Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: buckworks
These temporary auths tend to really freak people out, and I'm working on a filter to cut down on AVS declines by simply not submitting duplicate information to the gateway. I've read that the street address check is numeric only; only the first "x" numbers in the street address are used in the AVS check.
So my question is: how many digits are significant in address checks, and are there any agreed-on for rules picking which are used? E.g.:
123 9th Ave Apt 45D
For example, LinkPoint has a setting that will block the same credit card number and the same amount for XX amount of time. I usually have my clients set this for about 20 minutes, depending on what they are selling.
We get AVS match errors on a fairly high percentage of perfectly straightforward addresses where, when we later call the issuing bank directly, they tell us that address information was correct.
Speaking of authorize.net, we just affirmed the fact that we're at least occasionally getting a no match on the security code due to wrong expiration dates. Makes no sense to me. I guess "always" doesn't even encompass attempting to match 3 digits to 3 digits.
That's a good point. For something mission-critical for ecommerce, it is bizarre how unpredictable and unreliable the system is. Especially for Visa/MC debit cards.
I can't find any electronic specs for how AVS requests are packaged off to issuing banks- maybe it's a paper-docs-only kind of thing. Given the lack of that it looks like the safest thing to do is to consider all numerals in the street address for my purposes.
I did implement an AVS response cache in my checkout process, and have been running in production for a month now. The site is medium volume (< 1000 transactions/day) and it's been running great. We used to get at least one temporary authorization-related freak-out email a day. In the entire past month, we've received only 2.
I've settled on a cache lifetime of 8 minutes. This has been blocking all the real duplicate declines (average of 4, 30 to 90 seconds apart) but not so long as to interfere with a customer correcting their address with their card issuer. (Confirmed this w/ 2 customers.)
All said I'd recommend the approach to anyone with a custom cart and real-time auth/capture w/AVS.
Almost nobody knows the 9 digit zip code which was annoying shoppers and the actual address seems to be even harder to get assuming you know exactly how the bank has it on your bill. Seems silly but it impacted about 20% of our customers when we have AVS on full tilt and lowering AVS didn't increase fraud at all.
As a matter of fact, the few frauds we ever have do better at getting past AVS than the actual customers :-)