Re: [uk-netmarketing] Re: Offline Verification of Credit Cards

[Ben Thompson]

On Mon, Feb 12, 2001 at 02:23:48PM -0000, Ken Cowley wrote:


> In the US AVS (address verification) is available on the card network -

> matching first address line and zipcode against what is held by the issuer.

> Similar for Europe has been on the cards (sorry!) for ages. To utilise this

> you must feed transactions into a US acquirer as a Uk acquirer will simply

> pass what is accepted by the UK network over to the US.


Actuall,y it checks zipcode (both the 5 digits cards we see and the complete 9 digit codes) (note numbers only) and any house numbers in the first line of the address (again numbers only, it deletes any letters from the line before sending the data off). This is why address verfication is not available outside the US, sending postcodes through the system requires sending data (i.e. letters) that the systems just can't cope with.


[snip]

> You can pre-book an amount out of a credit card, which is what hire car

> firms and hotels do. This amounts to authorising an amount 'forward' for

> more than is likely to be the charge - to see if the customer is 'good for

> it'. The user will not be able to spend this money. This indicates a tactic

> for risk reduction on the web - authorising way more than the amount

> required, before actually completing only on what is wanted. Sounds weird,

> but fewer scamsters will stand a big hit, so authorising �200 for a CD

> before completing only on �12.99 will reduce the fraud rate.


But that's naughty (you are supposed to authorise only the amount you are likely to take and little to none above that). If caught don't expect your merchant status to survive for long (the last time I caught a merchant pulling this trick their merchant account was pulled virtually immediately). "Forward" authorisations last 5 days upwards and part captures don't cancel the rest of the "forwarded" money. 


> The fraud situation is very much a 'low probability of a big problem'

> scenario like being hit by an asteroid - if bad people with ripped-off cards

> decide YOU are a soft touch you can be put out of business. On the other

> hand you can cruise along in ignorance quite happily. Bad product categories

> are anything easily 'fenceable' - mobile phones, brown goods; and anything

> downloaded. 


Until you're caught out and sooner and later you will be. Its like all probability questions, if there's a 1% chance of it occuring on a given day within 3 months its likely to have occurred. And as others introduce additional checks there are fewer weak sites to target. 


Ben


-- 

Ben Thompson

babyhippo.com


t: 44 191 230 1213

m: 44 7976 768221