The Address Verification System (AVS) is a system used to verify the identity of the person claiming to own the credit card. The system will check the billing address of the credit card provided by the user with the address on file at the credit card company. The other security features for the credit card include the CVV2 number. At present, only a few countries support AVS on Visa® and MasterCard, notably the USA, Canada and the United Kingdom. American Express does not support AVS in other countries than the USA.

The Address Verification System was originally used in the case of in person purchases where merchants could verify cards because they had embedded holograms or on-card photo ids. However, this does not help with online, phone, or mail transactions. But, AVS can provide secure payment gateways by having the merchant verify credit card data, such as billing address and zip code, against the Visa®/Mastercard billing information of the cardholder. This layer of security protection allows merchants to further investigate a transaction if the billing information provided by the Address Verification System does not match that the customer provides.

It benefits the merchant to use the Address Verification System because they are fully liable for all transactions they take that are performed without the person being in front of them. So if they accept a fraudulent transaction, they experience what is known as a chargeback. A chargeback refunds the customer from the merchant’s bank account. In addition, the merchant must pay a fine to the bank and credit card associations penalize them.

By using the Address Verification System, a merchant can protect both the customer and yourself from counterfeit charges. To learn more about the AVS,  click here.

Introduction

Credit card fraud is something that can never be completely eliminated, but rather something that must be managed. Merchants must develop a delicate balance between using safeguards to prevent fraud and not creating too many hoops for customers to jump through. In Part #1, we talked about fraud prevention basics like AVS and how-to authorize transactions properly.

After a credit card processor or registration service approves an order, the merchant needs to perform additional checks, as fraudulent orders sometimes are approved. The merchant should not depend on the credit card company, or the registration service, to stop all fraudulent orders.

Tools to combat Fraud

There are many tools out there to help combat fraud and to list them all will easily fill another article. In order to identify the best solution or your business, you must clarify these questions first:

• Are you in danger of losing your merchant account by running chargebacks above 1%?
• Do you want to handle fraud and chargebacks yourself or focus on your main business instead?
• Out of 10 chargebacks, how many are due to fraud?
• How much time and resources (staff, money, etc.) do you currently spend on fraud & chargebacks?

One you have the answers to these questions you are fully prepared to seek the best solution for your business. For a great comparison of the most common fraud tools out there, subscribe to our newsletter and stay tuned for upcoming articles.

Card Verification Methods (CVM)

Card Verification Methods (VISA = CVV2, MasterCard = CVC2, and American Express = CID use a security code of 3 or 4 extra digits imprinted on the card, but not embedded or encrypted in the magnetic stripe. This verification code does not appear on credit card receipts. Since most fraudulent transactions result from stolen card numbers rather than the actual theft of the card, a customer that supplies this number is much more likely to be in possession of the credit card. VISA claims that the use of AVS with CVV2 validation for card-not-present transactions can reduce chargebacks by as much as 26%.

Merchants that accept Internet, mail-order, and telephone orders must be prepared to request the verification code when the cardholder is not present to help validate a transaction. Even if a merchant cannot confirm the CVV2 number, they can still ask for it, or provide a space for the number on their web order form. If the crook does not have the number, they could look somewhere else to commit their fraud. The merchant is not allowed to store the CVM numbers. This is against PCI compliance regulations and can cost you tens of thousands of dollars for every single violation. Be careful not to store the CVM codes at any time.

Payer Authentification Programs:

Authentification programs (Verified by Visa and MasterCard’s SecureCode) use personal passwords to ensure the identity of the online card user. If merchants use this program, card issuers may occur some of the losses for online fraud that was previously entirely borne by the merchants. If merchants do not participate, they remain liable for the losses.

The pop up windows for authentification can be blocked if card holders have installed software to disable pop-ups. This also adds an extra step in the ordering process. There is also an additional processing fee incurred by the merchant. Another loophole is if the customer claims they never received the merchandise. We have seen information indicating Visa always trusts their card holders, so the customer gets their money back and the merchant gets stuck with a chargeback.

Even if Visa rules against the merchant, the merchant can still take the customer to small claims court. If the merchant can prove the customer did receive the product, the merchant is entitled to recover the value of the product plus all their costs when they win. Most licenses included with software includes a clause concerning court actions. This is one more reason to keep accurate records, document customer phone calls, keep copies of emails, delivery signatures, and web logs.

BIN CHECK

The first 6 digits of the credit card are called the Bank Identification Number (BIN). You can determine if the credit card holder and the issuing bank for the credit card are located in the same country. Legitimate users sometimes use a credit card from another country. You can enter the BIN of a credit card number at http://www.bindatabase.net. The site provides the bank name, card type, and a 3 character code for the country.

