Thread: fraudulent order got through - card name doesn't match Billing Address name

A customer somehow was able to checkout using another person's credit card. Not the usual thing we see where they also use that person's billing address. In this case the Billing Address and Shipping Address matched completely (in this case a person in Russia) but the "Card Name" listed for the Amex is a completely different name. How could this happen? His account only has the Russian name & address in the address book.

anyone have any ideas on how to combat this?

Which payment gateway are you using and what aspdnsf version?

Originally Posted by webopius

Which payment gateway are you using and what aspdnsf version?

Authorize.net | AspDotNetStorefront ML 8.0.1.2

Worth noting, the information sent back to ADNSF from Authorize.net with the approval had the Billing Address Name and email. But ADNSF is showing a different name as the "Name on Card". How does that field get populated?
Does that information also come from Authorize.net?

According to Authorize.net, they are unaware of any credit card issuers or processors who check to see if the Billing Address name matches the name on the actual account. No wonder cc fraud is so prevalent. Anyone else have any insight into this?

I guess i think the same way..

I had similar issue, two different names and addresses, authorize.net...had to force refund and cancel the order, the purchase was local (within the US).

Something wrong here. We use Authorize.net and have for many years.

Here is a copy of the virtual terminal. The numeritical portion of the street address and the zip code are checked.


Address Verification Service (AVS) Settings Help
The Address Verification Service (AVS) is a tool designed by bankcard processors to assist in identifying potentially fraudulent credit card transactions. For every credit card authorization, AVS compares the billing address and ZIP code provided by the customer to the address and ZIP code on file at the card issuing bank. AVS then returns a response code indicating the results of the comparison.

In the section below, you can choose which transactions to reject, based on the response codes, by checking the box next to each code. The payment gateway will reject transactions based on your selection. The recommended AVS response code selections are B, E, R, G, U, S, and N.

General AVS Responses
Reject
B Transaction was submitted without a billing address.
E AVS data provided is invalid or AVS is not allowed for the card type that was used.
R The AVS system was unavailable at the time of processing.
G The card issuing bank is of non-U.S. origin and does not support AVS.
U The address information for the cardholder is unavailable.
S The U.S. card issuing bank does not support AVS.
Address and ZIP Code Responses
Reject Street Address ZIP Code Extended ZIP
N No Match No Match No Match
A Matched No Match No Match
Z No Match Matched No Match
W No Match Matched Matched
Y Matched Matched No Match

Tips
The N response code indicates there is no match on both the street address and ZIP code. An N response code is typically a strong indicator of fraud. However, it may be legitimate if a customer has recently moved and has not updated their address to the issuing bank.
To avoid errors when accepting gift cards (stored-value cards with a Visa, MasterCard, Discover or American Express logo), you will want to uncheck the U response code. For this type of transaction, the customer's billing address will most likely not be associated with the gift card, or will not be on file at the issuing bank.
Not all banks outside the United States will return codes G, U and S. Therefore, these codes are not absolutely effective for preventing transactions from outside the United States.
In most cases, Y is a desired response code and should be left unchecked. You should only set Y to reject if you need to be certain that both the street address and full 9- digit ZIP code match exactly. Selecting this response is likely to block legitimate transactions.
Only one AVS response will return for each transaction. For example, a transaction cannot receive both an A (ZIP code mismatch) and a G (non- U.S. card issuing bank) response.
IMPORTANT: Please be aware that AVS is not intended for use as an absolute protection against suspicious transaction activity. With so many possible reasons as to why an address and ZIP code may not match, you should carefully consider your business's level of risk when configuring your AVS mismatch rejection settings.