customer to share a sample of their call lists and campaign targeting logic. Legitimate call centers will have this readily available. Reluctance or vague responses are themselves a signal.

Apply traffic throttling or routing restrictions. Reducing the customer's CPS ceiling or limiting destination access buys you time to investigate without fully disrupting a potentially legitimate operation.

Increase monitoring frequency. Move a flagged customer from weekly to daily review. If the behaviour worsens, you'll know quickly.

Escalate internally before external escalation finds you. The worst outcome in this industry is a vendor or regulator calling you before your NOC team has even identified the problem.

Going Beyond Metrics - Using Call Content Analysis to Validate Risk

Traffic metrics tell you what's happening. Call content analysis tells you why.

If you have transcription capabilities configured, as ConnexCS supports through its Transcription Query Profile, you can run automated keyword monitoring on sampled calls. This enables you to detect scripted fraud language, compliance violations, or patterns that confirm what the metrics were suggesting.

This means you can set up queries to trigger alerts the moment phrases like "this is not a sales call" or "your Social Security number" appear in transcribed audio.

It turns your suspicion into evidence and gives you the kind of documentation that matters if regulatory escalation becomes necessary.

Traffic Patterns Tell the Truth

Customers can tell you anything. They can present clean KYC documents, articulate exactly how legitimate their business is, and describe traffic that sounds perfectly reasonable. And then they can behave in ways that have nothing to do with any of it.

Traffic, on the other hand, has no incentive to lie. The metrics don't care about the story a customer tells during onboarding. They reflect what's actually happening at the call level. Thousands of data points, every hour, telling you more about your customer's real intent than any contract ever will.

For carriers who want to stay ahead of the curve, the 5 best strategies for mitigating robocall scams is an excellent companion read. Identifying risk and mitigating it are two halves of the same job.

The most successful carriers don't wait for complaints. They read the signals early and act before risk becomes reality.

  1. Why Traditional Due Diligence Fails in VoIP

  2. What Makes a Call Center "High-Risk" for Carriers?

  3. The 7 Traffic Metrics That Reveal High-Risk Customers

  4. How to Interpret These Metrics Together

  5. Building a Simple Risk Scoring Model

  6. Early Warning Signs You Should Never Ignore

  7. What to Do When You Identify a Risky Customer?

  8. Traffic Patterns Tell the Truth