Credit card fraud can be a concern for anyone who accepts credit card payments, either in a brick-and-mortar retail setting or when selling products and services online.
Credit card processing typically uses both Credit Card Verification Value (CVV) and Address Verification System (AVS) to help prevent credit card fraud. The CVV is a three- or four-digit code on the card that indicates the user has physical access to the card. The AVS verifies that the billing address given by the buyer matches the card account holder's address. Mismatches in either CVV or AVS could indicate fraud.
This blog article addresses important issues regarding AVS and CVV and offers some tips on avoiding credit card fraud, especially with respect to online transactions. We also offer some specific details about the Site Builder (aka "Cool Tools") shopping cart e-commerce system that is available through our website hosting service.
You will find some excellent advice in all the linked articles near the end of this post, but the quote below is quite telling:
"Always use AVS and CVV/CV2/CVC (Card Verification) on every transaction you process. This will at the very least guarantee that the card holder has the card, and it is being billed to an address registered to the card.
If possible, check each order that is processed through your website. If you come across a suspicious order, call the customer to verify who they are. If the order is extremely large or talking to them is unconvincing, request them to fax a copy of their drivers license to you, and a signed invoice. These may be a small inconvenience to some of your customers, but the cost of fraud to your business is far greater than not taking the extra steps. Most customers are happy to verify information with you, as preventing fraud is a concern of theirs as well.
Also if you can, require a signature with every package that you ship. A signature is the only way to prove proof of delivery."
Be sure there's a good explanation if the address on the credit card does not match the purchaser's address. And be particularly wary of foreign orders, especially those from Nigeria, anywhere in Africa, Indonesia, and the Philippines.
If you suspect credit card fraud, immediately contact your credit card company/merchant account gateway company for advice, and be sure to keep detailed records of all transactions and communications with the buyer and any potential victims of stolen identity.
"Cool Tools" Shopping Cart Details
If you use our "Cool Tools" shopping cart systems with a merchant account, your shopping cart system records AVS and CVV responses from your merchant account gateway, but it does not automatically decline suspicious transactions. You are responsible for analyzing transactions that come through the shopping cart. (Check with your merchant account gateway company to see whether they offer any options for making the authorization process more restrictive.)
Here is a general explanation of how our "Cool Tools" shopping cart works:
The gateway processes the card based on the merchant's settings. Our shopping cart system accepts the order if the gateway says the transaction was approved and tries to report details (such as the transaction id) about the transaction back to the merchant. All merchants should review their orders before completing them (completing tells the gateway to capture the funds reserved during the original transaction). The gateway checks CVV and AVS information if the merchant has these options as part of their merchant/gateway account. Full details would be available by viewing the transaction in the virtual terminal provided by the merchant's gateway.
To reduce the chance of being the victim of a credit card fraudster, always carefully check the Fraud Screening section of your order processing page before you complete a credit card order. A message such as the one below, along with non-matching addresses in the order's Billing Information or Shipping Information sections, could indicate potential fraud:
Fraud Screening: AVS-Card code does not match
Note: CVV information may be unavailable for any number of reasons, none of which the shopping cart system controls.
For best protection, you need to use manual detection (e.g., checking each transaction carefully before you complete it) and set up your Gateway to be more restrictive about credit card transactions. The shopping cart system by itself cannot prevent credit card fraud.
We recommend that you checkmark Enable CVV in your shopping cart system's Store Manager (see 7. Payment Methods/Merchant Account). We also recommend that you checkmark Require Agreement/Consent CHECKBOX and enter an explanatory message such as "Please check this box to confirm your agreement to be responsible for payment on your order." in your Store Manager (see 4. Checkout Settings). You may want to display more detailed terms and conditions; this is just an example.
"Cool Tools" Shopping Cart Points to Remember
Your payment gateway (merchant account) allows you to process credit card transactions over the Internet. The merchant account/gateway interfaces with our shopping cart system. The gateway is responsible for verifying and processing the credit card orders.
Our shopping cart system does not restrict transactions based on CVV or AVS match; that is the gateway's responsibility. The shopping cart system does not screen or prevent transactions from going through (merely reports any responses from the gateway). It is the merchant's responsibility to check the records with the gateway if anything appears amiss.
General Article Links and Summaries
- What are AVS and CVV?
- Do I need to use AVS and CVV?
- What type of order is it?
- Will it make a difference in my transaction fees?
- So besides extra fees, what good are AVS and card code?
- How do I know what these cryptic response codes mean?
Security / Fraud Protection FAQs (from Payment Processing Inc. (PPI))
- How secure are PPI payment products and payment gateway?
- How can I remove the risk of fraudulent credit card use and resulting costs to me or my customers?
- What fraud screening does PPI offer?
- Am I liable for fraudulent card use or chargebacks?
- What is CW?
- What is CVV?
- What is AVS?
Details about CVV Security Codes and AVS Verification Security
Recommended best practices for preventing and responding to chargebacks.
Per Wikipedia, a "chargeback" is the return of funds to a consumer, forcibly initiated by the consumer's issuing bank. Specifically, it is the reversal of a prior outbound transfer of funds from a consumer's bank account, line of credit, or credit card.
Addresses 10 ways merchants can reduce credit card fraud (below) and lists top real-time payment gateway services (our "Cools Tools" shopping cart interfaces with most of these):
- Use Address Verification Service (AVS).
- Use Card Verification (CVV/CVV2).
- Use a Threshold Management Service.
- Scrutinize orders from free email accounts.
- Scrutinize orders with a different Ship to address than Bill to address.
- Scrutinize international orders / foreign credit cards.
- Understand that an Authorization Code does not mean the credit card is not stolen.
- Use an Advance Fraud Protection Service.
- Use a PCI (Payment Card Industry) compliant data storage service.
- Review and implement PCI standards policies.
- What does a fraudulent transaction look like?
- Businesses will always suffer more from fraud than consumers!
(Card testing and fraudulent orders are the two main types of credit card fraud.)
- Card testing (or carding).
- Preventing card testing.
- Fraudulent orders.
- Preventing fraudulent orders.
- Common fraudulent order flags.