What is an “Out-of-Wallet” Verification Call And Why Risk Teams Still Need It
Merchant onboarding has come a long way. From paper forms and faxed utility bills to automated KYC, real-time KYB, and AI-powered risk scores, much of the process can now be completed without ever picking up the phone.
But every experienced risk analyst knows: sometimes you have to talk to a human.
When something doesn’t add up like a mismatched address, a flagged identity, or an application that just doesn’t feel right, one of the most reliable tools in the risk team’s arsenal is the “Out-of-Wallet” verification call.
What is an “Out-of-Wallet” Call?
An “Out-of-Wallet” (OOW) call is a phone interview where the risk or compliance analyst asks the applicant non-obvious questions that a fraudster is unlikely to answer correctly — even if they have access to stolen documents or data.
These questions are called “out-of-wallet” because they go beyond what’s found in someone’s physical wallet: things like name, address, or government ID numbers. Instead, the questions test for real knowledge, behavioral consistency, and contextual understanding.
When to Use an OOW Call
- Identity verification failed or returned suspicious results
- Discrepancies in business documents (e.g., mismatched addresses)
- Inconsistent IP geolocation, language, or phone number
- Multiple failed KYB/KYC attempts or recycled identities
- High-risk MCCs, verticals, or jurisdictions
- Identity verification failed or returned suspicious results
- Discrepancies in business documents (e.g., mismatched addresses)
- Inconsistent IP geolocation, language, or phone number
- Multiple failed KYB/KYC attempts or recycled identities
- High-risk MCCs, verticals, or jurisdictions
OOW calls are especially effective in catching synthetic identity fraud or preventing account takeover during onboarding.
What to Ask in an OOW Call
Here are the three categories of questions every risk team should have ready:
Personal Identity Verification: Confirm the person’s identity based on data that’s not easy to guess or steal.
- What’s your full legal name and date of birth?
- What was your previous residential address?
- Can you confirm your personal phone number or email?
- Have you held any credit products in the last 3 years? With which bank?
Business Information Validation: Ensure the caller knows and is authorized to speak for the business.
- What’s your role in the company?
- When was the business incorporated?
- What’s your expected average monthly volume and ticket size?
- What address do you operate from? Is it a home or commercial location?
Behavioral and Risk Signals: Dig into inconsistencies and gauge legitimacy.
- We noticed your IP address shows a different country than your business. Can you explain that?
- Why is your business registered in one country, but your phone number is from another?
- Can you describe what your business does, and how you take payments?
What Red Flags to Watch For: During the call, trained analysts listen for more than just answers. They’re watching for:
- Hesitation on basic information
- Inconsistent stories or answers that change mid-call
- Voice anomalies (like echo, coaching, or call center background noise)
- Evasive or defensive responses to normal business questions
When It Works Best: Out-of-wallet verification is one of the few tools that can:
- Disqualify fraudsters even with “clean” documents
- Surface synthetic or stolen IDs in real time
- Protect against insider fraud or impersonation attempts
It’s not scalable — and that’s the point. It’s the manual fallback that protects your portfolio when automation alone isn’t enough.
