Skip to main content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Smart Bulletin No. 003

Phone Fraud Scams

This Smart Bulletin was Archived on July 6, 2023


DateVersion History Action Log - Summary of Action/Changes
March 9, 2007Implementation of Smart Bulletin #03
July 6, 2023Archived
March 22, 2024Revised for administrative updates

Effective Date

From Issuance through July 6, 2023

Business Line(s) Affected

Purchase, Travel, Fleet, and Integrated


The purpose of this GSA SmartPay Smart Bulletin is to inform customer agencies of a new type of phone fraud scam involving the Card Verification Value 2 (CVV2) code on the back of charge cards. Although this office cannot confirm any specific incidents of this particular scam involving government cardholders, VISA has confirmed that similar scams exist.


The GSA SmartPay Office has been made aware of a new type of phone fraud scam in which criminals who already possess personal information such as names, account numbers, and addresses ask you to verify the 3-digit Card Verification Value 2(CVV2) code on the back of your card. The CVV2 code is often asked for by merchants so that they can secure “card not present” transactions occurring over the Internet, by mail, fax, or over the phone. In many cases, the cardholder is fooled into a false sense of security by the criminal (generally posing as a bank “fraud investigator”) revealing a portion of the cardholder’s personally identifiable information before asking them to “verify” the CVV2 code on the back of their card.


Cardholders should be aware that banks or associations will never ask for personal information via phone or email unless the call was initiated by the cardholder. Never reveal any personal information when solicited via phone or email. Instead, if unsure, contact the bank or association directly using a phone number or email address you know is valid, to confirm that you are speaking with an authorized employee. Never use any phone numbers or hyperlinks provided to you in unsolicited phone calls or emails. Instead, use the phone numbers provided on the back of your card, or manually enter a url that you know to be official into a separate browser (i.e. close the website in question and re-open a web browser such as Internet Explorer, Netscape, or Firefox to enter a url address that you know to be authentic).

For more information on how to protect yourself against common scams, fraud, and identity theft, please visit the following association links:

An official website of the General Services Administration

Looking for U.S. government information and services?