Home → Arctic Reservations → Credit Card Processing → Fraud Settings
23.3. Fraud Settings
Payment gateways often provide the ability to configure fraud settings to determine what transactions to allow or decline. These settings help ensure that the card holder has the necessary information at the time of the transaction. The likelihood of fraud is evaluated based on the billing address (address and zip code) and the CVV code (3-4 digit code).
Below we include some general recommendations specific to Arctic Reservations and the Authorize.Net fraud detection suite (other payment gateways will have similar variations on the same settings). We recommend evaluating the fraud screening options in concert with your merchant services company to figure out what configuration is right for you. Keep in mind that fraud settings will create a tradeoff, and can discourage legitimate purchases by creating undesired hurdles in the purchase process.
For details on how to change your fraud settings, consult with your payment gateway.
Card Verification Value (CVV) number
The CVV number is a 3-4 digit number either on the back or front of the card. These numbers are frequently used to validate card not present transactions. The credit card industry has strict standards against storing CVV numbers, they can only be used if the transaction is being run immediately.
Arctic requires guests to provide a CVV number when paying online. CVV numbers are optional for transactions run through the backend. Because we can not store CVV numbers, payments using saved credit card or scheduled payments are processed without a CVV number.
As a result, we recommend configuring your CVV fraud settings as follows:
- Allow transactions without a CVV code
- Decline transactions with an invalid CVV code
In Authorize.Net, this configuration appears as follows:
Address verification
Address verification compares the billing address and the zip code against those on the credit card statement. For the most part, this only works in the United States.
In order to verify the address, payment gateways will run the transaction. Only once it has run the transaction will it know if the address is valid. If the address it not valid and your fraud settings say to decline the transaction, the gateway will void the transaction. Because voids can take up to 24 hours, guests can still see the transaction even though the system told them it was declined.
Arctic requires guests to provide the address and zip code when paying online. Address and zip code are optional for transactions run through the backend.
As a result, we recommend configuring your address fraud settings as follows:
- Allow transactions without a billing address (since those can only come from the backend)
- Allow transactions when AVS is not possible (e.g., international transactions, specific card types, etc)
- Decline the transaction if both both the address and zip code do not match
- Depending on your specific business, you may want to decline transactions if either the address or zip code do not match
In Authorize.Net, this configuration appears as follows (rows without response will depend on your risk preferences):