AVS, CVM and Their Role in Credit Card Processing

AVS and CVM are two very important acronyms to know when discussing credit card processing. That’s because they’re related to keeping the process secure for merchants and their customers in a time when:

• U.S. merchants lose billions of dollars to credit card fraud every year. The figure for 2010 was $3.56 billion, according to a recent issue of the trade newsletter The Nilson Report.
• The true cost to merchants for every $100 in fraudulent transactions is about three times that amount, including the initial loss, associated fines and penalties, costs for replacing lost stolen merchandise and interest. (from the 2010 LexisNexis True Cost of Fraud Study)
• The negative impact on a merchant’s reputation and, by extension, sales is devastating.

Two of the most common credit card-related security issues are fraud and identity theft. Fraud occurs when a card is used for an unauthorized purchase, usually by a criminal who has stolen it. Identity theft builds on that fraud by using the stolen information to open new accounts in the cardholder’s name that are then used to make fraudulent purchases.

AVS and CVM are two first lines of defense in the war against credit card fraud.

AVS stands for “address verification system”, just one of several essential components in a merchant’s data security system. AVS comes into play during a card-not-present (CNP) transaction when neither the cardholder nor the card is physically present at the point of sale, as occurs in mail order or online commerce. As its name implies, AVS is used to verify that the address provided by the customer matches the billing information on file with the bank that issued the card.

The logic behind AVS is relatively simple. Criminals using a stolen credit card will give their own address, that of an accomplice or a drop location — any address but that of the actual cardholder, if they even know it — to get their hands on the stolen goods. AVS is a proven deterrent to credit card fraud, and merchants who use it get a reduction in their credit card processing fees.

CVM is short for “card verification method” and is called different things by the different credit card networks, including CVV/CVV2 (Visa®), CVC/CVC2 (MasterCard®) and CID/CID2 (American Express® and Discover®). Other variations on the theme are Card Security Code (CSC), Card Verification Data (CVD), Card Verification Value Code (CVVC), Card Code Verification (CCV) and Verification Code (V-Code or V Code).

Whatever you call it, CVM is a three or four digit code that is printed on the credit card itself (front or back). In a CNP transaction, the merchant should ask for the code to ensure that the customer has the card in hand and is not using a stolen account number.

The threat of credit card fraud is very real, but if merchants take the steps outlined above they can reduce their exposure. Additionally, they should work closely with their merchant account provider to make sure they are PCI compliant. Rigorous security procedures remain the first and best way to keep your credit card processing secure.

Related content: Whitepaper Tips for Preventing Credit Card Fraud and Avoiding Chargebacks