Posts Tagged ‘credit card verification’

Address Validation Service vs. Address Verification Service (AVS)

Some terms sound similar but aren’t actually interchangeable – like sympathy versus empathy or good versus well. In the data quality business, two similar phrases with totally separate meanings are Address Validation service versus Address Verification service (AVS) – and these have very important distinctions if you process credit cards. However, when used together, they can solve common credit card processing issues and increase sales, decrease fraud and provide better customer experiences. Let’s look at the differences between these two capabilities and how they can be used together.

Address Validation service vs. Address Verification service (AVS)

First of all, an Address Validation service ensures that your address is correct and deliverable – and often corrects addresses when necessary. An Address Verification service (AVS), by comparison, is supplied by credit card companies for fraud prevention. It is part of the credit card authorization process, ensuring that components of an address correspond to a specified credit card number the issuing company has on file.

A good example of Address Validation is our flagship DOTS Address Validation – US service (along with its Northern counterpart, DOTS Address Validation – Canada). As for credit card transactions, there are varying but very similar versions of Address Verification Service (AVS) created by most major credit card issuers in the US and other countries to use with their authorization process. Here are some key differences in the way these two systems work:

Address Validation – US is a CASS CertifiedTM service that links directly with up-to-date USPS address data, together with other authoritative data sources, to verify – and if necessary, correct – a supplied delivery address. Address Validation – US also goes far beyond simple street address checking, including Delivery Point Validation (DPV) to make sure an address is deliverable, verifying suite numbers, and flagging residential versus business addresses.

AVS, by comparison, checks an address against the one on file with the issuer of the credit card being authorized. As this article describes in detail, AVS only compares the numerical portion of a street address and the ZIP code against a credit card provider’s records. It then either approves the address or returns one of several error codes, outlined in this Wikipedia summary.

When to use Address Validation and AVS

So, should you use Address Validation or AVS for credit card transactions? The answer is that both are very important, depending on your situation. Here’s why:

  • Using AVS with unvalidated addresses can lead to false negatives that decline legitimate sales and lose business. Validating an address before submitting to AVS can help prevent false-negatives.
  • AVS doesn’t guarantee deliverability – so a misspelled street or city name could still leave your package lost at the wrong address or loading dock, causing financial losses as well as possible brand damage from unhappy customers. Address Validation checks and corrects for deliverability.

The best of both worlds

With thoughtful business logic, you can harness the strengths of Address Validation to correct addresses BEFORE submitting them for authorization, decreasing the number of false negatives.  This increases sales and provides confidence in declined authorization attempts. In addition, incorporating contact-data-hygiene best practices that ensure the address provided is accurate and deliverable reduces the cost of mis-shipped products and increases customer satisfaction.

Managing credit card transactions

It is important to understand that there are multiple approaches to managing your credit card transactions, including both automated tools and human approval procedures (we devoted an entire article to this recently), including our own BIN validation capabilities for checking credit card types and validity. Every strategy has its pros and cons, and there is always a balance between preventing fraud and chasing away valid sales and customers.

Need to take a deeper dive into credit card processing and data quality? Contact our knowledgeable product experts anytime, and we’ll be happy to discuss your own situation in more detail.

Credit Card Validation: Your Questions Answered

You’ve got questions? We’ve got answers! This is the first in a series of articles exploring common user questions about our products and how they can be used in business use cases, based on what you’ve asked our sales and technical support teams. We hope you’ll find these enlightening, interesting – and even fun to read!

For our first topic, we’ve chosen an area near and dear to many of our business clients: validating credit card transactions. We’ve previously explored some of the pros and cons of various approaches for credit card validation in a recent post, and will take a deeper dive into the differences between validation and verification of credit card addresses in a future article. Here, we will explore how to handle some of the most common use cases for credit transactions.

Let’s dive in:

Q: If we use the credit card company’s Address Validation System (AVS), we get a much cheaper processing rate. But it is very strict about these addresses, and kicks back too many transactions that are actually valid – so we are losing business and customers. Help!

A: This is an extremely common issue. One reason is that AVS only compares the numerical portion of the street address, together with the ZIP code, to verify the address. If either of these numbers are off even a little bit, it will reject the address. Often this is a good thing – because it can protect you from, say, a thief using a stolen credit card to ship to a bogus address – but this can also reject legitimate customers.

A simple solution for these “false negatives” is to use our DOTS Address Validation – US service to validate the address at the time the customer enters it. This gives you the ability to inform the customer in real time about address errors, and also offer them a validated and corrected address from our CASS-certified validation engine, powered by up-to-date USPS address data.

You can either simply validate addresses that fail the AVS check, or even better, validate every incoming address to ensure correct shipping addresses and a clean contact database. Either way, this is a simple step that will help more of your transactions go through smoothly.

