Card verification checks
In response to the elevated disputes faced by many merchants in the travel and entertainment industries due to COVID-19, Visa and Mastercard have issued guidelines for resolving them. These guidelines relate specifically to goods and services canceled directly due to a government order or prohibition. If your business is receiving disputes that fall into this category and you need to submit dispute evidence before the submission date, please proceed to this guide.
For all industries, the best actions you can take are to proactively communicate with your customers and issue refunds where appropriate, especially when requested.
When a card payment is submitted to a card network for authorization, Stripe provides the CVC, postal code, and billing street address for them to verify (if you collected these from the customer in your checkout flow). The card issuer checks this against the information they have on file for the cardholder. If the provided information doesn’t match, the verification check fails. A failed CVC or postal code check can indicate the payment is fraudulent, so review it carefully before fulfilling the order.
Each Charge object includes the verification response as part of its source attribute. You can also find the verification results in the Dashboard when viewing a payment.
If no information is collected, the card issuer can’t perform a verification check. Collect the CVC, postal code, and billing address for every payment to avoid this issue. The results of verification checks help improve the detection of fraudulent activity.
Card verification code check (CVC)
The CVC (also referred to as CVV) is the three- or four-digit number printed directly on the credit card, usually on the signature strip or the front of the card. Radar includes a rule to block any payments that fail the CVC verification check, which you can enable or disable within the Dashboard (this doesn’t affect payments where the CVC check couldn’t be performed).
You can perform CVC verification by providing the CVC value either when you create a payment with a new card payment method, or when you attach a new card payment method to a customer. To re-verify the CVC on a previously saved card, refer to the integration guide on CVC recollection.
In general, only cardholders in physical possession of the card should have access to the CVC number. Businesses are not permitted to store the CVC number, so it’s unlikely that a fraudster can obtain this information through a computer breach. However, CVC verification doesn’t protect against the physical theft of a card, nor card information being used on a computer or website that isn’t secure.
Address verification (AVS)
Address verification (AVS) checks two pieces of information, the postal code and the billing street address. AVS checks determine whether this information matches the billing address on file with the card issuer. Radar includes a rule to block any payments that fail postal code verification, which you can enable or disable within the Dashboard.
If enabled, these address checks can fail on legitimate payments in some situations. For example, a customer entering their address incorrectly or moving and not updating their address with the card issuer could cause the address check to fail.
Support for both types of AVS checks varies by country and card issuer (for example, certain countries don’t use a postal code or some card issuers don’t support street address verification). However, street address verification is commonly supported for cards issued in the United States, Canada, and the United Kingdom.