2

Is there an Australian credit card address verification system?

We are trying to find out a way to verify the billing address we have matches the billing address on the actual card for anti-fruad.

cappuccino
  • 2,175
  • 5
  • 26
  • 48
  • 1
    From what I understand AVS is not available in Australia. You only have 3DS and the CVV as card holder verification/Authentication. – Claude May 13 '13 at 08:46

1 Answers1

-1

You would do that by performing a CV2/AVS check. The CV2 part of the check uses the Card Verification Value (CVV or CVV2, also refered to as Card Security Code or CSC). It's the three digit code (or four digits on Amex) from the back of the card.

That is captured at the time of the transaction, but not stored to disk. It should be passed through on the authorisation request, along with numerics from the billing address. These are eventually passed through to the card issuer, who validates the card and address match, then returns a value such as 'all details match', or 'address match only' etc.

Speak to your payment processor. Highly likely that they will support this feature.

PaulG
  • 13,871
  • 9
  • 56
  • 78
  • 1
    Yeah, we already use CVV or CVV2, however, it provides zero protection against fraud since payment processors give it zero weight in terms of evident against unauthorisation transactions. We want to verify the billing address since this would be on the statement and not the card, when its fraudulent, chances are the shipping and billing address don't match. Or the billing address provided does not match the billing address of the card holder. Unfortunately, while our payment processor does use CVV, they do not have a AVS system (NAB Transact) – cappuccino Aug 10 '12 at 02:29
  • Not sure why this has been downvoted. CVV2/AVS checking is the defacto standard for checking the address. The fact that the questioner's processor does not support this does not change this fact. @cappuccino. If you specifically need *liability shift*, then so far as I'm aware that can only be achieved by using SecureCode/Verified by Visa. AVS checking will not give you any liability shift for fraud. – PaulG Aug 22 '12 at 12:35
  • The CVV confirms *only* that the person making the order has got the physical card in front of him/her (it's the equivalent of checking the signature on a POS receipt with the one on the back of the card). *No conclusions can be made regarding the address*: an attacker possessing the card number, expiration date and CVV can make a valid order and ask for it to be shipped to an address that differs from the one of the cardholder. (Of course, if an attacker can obtain the CVV, there are some serious security problems in the application, but I think this is not the place to discuss about them). – Alessandro Menti Sep 16 '12 at 17:14
  • @elgaton. You're entirely right regarding *CVV* checking. However its most commonly used as a dual CVV/AVS check. The AVS part of the check works exactly as I described, taking the address numerics from the order, and ensuring they match with the numerics held against the cardholders account. Perhaps I need to clarify my answer – PaulG Sep 16 '12 at 17:22
  • @PaulG Yes, a clarification is useful as some providers (e.g. PayPal) differentiate between these two checks. – Alessandro Menti Sep 16 '12 at 17:24