How long is my customer’s payment data stored in VISP?
It is recommended that before a subscriber is archived or deleted, the payment information (payment token) that is in VISP must be removed. For a service provider to meet the new PCI requirements, automated removal of the subscribers’ tokens and the authenticating information from the Address Verification Service (AVS) is done after 90 days.
What is VISP’s “Zero-Touch” PCI feature?
VISP’s “Zero-Touch” PCI feature meets the new PCI compliance standards for a “zero-touch” of the subscribers’ credit card data.
It is a best practice that ISPs have their subscribers enter their credit card information via the Subscriber’s Account Portal. In cases where subscribers call your support team and request their card be added, the system offers an interface that directly sends the payment information to the processor via a secure encrypted connection.
VISP implements this “zero-touch direct connect” feature with the ISP’s processor and gateway to fetch an alpha-numeric token.
What is the AVS?
Address Verification Service (AVS) is a tool for credit card processors and issuing banks to detect suspicious credit card transactions and prevent credit card fraud.
AVS checks the billing address submitted by the card user with the cardholder’s billing information on record at the issuing bank. The credit card processor sends a response code back to the merchant indicating the degree of address matching, thereby authenticating ownership of a credit or debit card in a non-face-to-face transaction. This process determines whether a card transaction should be accepted or rejected.
AVS is one of the most common tools used by merchants to prevent credit card fraud. However, it is not a foolproof system since the billing address provided by a bona fide customer may not always match the address on record at the card issuer. Reasons for such a mismatch would be a recent move by the cardholder or an incorrect address of record.
What is Card-Not-Present, and Card-Not-Present fraud?
Card-not-present (CNP) is a credit card processing industry term used to signify transactions in which the physical debit or credit card is not present to the merchant during the sale.
CNP transactions happen either when the merchant types in the card information on-site (even if the card is in the subscriber’s hand) or when the cardholder (subscriber) types it in from another location, such as in e-commerce sales. These transactions pose a much higher risk for fraud because the card is not swiped through a card reading device and is not physically on-site during the sale.
Why should I launch AVS in VISP?
The Address Verification Service (AVS) is a fraud prevention system that, when used effectively, can help to limit fraud and chargebacks. AVS verifies that the customer’s billing information is the same as that associated with the cardholder’s credit card account. AVS is the most widely used fraud prevention method by the major credit card brands to help stop card-not-present (CNP) fraud.
When your staff or subscriber submits a transaction via the portal or in the app, the billing address or zip code triggers an AVS check with your processor. The billing information is compared to the information on file with the issuing bank. Once the information is verified, the issuing bank returns an AVS code to the merchant.
Merchants can use this AVS code to determine how to proceed with the transaction. AVS response codes are single-letter codes returned to the merchant during the authorization process through their processing platform. These codes help determine the following action: transaction approval, exception, or decline. AVS authentication is part of a multilayered fraud protection system to ensure that valid transactions are approved and those deemed suspicious are declined
What is an example of AVS?
Imagine a customer shopping online at Amazon.com. When the customer enters their billing information during checkout, the following happens:
- Amazon’s payment gateway transmits this billing information to the customer’s credit card brand (e.g., Visa/Mastercard/Discover/AMEX).
- The credit card brand sends this information to the issuing bank. The issuer compares the billing information with the information stored on file.
- The issuer sends an authorization status and associated AVS response code to Amazon’s payment gateway.
If the address provided by the customer does not match the address the issuer has on file, the AVS code will indicate a mismatch between the two addresses, and the transaction may be declined. Should the two addresses match, the AVS response code will show this, and the transaction will be authorized. The AVS process generally takes only a few seconds and is invisible to customers.