| This article talks about a very important issue for | | | | limitations, because this may impact your |
| Internet merchants . . . preventing online fraud. | | | | decision-making about how to treat bad |
| Most of the attention in the press surrounding | | | | verification results: |
| online fraud is focused on consumers...whether its | | | | -The AVS system isn't always reliable; bad results |
| having their credit card numbers stolen by | | | | can be triggered unnecessarily because people |
| hackers or being suckered into giving their | | | | move, or because some people report five-digit |
| personal and financial information by a phony email | | | | zip codes and some report nine-digit zip codes. |
| phishing scam. But barely any attention has been | | | | This may generate a response stating that the |
| given to the other side of the coin...the Internet | | | | address matches, but the zip code does not |
| merchants who are defrauded by crooks posing | | | | match. |
| as legitimate consumers. | | | | -The AVS system can't handle addresses outside |
| One of the first things you need to do as a | | | | the U.S., so if you decide to ship only to |
| merchant to prevent fraud is to always verify | | | | addresses with good AVS results, you will rule out |
| who the consumer is. On card-present | | | | all international orders. Online merchants typically |
| transactions, this can easily be done by asking for | | | | do not rely solely on the AVS result to accept or |
| a valid photo identification card, for example, a | | | | reject an order. Most online merchants use the |
| driver's license or state issued ID card. On | | | | address verification service as part of an overall |
| card-not-present-transactions, this is a much more | | | | fraud prevention program and in conjunction with |
| difficult task for the merchant to accomplish. | | | | several other tools to help them prevent fraud. |
| There are two basic steps that every online | | | | Now we'll talk about the second step in basic |
| merchant should follow to ensure that the | | | | fraud prevention - Card Code Verification |
| consumer is legitimate. | | | | To help reduce fraud in the card-not-present |
| The first step in preventing fraud in a card-not | | | | environment, credit card companies have |
| present environment is called address verification | | | | introduced a card code program. Visa(R) calls this |
| or AVS. The consumer should be required to | | | | code Card Verification Value (CVV); |
| enter their billing address when they are filling out | | | | MasterCard(R) calls it Card Validation Code (CVC); |
| their credit card information. The payment | | | | Discover(R) and American Express call it Card ID |
| gateway will then send this information to the | | | | (CID).. The card code is a three- or four- digit |
| payment processor for verification. The payment | | | | security code that is printed on the back of cards. |
| processor will then pass the address information | | | | The number typically appears at the end of the |
| to the issuing bank who will then match that | | | | signature panel. This program helps validate that a |
| information with the address information they | | | | genuine card is being used during a transaction. |
| have on file for that card. The payment gateway | | | | Card code verification works similar to address |
| will then send back some codes to let you know | | | | verification. The payment gateway passes the |
| whether or not the AVS was a match. AVS only | | | | code entered by the consumer to the payment |
| compares the street number and ZIP code | | | | processor who then compares it to what is on file |
| against the information on file with the card issuing | | | | at the card issuing bank. The payment gateway |
| bank.. So if the street address was 1234 Main | | | | then returns a code to let you know whether the |
| Street and the ZIP code was 90210, the | | | | numbers matched. This helps to verify that the |
| transaction processor would compare 1234 and | | | | person using the card has the card in their |
| 90210 with the issuing bank's information. | | | | possession at the time they place the order. |
| Once this process is completed, you will get an | | | | We advise all merchants to require this code for |
| AVS code that tells you how well the address | | | | all credit card transactions to help combat fraud. It |
| matched the bank's records. If you get an AVS | | | | is important to note however that these numbers |
| code indicating that the address and/or zip code | | | | can be obtained by fraudsters just as credit card |
| do not match, it is up to you to decide whether | | | | numbers are obtained if they are stored by the |
| you wish to accept the risk and ship the goods to | | | | merchant. It is for that reason that the card |
| the customer. We recommend that you do not | | | | associations prohibit merchants from storing these |
| ship goods in cases where the zip codes do not | | | | codes in their system.The use of CVV2, CVC2 , |
| match. This will not only help to prevent | | | | and CID by online merchants has continued to |
| chargebacks but will also prevent problems from | | | | increase, rising from 44% of online merchants |
| occurring if the consumer works during the day. | | | | using this tool in 2003 to 66% today. It appears |
| The shipping companies have become so | | | | that asking for the CVV2 , CVC2, and CID has |
| inundated with packages from the ever-growing | | | | become standard practice for the majority of |
| Internet world that they will drop the package at | | | | online merchants. |
| the door, often times not waiting for a signature. | | | | So there you have it. Two very basic and easy |
| Without a signature, you do not have proof of | | | | fraud prevention tools that every online merchant |
| delivery. And without proof of delivery it is very | | | | should use to prevent fraud and eliminate |
| hard to fight a chargeback. | | | | chargebacks. |
| It is important to know that AVS has some | | | | |