AVS and Chargeback Fraud
Fighting and preventing chargeback fraud is top-of-mind for merchants, credit card associations, issuing banks, and acquirers. In other words, everyone involved in the business of buying and selling wants to make sure that chargeback fraud is not hurting the industry.
With recent news about security hacks and breaches, customers are asking merchants tough questions regarding the security of their credit card data. Merchants need to be able to explain how they’re protecting customer data and what their policies and procedures are when a breach is discovered.
Using a multilayered fraud risk prevention strategy is one of the best approaches merchants can take to prevent and mitigate fraud. A true multilayered approach should use a combination of fraud prevention and detection strategies to detect and prevent fraud. These strategies work in concert to provide layers of fraud security and monitoring. The key to an effective multilayered fraud prevention strategy is to use the right combination of security measures at the right time.
One common element of a purposeful multilayered fraud prevention strategy is Address Verification Service (AVS). This fraud prevention system is typically one of the first layers in this multilayered approach, and when used properly can be effective in preventing fraudulent transactions.
What is AVS?
AVS works to verify that the address entered by the customer at the point of an e-commerce transaction is in alignment with the cardholder address. While AVS is a MasterCard service designed to stop card-not-present fraud, it is widely used by major credit card companies. AVS applies to cardholder addresses from the United States, Canada, and the United Kingdom.
Invisible to customers, AVS works within mere seconds to run a compare on the address entered during checkout to that on file with the card-issuing bank. Once the addresses are compared, the issuing bank returns an AVS code to the merchant. Based on the AVS code, the merchant’s system then decides to accept or decline the transaction.
The key here is having an intelligent rules engine in place in the payment gateway to read and react appropriately to the returned AVS code. Unlike chargeback reason codes, AVS codes do not have specific mandated responses, and it’s up to the merchant to determine how they want to proceed.
The AVS Authentication Process
When the customer enters their address during the checkout and clicks Submit, the following happens:
- The merchant’s payment gateway transmits the address data to the customer’s credit card-issuing bank.
- The issuer compares the submitted address to the address on file.
- The issuer then sends an authorization status and AVS response code to the merchant’s payment gateway.
- The AVS code is interpreted by the payment gateway rules engine and the transaction is either approved or denied.
The key for merchants is in understanding what is data is considered during the address compare step. When the customer enters their entire address, only the numeric portion of the address is verified by the issuer. Typically, only the residence number and ZIP/postal code are compared. This means that it can be challenging to effectively compare the addresses when the customer enters an address for an apartment or suite. Also, the street name might not be a match, but if the house number and ZIP code matches then the transaction may be approved.
Based on the compare results, the issuer sends an AVS code that indicates the results of the address verification process. For example, an AVS code of A indicates that the address matches but the ZIP code doesn’t match. The merchant’s payment gateway must then decide how to proceed—the approval or decline is determined by the rules set up on the payment gateway by the merchant.
Understanding How AVS Codes Work
Just like chargeback reason codes, each credit card brand has its own system of AVS codes. Additionally, there are instances when the AVS code does not apply to one credit card brand but does apply to another.
This adds a layer of confusion to the AVS authentication process and highlights why AVS cannot be used as the only method of chargeback fraud prevention. Merchants must review the documentation provided by their credit card brand to clearly understand the AVS code information. For an example of common AVS codes, review this AVS code chart and then take the time to review the official credit card brand AVS code documentation.
Using an end-to-end solution can ensure that your payment gateway is configured to respond to and manage AVS code responses. With a customized rules engine, merchants can make AVS authentication an effective layer of their multilayered fraud prevention strategy. There is a fine line between being too aggressive with the AVS code rules engine and in not being aggressive enough. Working with a team of chargeback fraud prevention experts can provide merchants the guidance and insight to know how to best configure the rules engine to stop fraudulent transactions.
Is AVS a Complete Chargeback Fraud Prevention Strategy?
AVS is not a complete chargeback fraud prevention strategy. Because of the ambiguity of the AVS codes and the lack of global international support, AVS should not be considered as a single, comprehensive fraud prevention solution.
Merchants should use an end-to-end solution that employs AVS in conjunction with other fraud prevention mechanisms, such as CVV, biometric analysis, IP address verification, 3D Secure, and device authentication.
Do not rely on one element of chargeback fraud prevention technology to protect your customers and your business. With the right combination of technologies that match your unique customer base and selling options, you can provide the kind of service that your customers will be happy to loyally patronize.
Contact us to learn more about chargeback fraud prevention and the latest in security technology.