Q: We are suddenly getting a lot of chargebacks and fraudulent transactions. Ironically, a lot of these fraudsters are giving us credit card numbers that pass AVS. What can we do?

A: You’ve discovered the hard way that many crooks – identity thieves in particular – open fraudulent credit accounts with legitimate shipping addresses. Of course, they never pay the bill and make off with your merchandise. Chargeback or “friendly” fraud is another way people fraudulently obtain goods without paying for them.

A 2018 Gartner report outlined machine intelligence and online fraud detection (OFD) tools as being among the most promising safeguards against these kinds of fraud. Many customers use our DOTS Lead Validation service as an automated screen for the quality of potential customers, using tests involving over 130 data points that yield an overall lead quality score from 0 to 100. Tools like these can go a long way towards weeding out the bad actors before you ship your merchandise to them.

As a bonus, the detailed results provided by Lead Validation also helps you decide whether to simply reject an order or pass it along for further human verification, making it easier to save good orders that may have raised a red flag or two.

Q: We offer a subscription service or sell products on a payment plan, billed to a customer’s credit card monthly. Increasingly people have been defrauding us by signing up with a prepaid credit card with a low balance – so they get the goodies, but only the first payment gets made. How can we prevent this kind of fraud?

A: This problem is actually quite easy to solve, using our DOTS BIN Validation product. Its output contains a value called CardType that lets you detect and flag prepaid credit cards. Armed with this knowledge, you can create business logic with options like:

  • Let the customer know in real time that you do not accept this type of card for this product/service
  • Request another form of payment,
  • Offer only a pay-in-full option for this card type, or
  • Decline the order.

Q: Is there anything else we can do to prevent fraudulent credit transactions?

A: One more pro tip is to compare the customer’s shipping and billing address with the BIN Validation’s Country field, which lists the country of the credit card’s issuing bank and the country result from DOTS IP Address Validation lookup. If they are different, you can flag certain countries (e.g. those with high fraud rates) to decline the transaction immediately or ask for another form of payment.

So what are your questions?

We would love to hear from you. Of course, you can contact our product team anytime for a personal response – and if there is anything you would like to see us discuss in a future article, let us know. Thanks!

Three credit cards with Banking Identification Number showing

Credit Card Validation – BIN There, Done That

If you are involved in e-commerce, you probably know the importance of credit card validation. And if you work with Service Objects, you may have at least a passing familiarity with our DOTS BIN Validation service, which helps you fight fraud by checking the validity of incoming credit card numbers. But do you know how BIN validation works, or where it fits in the overall ecosystem of credit card verification strategies?

This is one area where knowledge is truly power. You see, there is no single “best” approach to credit card validation. If you use a strict approach to flag suspicious cards, you may also lose a lot of sales (and still have fraud issues). If you try to maximize your sales through more relaxed business rules, you may get eaten alive by fraudulent transactions and chargebacks – or even lose your merchant account and ability to do business. So knowing your business needs and your options are the keys to being an educated and protected credit card processing merchant.

It all starts with the number

Ever wonder why you can’t just make up 16 random digits and call it a credit card number? Because the various parts of this number each have specific roles, ranging from the type of issuer in the first digit, to a checksum digit at the end based on a mathematical formula involving the other digits. These 16 digits pack a lot of useful information about the card besides its account number.

Your first line of defense in preventing fraud lies with first six digits of this credit card number, commonly known as Bank Identification Number (BIN), but increasingly being called by the broader term of Issuer Identification Number (IIN). Under either name, here are some fun facts about the BIN, courtesy of Sapling:

  • Most true credit cards start with a 4 or 5, signifying financial institutions. But your American Express card starts with a “3,” because of its history as a so-called “travel and entertainment” card.
  • Other values of this first digit are reserved for other types of issuers such as airlines, gas stations, and retailers.
  • The next five digits are used to specify the issuing institution as well as the type of card, such as credit, debit or gift cards.

How to validate a credit card: the short course

What is the best way to validate a credit card? You would probably expect us to say “ours.” And often, of course, that would be correct. (We’re a little biased.) But we are just part of the best practices you should have in place to protect your business.  Let’s look at the pros and cons of different approaches, how they interact with each other and explain why we recommend BIN validation be part of your strategy for most applications.

Luhn Check

Remember that checksum we mentioned earlier? This is the simple algorithmic check that generates it. It is great for catching typos on cards and saving sales in real-time, and is generally built into most e-commerce platforms or easily added. This is your first line of defense and costs nothing. Good, immediate error messaging to your customer is the most effective way to save a sale from a bad typo. The Luhn check does little to protect you from stolen and fraudulent credit cards, as it is easy to create numbers that can fool this simple check.

Address Verification System (AVS)

AVS requires you to connect with the credit card companies, through their merchant processing portals to perform a real-time check. It compares the address on file for the credit card to the address entered at the time of the order. This is stronger than the Luhn check because it will flag cards where the address doesn’t match the one on file. However, it is prone to both false positives (most stolen cards are acquired with valid addresses) and false negatives (legitimate cards with user typos), where the risk of lost sales can outweigh its fraud prevention benefits.

