eCommerce businesses should use two built-in card security features when accepting card-not-present (CNP) transactions. When a transaction is submitted to the card payment processor, the authorization approval or decline response is able to determine three things: if the card is in good standing, if the card has been reported lost or stolen and if there are funds available to make the purchase. This approval or decline response is separate from two other responses that are available as card security features: address verification and the card verification value that is only printed on the physical card.

Address Verification Service (AVS) compares the address information that the cardholder provides during checkout to what is on record for that card number at the issuing bank. There are many possible AVS responses, including match, partial match and no match. Merchants can use this information to build rules around whether or not to proceed with the transactions based on their own risk tolerances.

The Card Validation Value, also known as CVV2​, refers to Visa's verification code, while CVC2 refers to MasterCard's Card Verification Code. Visa and MasterCard use a three-digit security code found on the back of an issued card. This service is designed to determine if the person using the cards actually has the card present. Again, possible responses include match, no match and issuer not certified.

Furthermore, the AVS and CVV responses are separate from the approval code, so it's possible to get an authorized approval but a no match on the AVS and CVV responses. In this case, the card has been authorized and your internal policies and systems need to make the decision of proceeding with the sale and shipping merchandise, voiding the authorization and not honoring the sale, or pulling this transactions out as an exception to do additional customer validation until you feel comfortable with proceeding. 

"Telephone order, mail order, and Internet businesses are perfect targets for bank card scams because the card and the cardholder are not present, making fraud more difficult to detect," Visa writes. "To protect your business and your bottom line, you need to employ the right combination of controls to reduce exposure to fraud."

Do you want to keep your eCommerce business's CNP transactions secure? If so, contact Vantage Card Services today to learn about our safe solutions for eCommerce billing. You can follow this link to learn more about AVS and CVV2 security measures.