Using Your Address Verification and Card Verification Settings
Each credit card gateway (ie. Authorize.net, PayJunction, Paypal) has methods in place to evaluate the trustworthiness of credit card transactions.
We recommend that you take time to understand how your gateway provider's Address Verification (AVS) and Card Verification (CVV) settings work and what options you have. Each gateway works a little differently.
MightyMerchant connects to these gateway systems and allows you to view the AVS and CVV values for each transactions from within the MightyMerchant Site Manager. This is an important functionality that you will want to utilize.
Note: the PayJunction gateway reports limited AVS information for approved transactions so the usefulness of this feature is minimized.
AVS and CVV Defined
Address Verification System (AVS) : The Address Verification System compares the zip code and/or numerical part of the billing address the customer has provided with the address on file with the bank for that card.
Card Verification Value (CVV, or sometimes referred to as CVV2 or CVC) : Card verification values are three or sometimes four digit security codes that appear on credit cards.
Configuring Your Gateway's AVS and CVV Settings
Each payment gateway has AVS and CVV settings. It is important to familiarize yourself with your current settings and the options available to you so you can decide which settings are best for you. We recommend that you take the following steps:
- Review your payment gateway provider's AVS and CVV documentation
- You should be able to pull the documentation up by doing a Google search for a phrase like "PayJunction AVS settings" or "AuthorizeNet CVV settings" or you can usually access the docs after logging into your account.
- Log into your payment gateway.
- Review and adjust AVS and CVV settings.
Our general suggestions are:
Reject all orders with a CVV mismatch. A CVV mismatch means the customer likely does not have the card in their hand when making the purchase.
Allow orders through with an AVS mismatch and then evaluate the orders in your Site Manager to decide if you want to accept them. If you opt for this approach, please note our STRONG warning in the next paragraph.
Warning: You only want to allow orders to be authorized with an AVS mismatch if you understand how the AVS system works and you are willing to review the orders in the Site Manager and evaluate those orders flagged with an AVS mismatch. If you do not want to review your orders and evaluate those that are marked as an AVS mismatch then you should set your gateway settings to reject orders that do not have an AVS match.
Viewing AVS and CVV Codes in MightyMerchant
- Go to your Orders list in the MightyMerchant Site Manager.
- Scan down the Billing Status column on the right side of the page.
- If any orders display a yellow or red code beneath the Billing Status, hold your cursor over the code and view the error message.
- Determine whether you want to take further action before accepting the order. If you don't want to accept the order, you should void it.
Evaluating Your Risk for Fraudulent Orders
Depending on your risk for fraudulent orders, you may want to make your AVS and CVV2 settings stricter, or less strict.
There are multiple factors that may contribute to your risk. We recommend that you use the following list as a jumping off point to evaluate your risk:
- The type of products you sell -- consumer products that can be easily resold are generally a higher target for fraudulent activity than niche products that are not as easy to turn around and re-sell.
- Order volume -- a high order volume on your site can mean you are more at risk simply because you have more transactions to screen.
- Your time and inclination to screen your orders -- If you have no time or are not inclined to screen your orders, you probably want to adjust your settings more strictly.
Adjusting Your AVS and CVV Settings
If you feel that the strictness of your current settings is not in line with your level of risk, you should adjust your settings.
Why might I choose to opt for less strict settings?
There are many legitimate reasons why an AVS mismatch may occur. These include:
- Customers who have recently moved entering a new address that is not yet on file with their credit card provider
- Customers who mistype their address
- Customers who accidentally input their shipping address as their billing address
- International customers whose credit cards do not support AVS
If you feel that you are at low risk for fraudulent orders, you might choose to opt for less strict settings so that you are better able to capture legitimate orders with AVS mismatches.
The primary purpose of CVV filters is to make sure that the person placing the order has possession of the card. Aside from user error (mistyping the number), a CVV mismatch is generally a good warning flag for fraudulent activity.
For most small businesses, CVV filtering and a vigilant eye can filter out most fraudulent orders, while helping ensure that legitimate orders are fulfilled.
Placing Test Orders
Now that you have adjusted or confirmed your AVS settings, you should place test orders to run through several AVS and CVV scenarios and familiarize yourself with the messaging that shows for customers and in your MightyMerchant Orders Manager. We recommend taking the following steps:
- Place the following test orders:
- Place an order with a live card and a bogus address.
- Place an order with a live card and a bogus zip code.
- Place an order with a live card and a bogus CVV.
- Note any warnings or other messaging that appear as you try to check out with bogus information.
- Navigate to your Orders Manager in your MightyMerchant site manager by clicking "orders" at the top of the page.
- Locate your test orders in the Orders Manager, and note the information displayed in the billing status column for each test order.
- If you use a Payment Gateway that provides AVS/CVV information to MightyMerchant, the AVS and CVV results will show in the MightyMerchant order manager. You'll see this information in the billing status column as colored letters next to the payment method. To view a more detailed explanation of what each letter means, simply hover over the letter with your cursor. The color Red indicates a serious mismatch, Yellow indicates a warning, and Green indicates a match.
If any payments for your test orders have gone through, you will likely want to void or credit those orders. To do so, please follow our instructions on how to Void an Order.
Assessing Incoming Orders for Fraud Indicators
Your AVS and CVV settings will do some of the work, but it is ultimately your responsibility to keep a vigilant eye on your incoming transactions to avoid fulfilling fraudulent orders.
Please visit our article on Preventing Order Fraud for more information on fraud indicators and steps you can take if you think you've identified a fraudulent order.