As an eCommerce merchant handling primarily or exclusively card-not-present (CNP) transactions, you can generally expect to experience more payment card fraud than retailers who operate brick-and-mortar establishments.
This unfortunate reality is largely due to the fact that — in contrast to face-to-face transactions — you can’t physically verify the identity of buyers who make online CNP purchases. This single difference has a dramatic impact on fraud. According to a report by the European Central Bank, CNP transactions account for “80% of the value of [all] card fraud.”
Now, there are ways to fight back against CNP fraud. One of the oldest and most reliable fraud prevention tools you can deploy is the Address Verification Service (AVS).
AVS is a system that checks for a match between the address submitted by the buyer at checkout and the one on file with the issuing bank. If a mismatch is identified, the purchase is deemed to be fraudulent, and the buyer is blocked from checking out.
But how exactly do AVS tools work, and how can they benefit your business? How can they help you combat chargebacks and post-transaction fraud? In this article, we address these important questions and provide practical tips for implementing and deploying AVS at your business.
The Address Verification Service (AVS) is a fraud prevention tool that checks to see whether the billing address provided by the customer at checkout matches the address on file with the issuer.
Invented in the 1990s in response to rising card-not-present (CNP) fraud stemming from the then-nascent eCommerce industry, AVS today is a staple of any online merchant’s fraud prevention arsenal.
Read MoreAVS doesn’t verify the entire address. In fact, only the street numbers and the zip code in an address are compared against the data on file with the issuer. The reason for this is simplicity: street names and zip codes are standardized, and few variations exist.
By contrast, street and city names can be spelled differently, which could lead to complications or mismatches. This numbers-only shortcut, however, is not without its own flaws, and edge cases may lead to false declines.
Read MoreAt the conclusion of an AVS check, the system will output a response code. There are more than two dozen AVS response codes; these single-letter codes vary depending on card network, and each will represent either a full match, partial match, or no match between the address entered by the cardholder and the one on file with the issuer.
Certain AVS response codes are exclusively reserved for instances when AVS is unavailable, such as when the card is associated with a foreign issuer that does not support AVS.
Read MoreAs one of the oldest eCommerce fraud prevention tools, AVS is easy to implement, virtually universally supported by major payment gateways, cheap to run, and frictionless for customers. It also works in real-time, which allows merchants to subject certain transactions to manual review.
This rare combination of affordability, speed, and effectiveness has made AVS one of the most commonly used fraud prevention tools. When configured and deployed using best practices, AVS can go a long way toward preventing CNP fraud.
Read MoreAVS can’t neutralize a merchant’s fraud risks on its own. For example, it is powerless against first-party fraud carried out directly by the cardholder (who knows their own billing address). It’s also ineffective against the more sophisticated forms of CNP fraud.
While low-cost, AVS isn’t entirely free. Merchants will have to pay between $0.01 to $0.05 for every verification, which can add up for large-volume sellers. And, the shortcuts that AVS employs can lead to both false positives and negatives.
Read MoreSuccessfully implementing AVS at checkout is a crucial milestone, but getting the most out of this fraud prevention tool requires active and ongoing maintenance.
A robust risk decisioning framework, for example, can help merchants use broader context clues like industry-specific variations, geographic distinctions, and transaction volume. This will help make intelligent decisions on how to treat transactions that return different AVS response codes.
Read MoreAVS checks rely on a numbers-only verification approach. This, combined with a lack of broader context, means that AVS may completely ignore nuances like acceptable variations in a zip code or changes in a cardholder’s billing address due to a recent move.
On top of that, AVS is only supported in the US, Canada, and UK. This means merchants who accept cards issued by foreign financial institutions can’t depend on AVS as a fraud prevention mechanism.
Read MoreOne common — but incorrect — assumption among merchants is that using AVS automatically shields you from chargeback liability. Unfortunately, this is not true; even an AVS check that returns a perfect match probably won’t be sufficient evidence to win a dispute resulting from an invalid cardholder claim.
To increase their odds of winning disputes, merchants should see AVS as just one piece of the puzzle. Ultimately, successfully keeping chargebacks at bay will require a multi-layered approach to fraud prevention.
Read MoreAVS is easy to implement; simply configure it within your payment gateway. But, merchants shouldn’t settle for default configurations.
Carefully designing a checkout form to minimize data entry errors and thoroughly testing the AVS in a pre-production environment prior to launch will allow merchants to get started on the strongest foot possible.
Read More
No. Address verification services (AVS) are only supported by certain financial institutions in certain countries. For example, many banks outside the US, Canada, and the UK do not support AVS.
Yes. Merchants who use address verification services (AVS) send address information submitted at checkout to credit card companies for verification. The card issuer then determines whether the address provided by the customer matches the one on file with the issuer.
You can use a bank statement, utility bill, mortgage statement, credit card statement, or an official government-issued document to verify your address.
Yes. Regulations like the Bank Secrecy Act (BSA) in the US require that banks implement customer identification programs (CIP), through which financial institutions will verify a customer’s address at account opening.
Address Verification Service (AVS) is a fraud-prevention tool that verifies the billing address given by the customer at checkout. The tool matches the address provided against the one associated with the cardholder’s account, and flags address mismatches as potential fraud.
With AVS, the buyer enters their address at checkout and submits the order. The processor then compares the address information to the address on file with the issuer. Note that only numeric values (street number, box number, zip code, etc.) are compared. A response code is generated based on one of 6 conditions: full match, no match, partial match address, match-zip code, data unavailable, or international address. The merchant can then take action based on that response.
The card networks assess a per-transaction AVS fee of $0.01 for card-not-present charges and $0.05 for card-present charges.
No, AVS is not mandatory for merchants. However, it is extremely useful in combination with other fraud prevention methods, and is a highly-recommended tool for fraud detection.
