TL;DR
Most contact centres don't need one big fraud platform — they need three layers stitched together. Voice biometrics or behavioural-audio scoring on the call, transaction-level fraud detection tools (Sift, Forter, Riskified, Kount, ACI) on the payment, and PCI scope removal (DTMF masking) so the card never enters your environment in the first place. The first two cost real money; the third makes the first two cheaper to run.
Last updated: 29 May 2026
If you've been asked to pick fraud detection tools for a contact centre and you've come back from the vendor demos confused, you're not alone. The market sells you three different things and calls all of them "fraud prevention." There's the voice layer — Pindrop, Nuance Gatekeeper, NICE Real-Time Authentication — which scores the caller. There's the transaction layer — Sift, Forter, Riskified, Kount, ACI, Signifyd — which scores the payment. And there's the scope-removal layer — DTMF masking, channel separation, agent-assisted capture — which takes the card data out of your environment so most of the other two stop mattering for PCI.
We sit in the third bucket as a PCI DSS Level 1 service provider, and we plug into the other two. So this isn't a "pick Paytia" piece — it's the comparison we'd give a head of payments who's trying to work out which tools they actually need, which they're double-paying for, and where the gaps usually sit. If you want the strategic view first, our contact centre fraud detection guide covers the threat model in more depth.
Why fraud detection tools split into three layers#
The reason the market looks chaotic is that fraud attacks a contact centre at three different points, and no single tool covers all three well. A vishing attacker calling in pretending to be the cardholder is a voice problem — a transaction tool can't see them. A stolen card being used by the real customer of record (account takeover) is a payment problem — voice biometrics will happily authenticate them. A card being read aloud and captured in a call recording is a scope problem — neither voice nor transaction tooling stops it.
So when a vendor tells you their fraud detection software covers "the whole journey" or claims to handle every layer in a single product, they usually mean it covers one layer well and pretends the other two don't exist. The honest framing is: pick the best tool for each layer, make sure they share signals, and don't pay twice for the same coverage. That's the shape of every working setup we've seen across our 48 clients.
The order we'd build in, if we were starting from scratch today: scope removal first (because it shrinks the attack surface and the PCI bill at the same time), then transaction fraud (because that's where the money actually leaves), then voice (because it's the most expensive layer per call and you want to know what you're paying for before you sign).
Voice-layer fraud detection tools: Pindrop, Nuance, NICE#
These tools score the caller on the line. They listen to the audio characteristics — codec patterns, packet loss, background noise, voice biometrics — and compare against a known device fingerprint or voiceprint. The pitch is that you catch the fraudster before they reach an agent, or before the agent hands them to the payment flow.
Pindrop is the best-known. It deploys as a SIP tap on the carrier leg and scores the call in real time. The accuracy is genuinely good against known attack patterns — repeat offenders, spoofed numbers, robocall signatures. Where it gets harder is first-time attackers using a clean device, and where it gets expensive is the per-call licensing. We've seen UK contact centres pay £0.04–£0.12 per call depending on volume, which adds up fast if you're handling a million inbound calls a year.
Nuance Gatekeeper (now part of Microsoft) is closer to voice biometrics with passive enrolment — the customer's voice is profiled across normal calls and matched on subsequent ones. Strong against impersonation attacks where the fraudster doesn't sound like the genuine cardholder. Weaker against deepfake audio, which is the live concern for 2026. Our vishing detection in contact centres piece goes into the deepfake threat in more depth.
NICE Real-Time Authentication overlaps both. It's usually bundled into NICE CXone if you're already on their CCaaS stack, which makes the procurement easier but the standalone comparison harder. Worth asking the vendor for raw detection rates on the specific attack types you're seeing — not the marketing number.
The reason we keep the voice layer for last in the build order: it doesn't reduce PCI scope and it doesn't stop the payment going through if the fraudster gets past it. It's a filter, not a guarantee. Useful, expensive, and worth less than the procurement deck suggests until your transaction and scope layers are already solid.
