This post is contributed by Collin Haberl, who works in business development for Litle & Co., a Vantiv company, where he introduces shopping cart providers, nonprofit donation platforms, and ticketing platforms to Litle’s automated onboarding API. Litle powers payment processing for companies that sell direct to consumers and is a leading authority in card-not-present (CNP) commerce.
For ecommerce merchants shipping physical products, fraud tools are in high fashion. Payment processors and gateways across the card-not-present (CNP) space have touted the benefits of filters, database checks, alerts, and custom dashboards, and these SAAS models have become increasingly popular. While many of these managed services have helped merchants deter scammers and protect their inventory, too often the most basic best practices are overlooked. Let’s take a moment to review address verification service (AVS).
AVS is designed to verify a cardholder’s billing address with the card-issuing bank. Merchants pass the numeric portion of the customer’s address and their ZIP code, and once the check is completed by the issuing bank a response code is returned. In order to ensure that the AVS check is accurate, merchants should ask for the billing address as it appears on the cardholder’s monthly statement and pass the additional information along with the authorization.
In order to get the most benefit from AVS, a merchant should:
A) convey the numeric portion of the address and the ZIP code along with the transaction; and,
B) establish business rules that determine how to act on the response codes.
A “partial match” may be returned per the AVS result code and in this case either the numeric portion of the address OR the ZIP code has returned a match, but not both. While this does not necessarily suggest fraudulent activity, the recommendation is to research these transactions further. Merchants should be on the lookout for certain red flags such as large bulk orders, overnight shipping, multiple units of the same product, and orders shipped to an address that differs from the billing address.
Whereas “partial match” responses should trigger additional research, “no match” responses should prompt close review. These transactions may still be legitimate despite failing an AVS check – for example, the cardholder may not have an updated address on file with their bank. However, the correlation with fraud-related activity is strong enough that it’s worth a phone call or an email to the cardholder, or to the issuing bank, to verify the cardholder’s identity.
A wide variety of managed service fraud tools are available to merchants, and these services can provide value and peace of mind. With that said, we at Litle & Co. find that basic services like AVS can enhance security and reduce exposure to fraud. Closing security loopholes can be as simple as implementing tried and true best practices like AVS.
To learn more about AVS and other best practices for your payments program, download a free eBook from Litle & Co.: Practical Payments: 10 Approaches to Consider in Card-Not-Present Commerce.