A method for detecting a fraudulent attempt to activate a new PIN, SIM Card or mobile device includes monitoring, at a first processing node associated with a network interconnecting a first network point and a second network point, a mirrored live-data flow of a live data flow passing through the first processing node in a non-intrusive manner that does not affect the first live-data flow passing through the first processing node. The live-data flow comprises data that is in active transmission between the first network point and the second network point and prior to storage of the data in a database. The first processing node detects that a transaction within the monitored live-data flow relates to an activation of the new PIN, SIM card or mobile device and compares the detected transaction to a list of known fraud situations stored in the first processing node to determine if the detected transaction relates to a known fraud situation. The first processing node generates an alert indication responsive to a determination the detected data relates to one of a plurality of known fraud situations. The first processing node identifies the detected transaction as a potential fraud situation responsive to a determination the detected data does not relate to one of the plurality known fraud situations. An automatically generated dialog verification with a party requesting the new PIN, SIM Card or mobile device is performed to verify identity of the party requesting the new PIN, SIM Card or mobile device for the detected transaction identified as the potential fraud situation.