How to Prevent Telephone Fraud for Card Transactions
When Alexander Graham Bell got his official telephone patent in 1876, there likely wasn't a single person around who envisioned the telephone as an instrument to carry out commercial transactions worth billions.
Yet, today the telephone has become a valuable resource for business owners who want to process transactions when face-to-face dealings are not an option. Paying on any mobile device, including the phone, has quickly become the most popular method of contactless payments. Alas, criminal creativity has complicated this convenience exponentially.
Telephone Fraud is Rising
Modern-day criminals hack into online servers to steal sensitive banking information and carry out fraudulent transactions when they can. The Consumer Sentinal Network by the FTC (Federal Trade Commission) shows that the telephone was the contact method for up to 31% of card-related fraud reports in 2020. Deceiving a card user is becoming harder with the evolution of card technology. Fraudsters are migrating towards telephone transactions to deceive people with the rollout of modern EMV chip-enabled credit and debit cards that make in-person payments more secure.
Fraudsters know that when a customer makes a payment through an unprotected IVR, mobile pay, or online payment option, the credit or debit card will process the transaction as if in a card-not-present scenario. Visa and MasterCard consider this type of transaction less secure. Hackers take advantage of these scenarios to loot unsuspecting business owners without suitable fraud protection systems.
Preventing Telephone Fraud
The leading IVR technology providers protect business owners from such fraud with various secure online payment solutions. They use the following technologies to detect and prevent fraud in the early stages:
- Check Verification for ACH transactions
- Address Verification System (AVS) and a Card Verification Code (CVC)
- Tokenization for matching and storing sensitive data
- Securely encrypted monitored servers with PCI compliance
The technology providers help merchants with virtual terminals to collect additional information like customers' addresses and card CVC codes while carrying out card-based transactions. Modern-day AVS systems generate a response code in real-time, letting the merchant know the validity of the address.
After the completion of the transaction, merchants can view the codes and other payment-related information on their virtual terminals. The transaction still goes through, regardless of the code results. However, the response codes help the merchant detect discrepancies and stop the transaction if needed. With modern-day IVR systems, merchants have the opportunity to void the transaction before the transaction batches.
Consider that several reasons cause the AVS verification to fail for a valid transaction, for example: if the customer has recently moved and the AVS system has not been updated to reflect the new address.
Once processed, merchants can look for such responses on their online terminals:
- M = CVV2 Match
- N = CVV2 No Match
- P = Not Processed
- S = Issuer indicates that CVV2 data should be present on the card, but the merchant has indicated that the CVV2 data is not present on the card
- U = Issuer has not certified for CVV2 or Issuer has not provided Visa with the CVV2 encryption keys
Educating Merchants to Prevent Fraud
At iCheckGateway.com, we educate our merchants to help them stay on guard while protecting their business from illegal transactions. Elavon, one of our credit card processors, has offered several tips to help merchants protect themselves against criminals making online or on-call purchases. Merchants should watch out for customers who:
- Make purchases without regard for quantity, prices, and other vital aspects,
- Use a shipping address that's different than the address on file for the credit card
- Use a card issued in the United States yet request that the merchandise be shipped to locations outside the country
Merchants should stay updated with the latest methods of fraudsters on the Federal Trade Commission website that keeps a running list of scams in the United States.
Speak with our relationship managers to discover PCI-compliant safe, reliable, and quick payment processing technologies for your business.
Date Originally Published: April 03, 2017
Date Updated: July 27, 2022