So then create a IVR that will do the following:
- Call the customer back at the phone number that he specified to verify if he authorized the transaction.
- After confirmation, auto call your credit card processor for AVS verification and phone number verifier.
- make it automated so that the CC processor needs to only confirm or deny the process.
However, I wonder if there is an over the Net verifier that can verify phone numbers on a CC account. Added after 49 minutes:
Just realized, this is with Paypal so we never get to see the person's credit card info. Therefore it would not work. Added after 1 minutes:
That is a much better plan of attack.
I have also thought to do some verification using their supplied phone number. The attackers always seem to use the phone number that truly belongs to the credit card or account they are stealing. So by calling that phone number and getting a verbal verification should work. If it did, I would think later you could make this an IVR automated system method.
One thing is that you should be able to "FORCE" to use your VoIP trunk provider and not use ENUM. Since ENUM can be created for a number that is not registered.