Address Verification Service Prevents Chargebacks
The only effective way to stop true fraud chargebacks is to prevent fraud in the first place, and one of the most often recommended anti-fraud tools is Address Verification Service, or AVS. It works by matching the address provided by the customer against the cardholder’s address on file with the card issuer, where a discrepancy would indicate possible fraud. This can work well as a frontline defense against stolen cards, but it won’t catch every fraudster, and using it too restrictively could block out some legitimate transactions. How should merchants use AVS in their strategy to fight fraud and chargebacks?
Merchants and customers are quite accustomed to various degrees of AVS matching. We’re used to entering our full billing address at the online store, but the gas pump just gets our ZIP code. Who decides how much address needs to be verified? The merchant—although the banks may try to influence things in a “safer” direction with higher processing fees for unverified transactions.
If you’re dealing with a high rate of chargebacks resulting from true fraud, it’s worth taking a look at how your AVS is set up to see if it could be doing a better job of filtering out the fraudsters.
How Does AVS Work?
Mastercard originated AVS, but it is offered by all of the major credit card networks. It is activated when the transaction is being authorized. The cardholder provides an address which is entered into the merchant’s payment gateway, and AVS compares the numeric parts of the address—the street number and ZIP or postal code—to the address on file, and generates a code. This code indicates whether there is a complete or partial match, or if matching is impossible due to lack of support from the issuing bank or some other error.
The merchant can then use this code to decide whether or not to proceed with the transaction. Usually, this decision is made automatically according to rules the merchant set in their payment gateway. Merchants with a lot of international customers, for example, might want to allow the response code that indicates no AVS support from the issuer, since AVS isn’t widely available outside of the United States, Canada, and the United Kingdom. This process occurs during the standard authorization communications and does not delay or disrupt successful transactions at all.
What are AVS’s Strengths and Weaknesses?
What AVS is very good at is stopping what you might call “traditional” credit card fraud: a fraudster who has stolen somebody else’s physical payment card, or one who has made a copy of the visible card information—the cardholder’s name, card number, and expiration date.
In most cases, the fraudster will have no idea what the cardholder’s billing address is. They might be able to make an educated guess as to the ZIP code, but there’s not much chance they’ll get the street number right. AVS will come back with a mismatch code, the merchant will decline the transaction, and fraud is averted.
Unfortunately, there are plenty of scenarios in which a fraudster will have access to the card’s billing address. Data breaches often include full customer payment credentials, people steal cards from people they know, and determined fraudsters can search public records for their victims’ addresses. It’s not hard to imagine ways to get around it. Still, it presents fraudsters with an obstacle to get past, and without it, a lot more fraud would surely occur.
Does AVS Ever Block Real Customers?
Most customers will never have an issue with AVS. If they enter their address incorrectly and the transaction is declined, the merchant can simply allow them to correct it and try again. However, there are some circumstances where, depending on how restrictive you’ve made the settings in your payment gateway, some legitimate customers might not be able to get past AVS:
- They don’t know their billing address. Maybe they signed up for the card a long time ago under an old address and haven’t used it until now. They’ll have to sort this out with their bank before they can proceed.
- Their bank doesn’t support AVS. This might be the case for many of your international customers, or customers using pre-paid debit cards. You can adjust your AVS setting to allow the response code that is causing these customers to be declined.
- AVS can’t recognize the numbers provided because of an apartment number or non-standard address in the information on file. In rare cases, the customer may be entering a “correct” address, but it doesn’t match because the issuer has it entered differently in their database. Again, the customer may need to talk to their bank to get this fixed.
For every merchant, the decision as to how permissive or restrictive to set their AVS matching requirements depends largely on their customer base, but also on how much risk they’re willing to take on. Accepting mismatched or AVS-unsupported transactions can not only cause you to incur higher interchange fees, it also greatly increases your exposure to fraud and chargebacks. On the other hand, few merchants require the highest level of matching—the full nine-digit ZIP code.
AVS is only meant to be one of many tools in your arsenal against fraud. You can’t rely on it to stop sophisticated forms of fraud, but at the right settings, it can effectively screen out the low-effort fraudsters.
The right AVS settings will vary from merchant to merchant. For most ecommerce merchants who aren’t part of high-risk industries, requiring a close match will pose no problem for the vast majority of their customers. When you’re fighting a friendly fraud chargeback, proof of an AVS match an serve as compelling evidence in your favor—especially if the purchase was shipped to that same address.
In terms of chargeback management, deep data analysis can show you the AVS response codes that are causing you the most trouble, as well as which ones you might be blocking unnecessarily. An experienced chargeback management firm can help you integrate your AVS polices and processes into an overall strategy of stopping fraud and maximizing revenue.