Any business that accepts bank or credit cards for payment accepts some amount of risk that the transaction is fraudulent. However, for most merchants the benefits of accepting credit cards outweigh the risks. Conventional “brick and mortar” merchants, as well as mail order and telephone order merchants, have enjoyed years of business expansion resulting from credit card acceptance, supported by industry safeguards and services that are designed to contain and control the risk of fraud.
Credit card transactions are being utilized in a variety of environments. In a typical environment a customer, purchaser or other user provides a merchant with a credit card, and the merchant through various means will verify whether that information is accurate. In one approach, credit card authorization is used. Generally, credit card authorization involves contacting the issuer of the credit card or its agent, typically a bank or a national credit card association, and receiving information about whether or not funds (or credit) are available for payment and whether or not the card number is valid. If the card has not been reported stolen and funds are available, the transaction is authorized. This process results in an automated response to the merchant of “Issuer Approved” or “Issuer Denied.” If the merchant has received a credit card number in a “card not present” transaction, such as a telephone order or mail order, then the credit card authorization service is often augmented by other systems, but this is the responsibility of the individual merchant.
For example, referring now to FIG. 1, a typical credit card verification system 100 is shown. In such a system, a merchant 102 receives a credit card from the customer 104. The merchant then verifies the credit card information through an automated address verification system (“AVS”) 106. These systems work well in a credit card transaction in which either the customer has a face-to-face meeting with the merchant or the merchant is actually shipping merchandise to the customer's address.
The verification procedure typically includes receiving at the AVS 106 address information and identity information. AVS 106 is currently beneficial for supporting the screening of purchases made by credit card customers of certain banks in the United States. In essence, the bank that issues a credit card from either of the two major brands (Visa or MasterCard) opts whether or not to support the AVS 106 procedure. The AVS check, designed to support mail order and telephone order businesses, is usually run in conjunction with the credit card authorization request. AVS 106 performs an additional check, beyond verifying funds and credit card status, to ensure that elements of the address supplied by the purchaser match those on record with the issuing bank. When a merchant executes an AVS check, the merchant can receive the following responses:
AVS=MATCH—The first four numeric digits of the street address, the first five numeric digits of the ZIP code, and the credit card number match those on record at the bank;
AVS=PARTIAL MATCH—There is a partial match (e.g., street matches but not ZIP code, or ZIP code matches but not street);
AVS=UNAVAILABLE—The system cannot provide a response. This result is returned if the system is down, or the bank card issuer does not support AVS, or the bank card issuer for the credit card used to purchase does not reside in the United States;
AVS=NON-MATCH—There is no match between either the address or ZIP data elements.
While most merchants will not accept orders that result in a response of “Issuer Denied” or “AVS=NON-MATCH,” the automated nature of an online transaction requires merchants to implement policies and procedures that can handle instances where the card has been approved, but other data to validate a transaction is questionable. Such instances include cases where the authorization response is “Issuer Approved,” but the AVS response is AVS=PARTIAL MATCH, AVS=UNAVAILABLE, or even AVS=MATCH. Thus, the purchaser's bank may approve the transaction, but it is not clear whether the transaction is valid.
Because significant amounts of legitimate sales are associated with AVS responses representing unknown levels of risk (or purchases made outside of the United States where AVS does not apply), it is critical to find ways to maximize valid order acceptance with the lowest possible risk. Categorically denying such orders negatively impacts sales and customer satisfaction, while blind acceptance increases risk. Further, even AVS=MATCH responses carry some risk because stolen card and address information can prompt the AVS=MATCH response.
To address these issues, merchants have augmented card authorization and AVS results with additional screening procedures and systems. One such additional procedure is to manually screen orders. While this approach is somewhat effective when order volume is low, the approach is inefficient and adds operating overhead that cannot scale with the business.