Transaction-layer fraud detection software: Sift, Forter, Riskified, Kount, Signifyd, ACI#
This is the layer that scores the payment itself. The card, the device, the buyer behaviour, the geolocation, the velocity. These tools have decades of e-commerce DNA and they've extended into MOTO and contact centre flows over the last five years. The market is mature, the accuracy is high, and the question is mostly about fit and pricing model.
Sift is the workhorse for high-volume e-commerce. The machine-learning model is mature, the integration is well-documented, and the rule engine is friendly to non-engineering teams. It's used heavily by marketplaces and direct-to-consumer brands. For contact centre MOTO payments, you'd plug it into your payment gateway via the API and pass the call metadata as additional signals.
Forter takes a different commercial line: they guarantee the transactions they approve, which means a chargeback you took on their say-so is their loss, not yours. That changes the procurement conversation completely. You're not buying detection; you're buying liability transfer. Margins are higher on the Forter fees because they're carrying real risk. Right tool for high-AOV merchants where a single chargeback hurts.
Riskified is similar to Forter in the guarantee model and competes head-on with them in retail. They've pushed harder into international expansion and have a strong story for cross-border card-not-present fraud, which is relevant if your contact centre takes payments from outside the UK.
Kount (now owned by Equifax) sits in the middle of the market — strong rule-based engine, mature integrations with most gateways, reasonable pricing for mid-market. Used a lot in subscription and recurring billing.
Signifyd plays the guarantee card too, focused on e-commerce, with chargeback protection that extends to fulfilment fraud. Less common in pure contact centre MOTO but worth a look if you also run an online channel.
ACI is the enterprise option — bundled with their payment processing stack, integrates deeply with Aurum and their gateway products. If you're already on ACI for processing, the fraud module is the path of least resistance. If you're not, it's a heavier lift than a standalone tool. Our payment fraud red flags piece walks through the signals these tools key on.
The trap to avoid here: don't buy a transaction fraud tool to fix a card-data-handling problem. If your agents are still hearing card numbers read aloud, you've got a PCI scope problem that Sift can't solve. Fix the capture layer first, then bolt the transaction scoring on.
The scope-removal layer: where Paytia sits#
The third layer is the one most fraud detection tool comparisons leave out, and it's the one that changes the maths on the other two. If a card number never enters your contact centre — never gets spoken on the call, never sits in the recording, never touches an agent screen — then a huge slice of your fraud surface disappears with it. Vishing still matters, account takeover still matters, but card-skim-from-recording goes to zero.
That's the job of DTMF masking and channel separation. The customer keys their card details into their phone, the tones are masked so neither the agent nor the recording captures the PAN, and the data flows straight through to the gateway. The agent stays on the call, handles the conversation, and never sees or hears the card data. For PCI DSS purposes the contact centre falls outside the cardholder data environment for that flow — typically dropping a phone-only merchant onto SAQ A (about 22 questions) rather than SAQ D (about 300).
The reason this matters in a fraud tool comparison: scope removal is the cheapest way to reduce fraud per call, because it kills an entire attack class. Voice biometrics costs you pence per call forever. Transaction fraud scoring costs you basis points on every payment forever. DTMF masking is a fixed integration that removes the data from the call once and saves you the audit cost, the agent training cost, and the breach risk every year after that. Pinnacle Group cut their PCI scope by 95% running this pattern across their contact centre estate.
How the three layers share signals (and where they don't)#
The interesting question — and the one most procurement decks dodge — is whether the three layers can talk to each other. The honest answer is: partially. The voice tool can pass a risk score to the agent's screen, which the agent can pass to the payment flow as a contextual signal. The transaction tool can return a decline or a step-up to the agent, who can re-verify on the call. But there's no clean industry standard for "voice risk score → transaction risk engine," so most setups bridge it manually through the agent or through a thin orchestration layer.
