No tocomocho, no estampitas, no pyramids: as with technological advances, the methods of swindling are also constantly being updated. This is the case to which we would like to dedicate this text: the emergence of a new method of fraud called vishing which directly affects telephone card payments… And which can be easily remedied.
This remedy involves automation for convert the conventional telephone payment into a secure card payment service by telephone. The main risk factor is human intervention, but first of all let’s explain what vishing is, how it works and how to avoid it.
What is vishing?
To understand what we are talking about we must start from an earlier concept of fraudthe so-called phishingThis consists of impersonating a trusted third party to incite the potential victim to carry out actions such as providing confidential information, fraudulent transactions or other actions, always based on deception.
Phishing has become a classic (with numerous avatars) of Internet scams, in which a forged letterhead and confusing or enticing language can lead us to click where we should not very easily. Voice phishing or vishing is one of its manifestations, in which the user is tricked by means of a telephone call.
This practice of “voice data fishing” has been going on for about a decade (flourishing at the same pace as smartphones, connected to the Internet, have become popular) in different forms, depending on their specific objectives. With the rise of pay-by-phone it is becoming a major problem.
How is vishing done?
To understand the risk, it is necessary to know the modus operandi modus operandi of the vishers or at least one example:
- The offender chooses a victim profile (say elderly people) and, using hacking techniques (OSINT), obtains their phone numbers and possibly other personal data.
- A “first round” of calls is often made in a wheel, usually byspoofing the caller’s identity and using VoIP technologies, which are difficult to trace.
- The chosen strategy may be an undesirable threat (such as a bank overdraft requiring verification) or a tempting opportunity (such as a temporary and advantageous offer).
- The offender asks the victim for his or her financial data, such as card number and CVV or CVC, in addition to confirming any data he or she may already have (e.g. ID number).
The key is the human factor
The eternal question: how do people rely on a phone call to make a financial transaction? The answer is simple: because we are used to telephone agents calling us from any company or public administration for a wide variety of purposes.
Despite the severe sanctions In the case of data leakage, there are still many businesses (and public entities, as we have said) that base their services on the use of data leaks. human operators, with the attendant risks of error and wilful misconduct..
To prevent vishing, automated telephone payments
Thus, as users, we must be cautious and not give sensitive information over the phone to perfect strangers, since no mandatory procedure involving the use of personal data should be done in this way. In addition to repressive measures, the Administration is beginning to take steps to eradicate the use of human agents to pay by telephone.
The telephone payment mechanism itself, we wish to emphasize, offers every guarantee of safety if it is automated. and compliant with PCI-DSS Level 1 standards set by the card payment giants, who are as keen as any individual business to avoid financial and reputational damage.