|Verified by Visa and MasterCard securecode / AVS|
3D Secure, AVS, Fraud
We are in the process of implementing VBV/MSC, and have some questions for those of you using it
(which will be with no pop up)
1st a little about our business
We are US bases, and only ship to US
Currently we have AVS set to decline all orders unless everything matches.
only allow shipping to the billing address, AVS info has to be available, and we require CVV
Once passed, order automatically gets processed
With these settings for the last few years, we have almost no cc fraud.
We have it noted for our customers that want to ship to another address other then billing
to call their bank to add address or choose another one of our payment methods.
Our thoughts were to add VBV/MSC and verified customers can then ship to a different address,
loosening up on our AVS settings some, and require CVV
Problem is AuthNet you need to configure AVS centrally. It canít be done on a transaction-level basis
So customer could pass VBV/MSC, then get declined for not passing our AVS filters.
Almost seems best solution would be to have 2 AuthNet accounts
If the order verifies with VBV/MSC, it goes to #1 AuthNet account that as looser AVS settings
If it does not verify with VBV/MSC or is Discover or AMEX, then it
would go to our #2 Authorize.Net account with the strict AVS settings
Love to hear thoughts
specially Morocco, RedWolf, RailMan, jsinger, fraud master and justgowithit
Seems you want to scrub the account a bit more - which is good.
First can your shopping cart be configured to reject he orders if they fail AVS? That might be one possibility. For example, with LinkPoint, they send back a three digit code for the AVS, CVV and another. Our cart is set up so that if the AVS does not match, the order is flagged for further scrubbing.
From a few months ago on studying VBV / MSC:
Now what you need to really know is this: If the credit card is Visa, and the cardholder is not enrolled in VBV, you can still be protected (as long as the transaction is not one of the above). However, if the cardholder is in the United States with a MasterCard and not enrolled, you are not protected. The MasterCard cardholder in The United has to be enrolled and authenticated for you to be protected.
Having two authorizenet.com accounts, I am not exactly certain if that is possible because of the MIDs / TIDs, interrchange and the platform.
Add VBV / MSC can help with some chargebacks, but sales that use the "one-click buy" technologies are usually not protected either.
There are other methods to on scrubbing the transaction, like using MaxMind. It depends really on what your chargebacks are and what you might actually be trying to protect yourself on.
I am familar with you from posts on #*$! Forums, and read your blog a few weeks ago on "Things You Should Know"
Thanks for taking the time to reply to my post..
Problem with getting to AVS is you need to process a live authorization - thus the dilema
I have not dealt with Authorizenet.com unfortunately too much. I am surprised though they do that that way - or do you mean live transaction as real time? (I am thinking live transaction as a sale and not a pre-authorization.)
You can ship to different Bill To and Ship To's using VbV/MCSC.
The AVS is only going to verify the Billing Address and not the Shipping. If a transaction fails AVS the issuer just may not authroize the transaction, so regardless of whether they authenticated themselves or not you may not be bale to get paid on the order.
AVS is also a requirement for VbV/MCSC for the rate reduction and protection
Corey - there is a good post
search google for "How to improve AVS - check THEN charge"
You need to run a dollar amount to get to AVS..
Morocco, you are correct
But I don't think you follow my post...
or missed this line
"Problem is AuthNet you need to configure AVS centrally. It canít be done on a transaction-level basis"
If we could have one set of AVS settings for verified VBV/MSC transactions
and another for all other transactions, then we would be ok
Do you follow?
You can do that - a pre-authorization. A lot of the larger companies do it. Just remember about the transaction costs but that is sometimes minimal compared to what can happen.