CALLING THE CARD-ISSUING BANK

When you call the card-issuing bank, have your merchant number, your phone number, the customer’s full name, address, and phone number ready. You can ask the card-issuing bank to make a courtesy call to your customer to verify the charge.

DIFFERENT BILL AND SHIP TO ADDRESSES

Use Google to search for the numeric street address, street name, and zip code. The web site at http://www.anywho.com integrates telephone numbers, maps, and email addresses. Check for bogus billing addresses like 123 Main Street. Use resources like http://maps.yahoo.com to see if the address can be verified. If the billing and shipping addresses are different, request telephone numbers for both addresses. You can also establish a company policy and charge an extra fee to recover your costs to require a delivery signature (UPS, Federal Express, post office) if the billing and shipping addresses are different. You could require advance payment with a cashiers check or money order when different ship to and bill to addresses are used.

Be careful of remailing services, such as Mailboxes, etc. Remailing services can remail your packages to overseas destinations.

Coming up next week: Learn the advanced database management techniques that will make fraudsters frustrate. And don’t forget to enter the Sweepstakes at http://www.SocialBusinessBank.com/win. It’s payback time. Till then, I’m waiting to hear some feedback from you. Contact me personally at Twitter (personal account).



Introduction:

This article suggests preventative methods and post-order procedures that merchants can perform to minimize credit card fraud. When a brick and mortar merchant accepts a credit card, and the charge is authorized, and assuming the merchant conforms to regulation, the merchant will get paid, even if a stolen card is used.

Want to win 1 year of free credit card processing? You should check out the Sweepstakes currently going on at http://www.SocialBusinessBank.com/win.

Liability for fraud shifts from the card issuer to the merchant for ‘Card Not Present’ sale (mail order, telephone/fax order, and internet sales). The merchant is generally liable for credit card charge backs, even when the bank has authorized the transaction. After a merchant is stung by a fraud, the credit card processors often hike their rates, citing increased risk. The merchant also risks losing their accounts with the card companies if their fraud rate gets too high.

Everyone points fingers at everyone else (processors, banks, VISA/MasterCard, and the merchants). Law enforcement and government agencies tend to only investigate big cases. No one takes the blame for credit card fraud.

Forbes claims most credit card numbers are still stolen the old-fashioned way. Unethical retail store clerks and restaurant employees steal card numbers often using hand-held skimmer devices. A scam artist can go through the trash of any merchant (brick and mortar or e-commerce) or customer garbage, get valid credit card numbers, and use them on the Internet.

Industry analysts and e-merchants claim the credit-card companies have yet to come to grips with the full scope of the problem. None of the credit-card associations disclose exact loss-rate figures for fraud – Visa, MasterCard and American Express claim to have a handle on the problem overall.

Follow the Rules

Your chargeback rate is the risk indicator used by all processors to determine your processing rates. High chargeback ratios equal high risk; and the higher your perceived risk, the more likely contingencies such as rolling reserves, pay-out delays and high fees will be part of your merchant agreements.

If you suspect a fraudulent order being placed with your company, place a verification call and inform your processor of any fraudulent transaction. Everyone wins when the processor, the card issuing bank and the card holder are notified of a fraudulent or suspected fraudulent transaction.

Authorize the Transaction

Authorization approval does not mean that the merchant is guaranteed payment. Approval only indicates that at the time the approval was issued, the card hasn’t been reported stolen or lost, and that the card credit limit has not been exceeded. If someone else is using the credit card number illegally, the card holder has a right to dispute the ‘approved’ charges.

Address Verification System (AVS)

In the US, AVS checks if the cardholder’s address and zip code matches the information at the card-issuing bank. AVS only uses the zip code and numeric portion of the billing street address. There are many reasons why AVS may fail (recent address change, AVS computers down, etc.).

If the address verification fails on any level, the merchant may decline the transaction. If the AVS fails for any reason, the merchant should contact the customer for additional information (for example, the name of the issuing bank, the bank’s toll-free telephone number, etc.).

If your current system of authorization approval cannot provide AVS, then you can get address verification from the card holder’s issuing bank for MasterCard and VISA. Discover and American Express purchases can be verified by calling them directly.

Once a fraudster has a legitimate customer name and the stolen credit card number, they can use the Internet to look up their victim’s telephone number, address, and zip code. This allows a software purchase to pass AVS, and the fraudster can download the software before the fraud is reported. With orders that are shipped, the thief can provide the correct billing address for AVS approval, but request a different ship to address.

Coming up next week: Learn the advanced techniques that will make fraudsters frustrate. And don’t forget to enter the Sweepstakes at http://www.SocialBusinessBank.com/win. It’s payback time. Till then, I’m waiting to hear some feedback from you. Contact me personally at Twitter (personal account).