(Pro tip: Our DOTS Address Validation suite, checks the validity of any address in the world and, if needed, corrects it. These validation services are often low-cost ways to guard against false negatives, where we can correct the address before submitting for AVS, helping preserve legitimate sales.)

Real-Time Card Validation

This check can normally be performed through the merchant processor with the card issuer, where the card is validated to ensure that the account is real, has not been flagged for fraud or theft, and that funds are available. This check is often used in parallel with AVS. However, this process can put a hold on a cardholder’s funds – particularly in the case of debit cards – and it does NOT provide guaranteed prevention from fraudulent cards from being used.

BIN/IIN Validation

Based on data returned from the BIN look-up, (brand, card type, sub-type, issuer, country), you can create business logic on how you want to handle each scenario, particularly high-risk ones. For example, you can:

  • Decline to accept pre-paid credit cards for a monthly subscription product (because they are finitely funded).
  • Flag an order for further review if the issuing country or bank is outside of accepted boundaries.
  • Review transactions where the issuer location raises suspicion relative to the customer address.

In cases like these, you have options such as asking for a different card in real-time, or escalating the issue to your customer care team to call the customer directly before shipping product or providing service.

The importance of credit card validation

It is important to note that whenever fraudulent cards are used, the merchant loses. The customer of a stolen credit card is not on the hook, and the credit card companies generally do not take the hit. However, the merchant is usually out the product or service supplied, as well as the resources it takes to discover the fraud and fight the credit card company. And if too many fraudulent transactions happen, you can incur higher processing fees, expensive chargebacks, or even ultimately lose your merchant account and your ability to do business.

But you can mitigate these risks with the help of a little automation – and we can help! Simply contact us, and we’ll be happy to help you create a personalized strategy for fighting fraud while maximizing your credit card sales.

Online Fraud is Growing. What Can Your Business Do?

What is one of the biggest growth industries in the United States today? Hint: It isn’t something most of you would want your kids to major in at school, unless you want them to go to the state pen instead of Penn State – because this rapidly growing industry is online fraud.

The costs of eCommerce fraud are staggering

Estimates vary, but recent figures from DigitalCommerce360 project the value of eCommerce fraud nearly doubling from US $10 billion to $19 billion between 2014 and 2018, as the eCommerce market continues to grow from a historic peak of US $2.3 trillion in 2017. One particular area of fraud, account takeovers, jumped 45% in Q2 of 2017 alone according to the Global Fraud Index, and these fraudulent pirated accounts represent one of the top three types of online retail fraud.

A subtle but equally important issue is what the fear of online fraud costs you and your business. According to a recent fraud benchmarking survey from CyberSource:

  • Domestic and cross-border orders have exactly the same rates of fraud among companies surveyed – just under 1% – however nearly twice as many cross-border orders get rejected, costing valuable revenue as well as damaging customer relationships.
  • The costs of manual transaction review are one of the major financial consequences of online fraud. Nearly 80% of companies conduct manual reviews, impacting an average 25% of their transactions – and yet nearly 90% of these transactions are ultimately accepted.
  • The costs of manual review hits smaller companies particularly hard, where companies under US $5M in annual revenue review nearly six times the percentage of transactions (47%) as companies greater than $100M (8%).

The uptake of all of this? Guarding against eCommerce fraud is really a two-pronged effort: reducing online fraud itself, and reducing the revenue lost to the indirect costs of fraud. For both of these issues, the key is implementing effective automated solutions.

Technology plays a key role in preventing online fraud

According to the CyberSource survey, companies themselves rate three technologies among their top weapons against fraud:

Address verification: making sure an address is real, valid, and corresponds with the person making the order

Credit card number verification: making sure a credit card is legitimate and properly owned

Fraud scoring models: coming up with a quantitative score based on multifactor analysis

Other tools fall into the category of leveraging existing customer data, such as credit history checks, customer order history, or two-factor phone authentication using previous device information on file.

Cyber-fraud is growing explosively nowadays because the market for it gets more lucrative every year, and combating it requires tools that keep you one step ahead of the fraudsters. Service Objects’ fraud prevention capabilities have the advantage of leveraging authoritative up-to-the-minute third-party data, such as USPS CASS Certified® address validation capabilities, global address validation that verifies and corrects international mailing addresses to the unique requirements of each country’s postal address formats and cultural idiosyncrasies, and IP validation that helps you ensure that the origin of an online order correlates with billing and shipping locations. In addition, we offer lead and order validation capabilities using multi-function verifications that give you a quantitative quality score you can use to automate your order processing decisions.

We offer a free consultation to help you determine what tools can help protect your revenue stream. Contact us today to learn what we can do for you.