Over 93% of AVS and CVV Mismatches are Not Fraud
Ecommerce merchants rely heavily on the Address Verification System (AVS) and Card Verification Value (CVV2) as a first line of defense against fraudsters. In a recent data review, we found that, when a mismatch is considered to indicate fraud, both of these data points trigger over 90% false positives.
Our data review sampled our most recent million transactions. We considered AVS response codes of 'N', 'I4', 'I5', 'I6', 'I7', and 'I8' to be mismatches, though in many payment gateway configurations, 'Z' is also included in this group. For CVV2 response codes, we only sampled transactions that generated an 'N'.
In our database, 93.4% of AVS mismatches were guaranteed against fraud risk by our Payment Assurance™ service. In the case of CVV2 mismatches, 93.5% were found to be legitimate. When both mismatches occurred in tandem, the approval rate was 82.1%.
Of those thousands of guaranteed transactions, significantly less than 1% resulted in chargebacks.
We believe that this phenomenon is being driven by two primary factors. First, web forms have become increasingly easy to use, often asking for shipping information first, then offering a "same as shipping" button to prevent customers from having to enter the same address again. However, many customers are simply taking the easy option and using this feature despite knowing they have a different billing address for the payment card. Second, the typical eCommerce consumer is young, often young enough to have never learned about the importance of systems like AVS, which once had more impact on the purchasing process.
Driven by our extensive experience with the shortcomings of AVS and CVV2 fraud filtering, we encourage all online merchants to disable any automatic rejection of customers that relies purely on these systems. Instead, it is far better to utilize a robust, comprehensive fraud solution that has been engineered to differentiate between the significant majority of legitimate transactions that include a mismatch and the relatively small proportion of mismatches due to fraud.
Disabling these filters can lead to significant benefits. In the case of one of our clients, since taking our advice to disable AVS and CVV2-based rejections in their payment gateway, they have seen over $3 million in guaranteed sales that previously would have been automatically declined.