What we see working in practice: voice tool flags high-risk caller → agent gets a UI nudge to verify additional details → those verified details get passed as transaction-time signals to Sift/Forter/Kount → the transaction engine has more context than it would on a cold call. It's not magical, it's not real-time machine handoff, but it gets most of the value.
What we see not working: trying to merge the three tools into a single "unified fraud platform." Every vendor pitches this and almost no one delivers it. The integrations stay shallow, the signals stay siloed, and you end up paying premium pricing for the unification story without the unification.
Pricing models — what to actually expect#
This is where the comparison turns from product features into procurement reality. Voice fraud detection tools typically price per call or per authenticated session — £0.02 to £0.15 depending on volume, contract length, and which features you turn on (basic spoofing detection cheaper, voice biometrics more expensive). On a million-call book that's £20K to £150K a year just for the voice layer.
Transaction fraud detection software prices in basis points (a fraction of each transaction's value) plus a platform fee. Sift, Kount and Riskified tend to land between 0.10% and 0.50% of approved transaction value. Forter and Signifyd run higher because of the chargeback guarantee — typically 0.40% to 1.20% — but you'd weigh that against your actual chargeback rate to see if the guarantee pays back.
DTMF masking and scope removal price differently again — per concurrent agent seat or per channel rather than per call. The headline cost looks similar to a voice tool on small estates but breaks even fast on large ones, because there's no per-call multiplier. Pair it with a reduction in the SAQ scope and the QSA hours per year, and the total cost of ownership usually inverts within the first audit cycle. We've written about the wider hidden costs of PCI non-compliance if you want the full picture.
What "best fraud detection" actually means for a contact centre#
If a board paper asks you to recommend the best fraud detection tool, the honest answer is that there isn't one. There's a best tool per layer, given the threat model of your specific business. A high-volume retailer with 5% chargeback exposure should probably look at Forter or Riskified for the guarantee. A subscription business with low chargeback but high account-takeover risk should look at Sift or Kount and pair it with strong customer authentication on the call. A regulated business with heavy PCI overhead should look at DTMF masking first and let it pay for the other two.
Where we see procurement go wrong: the buyer picks one big-brand tool, expects it to cover everything, and finds out at the next audit that the PCI scope hasn't moved and the chargebacks haven't budged. The tool may be working fine within its layer; it's just not the layer that was causing the pain.
Common integration patterns we see in 2026#
Three patterns show up repeatedly in the contact centres we work with. The first is the lean stack: DTMF masking for the payment leg, plus a transaction fraud tool (usually Sift or Kount) bolted into the gateway. No voice biometrics. Works well for mid-market MOTO operations where the call mix is mostly genuine and the chargeback rate is low.
The second is the regulated stack: DTMF masking plus voice biometrics (usually Nuance or NICE because they're already in the CCaaS contract) plus a transaction tool with chargeback guarantee. Common in financial services, insurance, and travel. Higher cost, lower residual risk, easier audit story.
The third is the legacy stack: agents still take card details verbally, recordings get muted manually, and a transaction fraud tool sits at the gateway trying to catch what the call layer missed. This is what most contact centres look like before they start a fraud and PCI refresh. It's the most expensive option in total cost terms, even though no single line item looks expensive on the invoice.
The signals that actually matter#
Whichever tools you choose, the signal set that drives a useful detection rate in 2026 is broadly the same. Device fingerprint on the originating call (voice layer). IP and geolocation versus historical pattern (transaction layer). Velocity on the BIN — same BIN seen across multiple calls in a short window. Behavioural signals from the call itself — pauses, repeat-asks, attempts to re-read card details. CVV-only declines clustering on a single agent or a single session.
The mistake we see is buying a tool, turning on the defaults, and assuming the signals will do the work. They won't. Every fraud detection tool needs a quarter or two of tuning against your specific traffic before the false positives drop to a workable level. Budget the analyst time, not just the licence fee. Our social engineering defence piece covers the human side of the signal — what agents need to spot before a tool ever scores it.
