Card payments CNP - use of AVS
Discussion
We had a discussion at work today regarding the use of AVS (address and postcode verification) checks on customer not present transactions.
We do very very few, maybe 6 a year, but we have the added advantage of already having the customer addresses on file for a different reason. This is both an advantage and a disadvantage as usually we are asked to allow balances to be paid or goods to be paid for by a third party but then collected.
My instructions are that any CNP transaction must have a card registered to the address we already have on file and that full matches must take place during the transaction and that we only do a deposit like this to allow full card disclosure on collection. We don't take orders without deposits and bear in mind they are not usually compete strangers to us.
Specifically we must not ask for the registered address during the transaction as if it's a cloned card they will give the address that matches the" new" card and hey presto it all matches.
However it has been pointed out that mostly this is not how it's used. Generally it is accepted to ask for the registered address at the point of transaction as the likelihood of a fraudster having the registered address is low and if the is no match there is no transaction. This appears to be common practice with the likes of takeaways etc
I don't believe there is any guarantee of the transaction by having "all match" but that it is a reasonable defence.
I shall ask Streamline tomorrow on its "correct" use but I wondered what others did.
We do very very few, maybe 6 a year, but we have the added advantage of already having the customer addresses on file for a different reason. This is both an advantage and a disadvantage as usually we are asked to allow balances to be paid or goods to be paid for by a third party but then collected.
My instructions are that any CNP transaction must have a card registered to the address we already have on file and that full matches must take place during the transaction and that we only do a deposit like this to allow full card disclosure on collection. We don't take orders without deposits and bear in mind they are not usually compete strangers to us.
Specifically we must not ask for the registered address during the transaction as if it's a cloned card they will give the address that matches the" new" card and hey presto it all matches.
However it has been pointed out that mostly this is not how it's used. Generally it is accepted to ask for the registered address at the point of transaction as the likelihood of a fraudster having the registered address is low and if the is no match there is no transaction. This appears to be common practice with the likes of takeaways etc
I don't believe there is any guarantee of the transaction by having "all match" but that it is a reasonable defence.
I shall ask Streamline tomorrow on its "correct" use but I wondered what others did.
Edited by DKL on Tuesday 4th January 20:44
Taking payments over the phone is always an interesting one. Nine times of ten for us this is for goods being sent out for delivery via courier.
If its anything of value (some transactions can be £1000+) and someone I don't know, I will want a full AVS match, and will only deliver to the matched card registered address - all our deliveries go out with DHL so fully tracked.
If they want it to go to a different address they can order through our website - but of course a scammer can't as they don't have the 3D secure passcode or phone authentication etc.
At least three or four times a year I get a phone call from the same scammer - he has a really whiny Mancunian accent, and will try to buy something of value, usually a Lay-Z-Spa or Robotic Pool Cleaner on a stolen card. I can pretty much recognise his voice now.
My other line of defence is to google map satellite search the postcode, and see if there is a pool in the back garden. Have done that while someone has been talking to me many a time.
If its anything of value (some transactions can be £1000+) and someone I don't know, I will want a full AVS match, and will only deliver to the matched card registered address - all our deliveries go out with DHL so fully tracked.
If they want it to go to a different address they can order through our website - but of course a scammer can't as they don't have the 3D secure passcode or phone authentication etc.
At least three or four times a year I get a phone call from the same scammer - he has a really whiny Mancunian accent, and will try to buy something of value, usually a Lay-Z-Spa or Robotic Pool Cleaner on a stolen card. I can pretty much recognise his voice now.
My other line of defence is to google map satellite search the postcode, and see if there is a pool in the back garden. Have done that while someone has been talking to me many a time.
Gassing Station | Business | Top of Page | What's New | My Stuff