Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: buckworks
Your merchant account provider has a lot of say in this. Our current provider requires the number and requires a match. No match = declined. It is not optional. I also have discount rates as good as one can ask for. We meet the highest standards, that is part of getting the best rate.
Other providers make the CVV optional. You can ask for it or not; require a match to complete the order or not. Expect to pay higher fees whether actual fraud occurs or not.
Yes, it will reduce bogus orders if required. Users of stolen numbers that do not have the CVV will move on.
IMO, the requirement is good as a temporary measure only. Stolen card numbers is a business. Lots of ways for your CVV to be breached. Just a matter of time until it is SOP for the bad guys; if not already.
I would go with the highest standard available, understanding that that isn't necessarily saying a lot. It it my understanding that the US is way behind the world on CC fraud, but do not claim expertise. Just set the highest standard that you can.
Despite massive fraud, most people still don't care much about it. Plenty of customers that won't give us an email to save their life - but don't blink at giving us access to the rest of their life.
Most of our products/niches fall outside the usual fraud target products and services, so less day-to-day concern than many people here have to deal with.
Despite massive fraud
There's no massive fraud. We haven't taken a bad card in years. There are some fraud ***attempts*** which almost no one falls for.
We meet the highest standards, that is part of getting the best rate.
Does "highest" standards mean making perfectly good customers jump thru hoops in order to make purchases? We don't require CVV, we will ship to separate ship/bill addresses, we happily take virtually any USA email domain. Still near-zero fraud rate. Note that we only ship within the USA but even that's not primarily to reduce fraud.
joined:Dec 10, 2005
If just the number is stolen, the thief can easily find the real CVV number in a maximum of 999 tries just by brute forcing tries (try at site A with CVV of 000, site B with a CVV of 001, etc.). Once he finds the CVV, he's good to go.
If the credit card companies actually did some sort of tracking of "CVV scanning" like this and creating a fraud alert after x number of attempts and blocking ANY use of that card until verification from the card holder, THEN I might be impressed. But that would actually cost them money to implement a system like that, so it ain't gonna happen. It's much easier/cheaper for them to keep the burden/cost of fraud on the merchants.