The Address Verification Service (AVS) validates a credit card transaction when neither the card nor the cardholder is present by verifying the cardholder’s address against the records of the card issuing bank. The AVS was created in response to a need to deter fraud and ensure accuracy originating from the rise of mail order and phone order businesses and fomented by the proliferation of 800 number services who took orders by phone exclusively by credit card.
Prior to the start of the AVS, phone operators were only required to obtain from the cardholder his name, his credit card number and the card’s expiration date. If the name and number matched, the expiration date was correct, and the card number was not on an updated list of stolen, missing, cancelled or over-limit cards, then the transaction was approved. It didn’t take long before savvy criminals took advantage of the grey area and began exploiting it.
To combat this problem credit card companies increased security requirements by instituting the Address Verification Service to compare the address provided by the customer with the billing address on file with the card issuing bank. They also began refusing to ship merchandise to third parties unless the cardholder or the card was present. If the information matches and the card is not over its limit, the transaction is issued an approval code and the exchange takes place. If the information does not match the merchant is informed and the transaction may be cancelled.
On the merchant’s records (in the query section of the Merchant Reporting area) a tabulated score from the issuing bank shows how well the information matched. If the information does not match or the matching tabulation is marginal or low, this is not an absolute indicator of a fraudulent transaction. A low or marginal score, or even a complete mismatch, simply reflects a greater likelihood of a fraudulent transaction.
There are a number of reasons a mismatch could occur. As it presently works, the AVS system compares two facets of the provided information – the numerical street address given and the zip code. While reciting your address is rote for most people, there are several steps along the process where human error can occur. A mistake can be made by the card holder, by the person taking the information, or by the person entering the information into the computer. And as foolproof as electronic data transmissions are today, electronic mistakes can still occur in the thousands of miles between touch points. If the address verification system fails to match the information, the system issues a VOID on the transaction notifying the merchant that although the account is open and in good standing, the information provided does not match the information on file.
While all major credit cards are supported by the AVS System, not all credit card issuers are participants in the system. Holders of certain credit cards issued by non-participating banks are sometimes met with “Service Not Supported” and sometimes “This Service is Not Available” which means that the issuing bank is not a subscriber to the AVS system and therefore no match is possible. When this is the case merchants may not approve the purchase unless the card holder and the card are physically present in his place of business.
Online transactions have attempted to deal with this situation by separating the billing and shipping addresses on the checkout page. In this manner, a valid account in good standing will be approved by submitting only the billing address to the AVS. Many merchants, eager for customers, have taken to shipping materials to third party addresses as long the billing address is confirmed, even though the rate of “no delivery” claims is somewhat higher. In addition, a lot of websites require an extra fee to process an order which is being shipped to an address other than the billing address. These extra fees help to offset the increased costs of fraud. While the AVS is not a foolproof method of verifying the honesty of the card user, it goes a long way to stopping some of the more elementary forms of credit card fraud and may ultimately be used by all credit card issuing banks.