Where the gaps usually sit#
Three gaps come up almost every time we audit an existing fraud stack. First, the call recording. If agents still hear or see card data, the recording is in scope for PCI even if the gateway isn't, and a fraud tool can't fix that — it's a capture-layer problem. Second, the warm-transfer hop. When the call moves from a chatbot or IVR to a live agent, the device fingerprint often resets and the voice tool starts from scratch. Worth checking with the vendor how they handle the handover.
Third, the test-card workflow. Internal testing, training, demos — all of these can trip a transaction fraud tool that doesn't know about your sandbox traffic. Get the allow-list configured properly or you'll generate noise that masks real signal.
The 2026 deepfake problem and how the tools are responding#
The fraud detection tool conversation has shifted in the last twelve months because of generative voice. A reasonably good voice clone now costs a fraudster about £5 and ten seconds of source audio scraped from a LinkedIn video, a podcast, or a leaked customer service recording. That's changed the threat model for voice-layer tools in a way that the vendor decks are still catching up to.
Pindrop has pushed hardest on synthetic voice detection — they publish detection rates against the major TTS engines and they update the models monthly. Nuance has bundled deepfake detection into Gatekeeper as an add-on module, with mixed independent benchmark results. NICE's response has been quieter, mostly delivered through the underlying audio analytics rather than a standalone deepfake feature. The honest position from all three: detection rates against fresh model versions sit somewhere between 75% and 92% on benchmarks, and lower on live attacker traffic.
What this means for procurement: a voice-layer fraud detection tool bought in 2023 against the threat model of 2023 may not be earning its keep against the threat model of 2026. Worth asking your existing vendor for their last six months of synthetic voice detection benchmarks and how often the model retrains. If the answer is annually, that's already too slow.
The cleanest mitigation isn't a fancier voice tool — it's removing the assumption that voice authentication alone is enough. Pair voice biometrics with a second factor on the payment (3DS2, push notification, secure web payment link), and the deepfake stops mattering because the attacker can't complete the transaction even if they pass the voice check.
How chargeback maths drives the tool selection#
For most contact centres the dominant fraud cost line isn't the breach risk — it's the steady drip of chargebacks. That's where the transaction-layer fraud detection software comparison gets interesting, because the pricing model and the loss profile interact in ways the headline rate hides.
A scoring tool like Sift or Kount charges you 0.10% to 0.50% of approved transaction value and you keep all the chargeback risk. A guarantee tool like Forter or Signifyd charges 0.40% to 1.20% and absorbs the chargeback losses on the transactions they approved. The break-even sits roughly where your chargeback rate × your average dispute cost equals the difference in the basis-point fee.
Quick example. A merchant doing £20m a year in MOTO, with a 0.4% chargeback rate and an average loss-per-chargeback of £180 (including representment costs), is losing about £144k a year to chargebacks. A scoring tool at 0.25% costs £50k and might cut the chargeback rate to 0.25% — saving £54k but costing £50k, net £4k. A guarantee tool at 0.80% costs £160k and removes the £144k in losses, net cost £16k. The scoring tool wins on raw numbers.
Flip the numbers — a 0.9% chargeback rate, £250 average loss — and the guarantee tool wins because the losses being absorbed are larger than the premium being charged. The model matters; the marketing brochure doesn't tell you which one fits your business. Run the maths against your actual chargeback history before you sign anything.
What the UK fraud landscape looks like for contact centres in 2026#
UK Finance's most recent fraud report puts CNP fraud — the category most contact centres live in — at over £400m a year in losses, with the largest growth coming from authorised push payment fraud and impersonation attacks. That second category is exactly what fraud detection tools struggle with: the customer is real, the card is real, the transaction is the genuine cardholder being manipulated into paying.
