In the popular ecommerce thread, some people talk of banning users from certain countries? Is this a common thing on many of your websites and if so which countries do you ban?
I'll be processing cards thruogh a gateway on my site and intend to make sure that all people entering details through the gateway have to use a CV2 number for the credit cards but is this enough to stop fraud?
I ban everything not North American, British or Western Europe. My target audience is primarily North American so the effect is minimal. I imagine its more difficult for those with more global products to sale.
Before I ran a ban list it wasn't really a hassle more than an annoyance for the occasional fraud attempts.
I agree: CVV2 doesn't stop fraud -- we found that out the hard way when a gang of credit card thieves in the Philippines used stolen cards to sign up for services. They had the whole shebang, and in many cases, had the addresses also. (We also did AVS.)
Many US-based sites I've seen absolutely will not ship to Nigeria or Indonesia due to an unfortunate amount of fraud originating from those countries. A few bad apples there have really spoiled it for *everyone* in those countries wanting to buy from the US. I believe this includes Amazon and CafePress, to name a couple of biggies, but they could have changed since last I checked.
Requiring CVV2 and AVS will, I think, help you in cases of fraud complaints, in the sense that you won't be hit as hard for chargebacks. You'll still get the chargeback and have to eat the cost if you shipped it on a stolen card, but I think that if you do CVV2 and AVS then *your* merchant fees don't go up as much. (At least, this is true for our merchant account/cc processor. Your terms may vary.)