FIS Modern Banking Platform
Advance your bank with a modern core platform.
WORLDPAY EDITORIAL TEAM
July 24, 2019
Every American merchant who has accepted a credit or debit card over the past few years should be well aware of the shift to EMV chip cards that took place in October 2015. Now when customers make an in-store purchase, they most likely insert cards into a POS terminal, rather than swipe in a magnetic stripe reader.
While that change has helped to protect card present purchases, . That means online purchases are more vulnerable today than ever before. And it just so happens that the with 77% of US merchants selling online.
So, how can for their customers and their businesses? A comprehensive fraud and chargeback prevention system should include using the Address Verification Service (also known as Address Verification System).
Customers might feel like they’re getting the third degree when it comes to making a purchase online, with more and more merchants requiring the credit card number, name on the card, Card Verification Value (CVV) code and, on top of that, zip code and/or full address. However, this extra information is for the sake of customers and merchants alike, because .
Ultimately, while AVS is not a perfect system, is does add a valuable, extra layer of security, particularly for card-not-present online purchases, one that protects both merchants and consumers. For that reason, online merchants are wise to use AVS as an extra security measure, and it’s worth the extra few seconds it takes to verify every customer’s address for online purchases.
AVS verifies the numeric portion of a cardholder’s address. For instance, if John Smith’s is making a purchase and plugs in his address as 1304 Main Street, Anytown, Illinois, 60473, the AVS will compare the numbers 1304 and/or 60473 with the address on file with the card issuer. The merchant is notified as to whether the numbers match or not, helping the merchant to make the wisest decision possible about authorizing a transaction.
AVS is one of the most widely used forms of fraud prevention for card-not-present purchases. Card associations or brands (for example, Mastercard, Visa, American Express) determine the rules and circumstances for banks and merchants when it comes to fraud and chargeback disputes. The associations favor merchants who use AVS, and a merchant is better protected when fraud disputes arise––and they will.
When a merchant makes sure to use AVS and receives a “full match” response, meaning the street address number and zip code the customer uses matches the numbers of the card issuer, it greatly reduces (but doesn’t eliminate) the merchant’s risk of a chargeback.
Without a positive AVS response, have fewer dispute rights. In addition, due to the extra security, merchants who process are given incentives such as better interchange rates and fees than those who do not.
When a merchant requests an AVS check on a transaction, the service automatically responds with a code that signifies how well the customer numbers entered match up with the address in the card issuer’s files. could be anywhere from a full match to a partial match to no match. And, based on that info, the merchant can make the decision whether to approve the purchase or decline it.
|Y||Address & 5-digit or 9-digit ZIP match||Address & 5-digit ZIP match||Address only matches||Address & ZIP match|
|A||Address matches, ZIP does not||Address matches, ZIP does not||Address & 5-digit ZIP match||Address only matches|
|R||System unavailable, retry||System unavailable, retry||Not applicable||System unavailable, retry|
|U||Information not available||Information not available||System unavailable, retry||Information not available|
|Z||Either 5-digit or 9-digit ZIP match, address does not||5-digit ZIP matches, address does not||5-digit ZIP matches, address does not||ZIP code only matches|
|N||Neither ZIP nor address match||Neither ZIP nor address match||Neither ZIP nor address match||Neither ZIP nor address match|
AVS applies to payments using VISA, Mastercard, American Express, and Discover cards. A merchant using AVS should follow these steps:*
Not every “no match” response is fraudulent. The AVS provides information, and the merchant must make the decisions. Often it’s worth the time to follow-up and get more information before declining a purchase.
This AVS response is a strong indicator of fraud, but in reality it could be a legitimate purchase. For example, a customer may have recently moved but has not yet notified his bank. You could follow-up by:
This is a typical response to an international order, which AVS data does not support. One solution might be to fax a credit card slip to the consumer, requesting a faxed signature to verify the order, or to ask for a scanned signature by email. This may not be the most cost-effective means for all international orders, so a dollar threshold could be established to determine what level of risk you’re willing to accept.
When your customer enters an address during checkout and clicks Submit, the following happens:
2. The credit card brand then sends this information to the issuer
3. The issuer compares the address numbers with the numbers stored on file
4. The issuer then sends an authorization status and associated AVS response code to your payment gateway
This process takes only a few seconds and is invisible to your customers.
The more fraud protection layers, of course, the better. And AVS authentication is one part of a multilayered fraud protection system to help ensure that valid transactions are approved, and those deemed suspicious are declined. AVS is not a guaranteed fraud prevention solution. Your payment gateway or payment processor should have other fraud protection layers in place, .
It’s best to discuss data security measures with your payment processor, card association, merchant account and bank. In the end, online merchants accepting card-not-present payments are vulnerable. Being extra cautious and discerning will better protect your customers and your business.