My Merchant Account Blog

Preventing Online Fraud

Saturday, December 23, 2006

One of the first things you need to do as a merchant is to verify the consumer.  On card-present transactions, this can easily be done by asking for a valid photo identification card, i.e.  a driver's license or state issued ID card.  On card-not-present-transactions, this is much more difficult for the merchant to accomplish. 

Basic Fraud Prevention Techniques - Steps One and Two

Address Verification

The first step in preventing fraud in a card-not present environment is called address verification.  The consumer will enter their billing address.  The gateway will send this information over to the transaction processor (usually First Data or Nova (Elavon)) for verification.  The transaction processor will send back some codes to let you know that the AVS was a match or not.  Usually this match is done on the street number and ZIP code only.  So if the street address was 1234 Main Street and the ZIP code was 90210, the transaction processor would take a look at 1234 and 90210.  The alpha characters are not verified. 

Once this is completed, you will want to seriously consider sending your product to the billing ZIP code.  This will help to prevent some of the chargebacks but will also cause some problems if the consumer works all day.  The shipping companies have become so inundated with packages from the ever-growing business, that they will drop the package at the door, not waiting for a signature.  Without a signature, you do not have proof of delivery. 

AVS is subject to a significant rate of "false positives" which may lead to rejecting valid orders as well as missing fraudulent orders.  If the cardholder has a new address or a valid alternate address (such as seasonal vacation home), this information may not be up-to-date in the records of the cardholder's issuing bank, so the address would be flagged as invalid.  Merchants typically do not rely solely on the AVS result to accept or reject an order.  Approximately 75% - 80% of online merchants rely on address verification service as a tool to help prevent fraud. 

CVV2 / CVC2 / CID

Card Verification Value 2 / Card Verification Code 2 / Card Identification Number

Visa calls the three digit number a CVV2 (Card Verification Value 2).  MasterCard calls it CVC2.  American Express and Discover call this CID.  This number is found on the back of the of Visa, MasterCard, and Discover cards.  It is a four digit number on the front of American Express.  At first the card associations came out with this number to curb fraud.  The card associations told the merchants - do not store this number.  They thought this would potentially stop most of the fraud.  However, these numbers can be obtained by fraudsters just as credit card numbers are obtained.  The CVV2 / CVC2 / CID usage by online merchants has continued to increase rising from 44% of online merchants using this tool in 2003 to 66% today.  It appears that asking for the CVV2 / CVC2 / CID has become standard practice for many online merchants in 2005. 

The purpose of card verification number in a card-not-present transaction is to attempt to verify that the person placing the order has the card in their possession in order to provide the additional security digits.  Requesting the card verification number during an online purchase can add a measure of security to the transaction.  Approximately 66% - 75% of online merchants rely on this number to help reduce fraud.

Comments

Name
URL
Email	Email address is not published
Access Code
Please enter the access code
Remember Me
Comments