When accepting and processing online payments, there are some unique challenges you can come to expect. Fortunately, there are plenty of tools already in place to help you tackle them. One of these challenges includes card-not-present (CNP) fraud, which can be a problem for merchants, card issuers and acquirers. According to a UK Finance report, CNP fraud is the most common form of card fraud, with both 2018 and 2019 seeing over 2 million cases in the UK alone.
This type of fraud can be difficult to prevent, as your customer is not required to physically present the card to you during the transaction. For this reason, many criminals see this an attractive opportunity for payment fraud. Fortunately, there are effective fraud prevention tools, such as CVV and AVS, which are designed to verify that the card is physically with your customer during the time of the transaction.
So, what is CVV, what is AVS and why they do matter? In this article, we will explain what these verification methods are and the important roles they play in helping to protect your business.
CVV refers to the “Card Verification Value” and is a security feature found on both debit and credit cards. Its location can vary based on the card’s brand. When your customers place an order through your online store, they are required to enter the CVV code found on the card they are attempting to use. This code will be a 3-4 digit number and will be unique to every card.
Card brands (such as VISA and Mastercard) require that you do not store your customer’s CVV codes. This includes storing the information digitally or even writing it down on a physical piece of paper. For recurring payments, your customer’s CVV codes can be used for the initial transaction, but they cannot be stored for future transactions.
|S||Should be on card but not so indicated|
|U||Issuer Not Certified|
|X||No response from association|
|(blank)||No CVV data available for transaction.|
AVS refers to the “Address Verification System” and is used in the UK, US and Canada to check the billing address of the cardholder with the card issuer’s records. It is one of the most widely used fraud prevention tools for card-not-present transactions.
During the checkout process, your customer must provide a billing address. The card issuer will compare this address with the one they have on their file. Once the billing address has been checked, the card issuer will send you a response code, that indicates the degree to which the addresses match. The risk assessment you have set up with your payment gateway will determine the response to these codes.
It is important to note that AVS will only check the numeric values of an address (the house number and post code) and not the alphabetical portions. However, it is still used as a credible tool for fraud detection.
All AVS response codes are a single alphabetical character. The following are the most common codes to expect:
|Y/X||Full Match||Address & post code match|
|W/Z||Partial Match||Post code matches, address does not|
|A||Partial Match||Address matches, post code does not|
|N||No Match||Neither post code or address match|
|R||Retry||System unavailable, retry|
|U||Unavailable||Address information is unavailable or the card issuer does not support AVS|