FCA Consumer Duty rules now expect firms to demonstrate they're protecting customers from foreseeable harm, which raises the bar on fraud detection from "reasonable commercial measure" to "documented control with evidence." That's pushed several of our regulated clients to add a layer of transaction monitoring they wouldn't have justified two years ago.
PSR (Payment Systems Regulator) reimbursement rules for APP fraud have shifted commercial incentives too — sending PSPs are now expected to share the cost of confirmed APP fraud with receiving PSPs, which means more pressure on the originating bank, which trickles down to merchants in the form of stricter authorisation rules and more 3DS step-ups. The transaction fraud tool you choose needs to play nicely with that environment, not fight it.
For contact centres specifically, the most consequential UK shift is the PCI DSS v4.0.1 mandate that's been in force since March 2025. Every fraud detection tool comparison should include the PCI scope question: does this tool keep card data inside or outside my CDE? The wrong answer there can cost you twenty times the fraud savings in audit and remediation work over a single compliance cycle.
Build vs buy: when in-house rules engines make sense#
A small but growing number of contact centres run their own rules engine in front of a commercial fraud detection tool — usually because they've got a specific fraud pattern the off-the-shelf vendors don't catch well. Worth thinking about whether that's you before signing a big platform deal.
The case for build: you've got an internal data science team, your fraud profile is genuinely unusual (subscription with very high churn, marketplace with two-sided risk, regulated vertical with bespoke signals), and you've got the data infrastructure to retrain models on your own traffic. In those cases an in-house engine can outperform a generic vendor by 20–40% on detection rate at lower per-transaction cost.
The case against: you're a mid-market merchant with standard chargeback exposure and no data science team. Building loses every time. The off-the-shelf tools have seen orders of magnitude more transaction data than you ever will, and the false positive tuning costs more analyst time than the vendor licence saves.
The middle path most of our clients land on: buy a transaction fraud tool for the base layer, add a thin internal rules layer for the merchant-specific patterns (refund abuse, loyalty fraud, internal collusion), keep DTMF masking on the capture layer to remove the card-data risk regardless of which fraud tool is in front.
Evaluating vendors — the questions worth asking#
Vendor evaluation for fraud detection tools is mostly about avoiding the answers that sound good in the demo and don't hold up in production. A few questions we'd put on every shortlist call.
What's your false positive rate on traffic similar to ours, and how is it measured? Many vendors quote the false positive rate against their entire customer base, which is meaningless for your specific traffic profile. Push for a parallel trial against your data.
How do you handle model drift, and how often do you retrain? Fraud patterns change quarterly at minimum. A model trained on 2024 patterns will be quietly less effective every month it stays static.
What's the analyst tooling for tuning rules and reviewing edge cases? You'll spend more operating hours in this UI than your fraud manager spends in any other product. If it's clunky, the tool will be under-tuned forever.
How do you handle the warm-transfer handover from chatbot/IVR to live agent? This is where most contact centre fraud tools lose their device fingerprint and start scoring blind.
What's the contract exit clause? Fraud tool replacements are painful enough without a 36-month lock-in. Aim for 12-month terms with reasonable exit notice while the technology is moving this fast.
How do you price step-up authentication events? Some tools charge per scoring call, some per step-up triggered, some per authenticated session. The unit matters when you're modelling annual cost.
Integration patterns by payment gateway#
The shape of your integration depends heavily on which payment gateway sits underneath. A few patterns we see repeatedly.
Stripe Radar is bundled into the Stripe gateway, which makes it the path of least resistance if you're already on Stripe. Detection rates are solid for standard CNP fraud and the tuning interface is genuinely usable by non-engineering teams. Where Radar struggles is high-AOV merchants and unusual fraud patterns — at that point you'd usually layer Sift, Forter, or Kount on top.
Adyen RevenueProtect is similar — bundled into the Adyen gateway, easy procurement, decent base coverage. The same logic about layering applies above a certain risk profile.
