- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic to the Top
- Bookmark
- Subscribe
- Printer Friendly Page
Fraud Prevention Tools Series - AVS
[ Edited ]- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Email to a Friend
- Report Inappropriate Content
03-01-2010 11:45 AM - last edited on 03-01-2010 04:32 PM
The Address Verification Service is a security feature that was developed by the card associations as a way to reduce risk in card-not-present transactions by checking parts of the billing address provided by the customer against the address on file at the issuing bank. At this time, this feature is really only supported by issuers in the US, Canada, and the UK. It may work with a few issuers in other countries, but don't be surprised if it doesn't. It is important to understand what AVS does and doesn't do, because there are many common misconceptions about how this system works. AVS only looks at the numeric portion of the billing address, which means that the correct house number with the wrong street will pass AVS. For example, if the address on file is "123 Main Street, Redwood City, CA 94065", and the address sent is "123 First Street, Redwood City, CA 94065," AVS would pass. All that AVS sees is "123" "94065", and both examples have that, so AVS returns a match. One quirk to be aware of, that has an especially noticeable effect in major cities with numbered streets, is that if the address submitted had been "123 1st Street, Redwood City, CA 94065," AVS would have seen "1231" "94065" and would have only returned a partial match, since the street address does not match but the zip code does. For this reason, merchants will often accept partial matches in addition to full matches.
It is also important to understand that AVS does not confirm whether an address or name is valid. Since it only keys off of the numeric values, that makes sense.
Typically, a decision should be made before launch to determine which (if any) AVS codes should be rejected by default. My typical recommendation for merchants at launch is to reject "No Match" orders and accept partial match and above. Because of the differences among processors, I'll refrain from exhaustively enumerating exactly which letter codes are involved, but an example is rejecting AVS codes of "N" or "I8."
The use of additional tools can allow these rules to be relaxed. For example, a merchant using a scoring engine might decide to accept AVS "No Match" codes when the score is below a certain threshold, like 25 (this is an arbitrary example, I would definitely suggest doing a rigorous analysis to determine the right point). Note, however, that you may pay a higher rate or lose some chargeback protection by accepting transactions without an AVS match, so be sure that you make a decision whether this is an acceptable level of risk before deciding to take non-matching transactions.
A further strategy to minimize the effects of false positives on the business is to manually review transactions that do not pass AVS, but that do have an authorization code. Depending on the customer base and business model, some merchants may have a very high rate of "no match," so a review strategy will greatly help reduce the insult rate (for those of you unfamiliar with the term "insult rate," that's the rate of false positives, good customers that are rejected incorrectly). Bearing in mind that an AVS mismatch does not definitively identify fraud, facilitating conversion through Customer Support is another possibility, albeit a costlier and potentially less effective one.
Source(s):
Merchant Guide to the Visa Address Verification Service - https://www.wellsfargo.com/downloads/pdf/biz/merch
