A common indicator of online credit card fraud is when a shopper uses a billing address that’s different from the address linked to the credit card at the owner’s bank. This is often a sign that the shopper is using stolen or fake credit card information.
That’s why most major credit card companies use an address verification service system to weed out online fraudsters by catching mismatches between given and registered billing addresses.
So exactly what is an address verification service? How does it work? Why do marketplaces and banks use this system? And what limitations do these institutions have to consider when using AVS? The answers to these questions will be discussed below.
An address verification service, or AVS, is a system provided by major credit card companies to combat card-not-present (CNP) fraud. It involves checking if an online shopper’s billing address matches the address tied to their credit card that’s on file with the card owner’s financial institution.
AVS is only available with certain credit card providers, and only in certain countries. Currently, major credit card companies like Visa, Mastercard, American Express, and Discover offer AVS services in the US, Canada, the UK, Australia, and New Zealand. It’s important to note that AVS only works within the country where the cardholder lives, and cannot be used to verify foreign credit cards.
AVS is a tool for detecting discrepancies between what an online shopper claims their billing address is and the address officially registered with the credit card they’re using. If there is a mismatch, it may indicate that the shopper is using stolen or fake credit card information.
This system protects both customers and merchants in different ways.
The AVS allows merchants and banks to detect and block low-effort attempts to use customers’ stolen credit card details. This saves customers from having fraudulent transactions made in their name, and from having to file chargebacks to recover their money.
The AVS helps merchants and banks detect and block fraudulent transactions before they go through. This, in turn, helps them avoid dealing with chargebacks that cost them both money and the trust of financial partners.
At the very least, the AVS allows a merchant or bank to check the IP address a customer is using to access the institution’s website against the customer’s given billing address. A large discrepancy in distance between the two addresses might point to fraud or other financial crime.
AVS systems works by comparing an online shopper’s billing address with the address registered to their credit card at the card owner’s financial institution.
In some cases, the credit card provider will automatically decline a transaction if the AVS check fails. Otherwise, it lets the merchant know the result of the check, and then the merchant has to decide what to do with the transaction in light of this information.
An address verification service check works like this:
During the check, the cardholder will receive an authorization charge on their account, and a hold will be put on the funds required for the payment. This is usually cleared up within 5 to 7 business days by the cardholder’s financial institution. However, it can sometimes last up to 30 days, and require cardholder action to investigate and resolve the issue.
AVS systems use single-letter codes to denote how close a match there is between an online shopper’s billing address and their credit card’s actual registered address. Since each credit card company operates its own AVS, the specific codes used are not universal; however, many companies use the same generic system - and in some cases, the same codes.
Below, we outline the AVS response codes for the main credit card providers. Keep in mind that when dealing with another credit card provider, these codes may change slightly.
As helpful as the AVS can be in detecting fraudulent purchases and chargebacks, it’s by no means a foolproof system. There are situations where it can offer little to no protection, such as when:
In addition, there are times when the AVS can accidentally flag or even decline a legitimate cardholder’s transaction. This can happen when a customer:
This is why financial institutions and online marketplaces that use the AVS should caution their customers to be very careful about correctly entering their billing addresses at checkout.
Similarly, they should advise customers to keep addresses tied to their financial accounts up-to-date to avoid confusion. Finally, they should explain the authorization charges and financial holds that may need to be cleared up because of AVS, especially if a transaction is declined.
Because of its limitations, the AVS should be used by marketplaces and banks as just one part of a multifaceted anti-fraud/AML system. For example, these institutions should look at other transaction data points that may indicate illicit online shopping. These could include unusual shopper email addresses, as well as suspicious shipping addresses that may be used as drop points for controlled or ill-gotten items.
With data monitoring, teams can analyze not just transactions, but a variety of different user activities - offering further insights into user behavior and improving the team’s abilities to detect and prevent fraud.
Unit21’s fraud detection tools provide more thorough detection of – and protection against – other indicators of CNP fraud. Book a demo with us today to see them in action.