ACI Fraud Management is the natural choice if you're on ACI for processing, with the same caveat that you're then locked into the ACI stack across more than just fraud. Worth the trade-off if you value vendor consolidation, less attractive if you want best-of-breed in each layer.
If you're using a standalone gateway like Worldpay, Trust Payments, or Opayo, you've got a free hand to bolt on any of the major fraud detection tools at the gateway interface. Worth confirming the integration is supported in the vendor's documented partner list rather than "we can probably build that" — the difference between those two costs you a year.
And whichever gateway you're on, the DTMF masking and channel separation layer sits in front of the gateway — your phone payment capture stays compliant regardless of which fraud tool is downstream.
What changes if you outsource the payment leg entirely#
A growing pattern in 2026: contact centres outsource the payment leg to a PCI Level 1 service provider, with the agent transferring the customer to a secure payment flow (web link, IVR drop-down, chatbot handover) rather than taking the card details themselves. That changes what fraud tools you need quite a lot.
The card never enters your environment, so the PCI scope drops dramatically and the value of DTMF masking is built in by definition. The voice biometric question moves from "do we authenticate the card data leg" to "do we authenticate the agent conversation," which is a smaller, easier problem. And the transaction fraud tool sits inside the service provider's stack rather than yours — you inherit their detection rate.
The catch is that you're inheriting somebody else's fraud risk appetite and somebody else's chargeback ratio. Worth checking the service provider's published fraud rates and asking how they tune the detection layer for merchants in your vertical. The good ones will share the numbers. The vague ones are vague for a reason.
This is the architecture we run for the contact centres we work with — the card leg moves to our PCI Level 1 environment, the agent stays on the call, and the fraud detection layer (transaction scoring, chargeback monitoring, BIN velocity) operates inside our environment without your team having to procure, tune, and pay for it separately.
Common mistakes when comparing fraud detection tools#
A handful of mistakes show up so often we'd put them on a fridge magnet. First, comparing tools by feature list rather than by detection rate on your traffic. Feature lists are written by marketing; detection rates are written by reality. Ask for the trial.
Second, ignoring the operational cost. A fraud tool with a 0.20% transaction fee but a clunky analyst UI may cost you more in fraud-team hours than a tool at 0.30% with a friendlier rules engine. Headcount is the hidden line item.
Third, assuming the chargeback guarantee is the right answer because the maths looks neat. The guarantee is right when your chargeback losses are above a threshold; it's wrong when they're below it. Calculate before you procure.
Fourth, buying the unified platform pitch. Most "all-in-one" fraud platforms are good at one layer and average at the other two. You usually do better picking the strongest tool per layer and integrating them properly than picking one vendor that does all three at a B-minus.
Fifth, treating fraud detection as a one-time procurement. The threat model shifts quarterly. The tool you buy in 2026 needs a quarterly review against new attack patterns or it slowly becomes furniture.
Where to start if you're rebuilding the stack#
If you've inherited a fraud setup that isn't working and you've got budget for one move this year, here's the order we'd argue for. First, get the cardholder data out of the contact centre — DTMF masking or channel separation, whichever fits your telephony. That alone usually fixes more than it should. Second, layer a transaction fraud tool against your gateway, sized to your actual chargeback exposure. Third, decide whether a voice tool earns its keep against your specific attacker profile — and benchmark against the actual detection rates, not the marketing numbers.
And benchmark honestly. Get the vendor to run a parallel scoring trial against your real traffic for a quarter before you sign. Most will agree. The ones that won't are usually the ones whose product doesn't survive contact with your data.
Next steps#
If you want to see how the scope-removal layer sits next to your existing fraud detection tools, the easiest path is to look at how it works in a live call. Our live demo walks you through the buyer and merchant sides of a masked payment in real time, and our team can map the integration against your current Sift, Kount, or voice-layer setup. Or if you'd rather start with the strategy paper, book a 20-minute fraud architecture review and we'll send you the comparison matrix we use internally — covering all the tools above plus the ones we haven't named here.
