Verification Checks
In response to the elevated disputes faced by many merchants in the travel and entertainment industries due to COVID-19, Visa and Mastercard have issued guidelines for resolving them. These guidelines relate specifically to goods and services canceled directly due to a government order or prohibition. If your business is receiving disputes that fall into this category and you need to submit dispute evidence before the submission date, please proceed to this guide.
For all industries, the best actions you can take are to proactively communicate with your customers and issue refunds where appropriate, especially when requested.
When a card payment is submitted to a card issuer for authorization, Stripe provides the CVC, postal code, and billing street address for them to verify (if it’s been collected). The card issuer checks this against the information they have on file for the cardholder. If the provided information doesn’t match, the verification check fails. A failed CVC or postal code check can indicate the payment is fraudulent, so review it carefully before fulfilling the order.
Each Charge object includes the verification response as part of its source attribute. You can also find the verification results in the Dashboard when viewing a payment.
If no information is collected, the card issuer can’t perform a verification check. Collect the CVC, postal code, and billing address for every payment to avoid this issue. The results of verification checks help improve the detection of fraudulent activity.
Card verification code check (CVC)
The CVC (also referred to as CVV) is the three- or four-digit number printed directly on the credit card, usually on the signature strip or the front of the card. Radar includes a built-in rule to block any payments that fail the CVC verification check (this doesn’t affect payments where the CVC check couldn’t be performed).
CVC verification can be performed by providing the CVC value either on creation of a payment with a new card payment method, or on attachment of a new card payment method to a customer. To re-verify the CVC on a previously saved card, refer to the integration guide on CVC recollection.
In general, only cardholders in physical possession of the card should have access to the CVC number. Businesses are not permitted to store the CVC number, so it’s unlikely that a fraudster can obtain this information through a computer breach. However, CVC verification doesn’t protect against physical theft of a card, or card information used on a compromised computer or website that isn’t secure.
Address verification (AVS)
AVS is comprised of two checks: one based on the postal code and another based on the billing street address. AVS checks determine whether these pieces of information match the billing address on file with the card issuer. Radar includes a default rule to block any payments that fail postal code verification, which you can enable or disable within the Dashboard.
These address checks can fail on legitimate payments in some situations. For example, a customer might enter their address incorrectly, or they move and don’t update their address with the card issuer.
Support for both AVS checks varies by country and card issuer (e.g., certain countries don’t use a postal code or some card issuers don’t support street address verification). However, street address verification is commonly supported for cards issued in the United States, Canada, and the United Kingdom.
If you require assistance with a dispute, please contact Stripe support.