The vast majority of different articles regarding topic online fraud with credit cards recently has appeared in online and print publications. They say that payment by credit card for goods and services via the Internet could have once inevitably results like theft of data or financial losses for owner.
The opinion that to live in the world where everything works to simplify people’s lives considered to be wrong. The thing is that credit cards seems really straightforward in usage is still has truly complex system for cardholders that could reveal unexpectedly numerous pitfalls. In addition to such well-known security elements as PIN code, magnetic stripe, the owner's signature pattern, card number and expiration date, there is still some security code which consists of three or four digits on the back of the card. It is called CVV2 Code. There are transaction secure mechanisms offered by payment systems, such as the CVV2 / CVC2 response codes and for certain types of cards, the AVS code (Address Verification Service) that determines the validity of the billing address of the cardholder.
What is CVV2?
As far as CVV2 code is concerned, as a rule it is situated in the back side of the card on the signature strip or above it. In order not to get confused in the terminology, let's just say that similar security mechanisms on the cards of different payment systems have different names. For example, CVV2 for VISA cards, CVC2 for MasterCard and CID for American Express cards. It is possible to find some other codes also for other types of plastic cards. However, their role in any payment system remains unchanged. Cardholder could make an Internet payment or any other transaction without showing a card. Such an easy way to carry out remote payments makes the CVV2 code an easy prey for scammers.
What is AVS?
There are many ways to improve the security of the transaction, one of which includes using the VISA Address Verification System (AVS) method. The customer is asked for the parameter of Cardholder Billing Address which is sent in authorization requests to the issuing bank for verification. In order to the AVS response codes method will be applied, it is necessary that the Cardholder Billing Address parameter become supported in authorization requests transmitted by the serving bank to the card issuer. Few years ago AVS codes were supported only in American VISA system banks. However, since 2001, The VISA system becomes wide-spread, popular and demanded due to that fact it suggests to the banks on an optional basis to introduce special changes in the authorization requests of the servicing bank in order to support the AVS (VISA International Address Verification System) method. It does not come as a surprise that AVS technology has been successfully used for several years in the American market of plastic cards and now, this method is mandatory for banks in the UK. As for Address Verification Service has special scheme that anticipates that customer for delivery of card account statements stored in the bank that issued the card, with the address of delivery of the goods that was indicated at the time of the transaction in the electronic store. If the addresses did not match with the electronic store, it would signal that the transaction has an increased risk.
To understand how it could be happened in the real life and what consequences might be, it is better to illustrate this topic with the help of one accident. The problem is that one Russian hacker was able to open database of 300,000 records in 2000. He demanded a ransom of $ 100,000 for keeping the secret about the incident and received a refusal in return. As a result, some of the stolen card numbers were displayed on the Internet for general review. The special services involved in the investigation of this case noted the extremely high professional level of the hacker. He opened the database using the methods known only to professionals in the field of information security. In addition, the criminal was so skillfully concealed the traces of his presence on the website that the only thing that could be established that he acted using the Russian IP-address.
To sum up, it worth mentioned again that online stores are considered to be the most tempting stuff for scammers in terms of using stolen credit card details. It can be used for such reasons like to purchase goods or to provide the payment for virtual services (for example, hosting, access to paid information, etc.). However, shops as well as electronic payment systems take measures to counter fraud. Antifraud protection is a certain set of filters and rules, if the transaction satisfies these rules, it is skipped. Otherwise, it will be rejected. Such filters can feature upper mentioned CVV2 and AVS.
Address Verification Service (AVS) codes
|A||Street address matches, ZIP does not||Street address and 5-digit ZIP match||Address only Matches||Address and ZIP match|
|B||Street address matches, but ZIP not verified.||Not applicable||Not applicable||Not applicable|
|C||Street address and ZIP not verified||Not applicable||Not applicable||Not applicable|
|D||Street address and ZIP match (International Only)||Not applicable||Not applicable||Not applicable|
|E||AVS data is invalid or AVS is not allowed for this card type.||Not applicable||Not applicable||Not applicable|
|F||Street address and postal code match (UK Only)||Not applicable||Not applicable||Street address matches, card member name does not match|
|G||Non-U.S. issuing bank does not support AVS.||Not applicable||Not applicable||Not applicable|
|I||Address information not verified for international transaction||Not applicable||Not applicable||Not applicable|
|K||Not applicable||Not applicable||Not applicable||Card member name matches|
|L||Not applicable||Not applicable||Not applicable||Card member name and ZIP match|
|M||Street address and postal code match (International Only)||Not applicable||Not applicable||Card member name, street address, and ZIP code match|
|N||Street address and ZIP code do not match||Street address and ZIP code do not match||Street address and ZIP code do not match||Street address and ZIP code do not match|
|O||Not applicable||Not applicable||Not applicable||Card member name and street address match|
|P||Zip code matches, street address unverifiable due to incompatible formats (International Only)||Not applicable||Not applicable||Not applicable|
|R||System unavailable, retry||System unavailable, retry||System unavailable, retry||System unavailable, retry|
|S||AVS not supported||AVS not supported||AVS not supported||AVS not supported|
|T||Not applicable||Not applicable||9-Digit ZIP matches, street address does not||Not applicable|
|U||Address information unavailable. Returned if the U.S. bank does not support non-U.S. AVS or if the AVS in a U.S. bank is not functioning properly.||Address information unavailable||Address information unavailable||Address information unavailable|
|W||9-Digit ZIP matches, street address does not||9-Digit ZIP matches, street address does not||9-Digit ZIP matches, street address does not||Card member name, ZIP, and street address do NOT match|
|X||9-Digit ZIP and street address match||9-Digit ZIP and street address match||9-Digit ZIP and street address match||Not applicable|
|Y||5-Digit ZIP and street address match||5-Digit ZIP and street address match||5-Digit ZIP and street address match||5-Digit ZIP and street address match|
|Z||5-Digit ZIP matches, street address does not||5-Digit ZIP matches, street address does not||5-Digit ZIP matches, street address does not||5-Digit ZIP matches, street address does not|
CVV2 Response Codes
|N||CVV2 not match.|
|S||Service not supported or CVV2 not present on the card.|
|U||Service not available|