Used by banks and credit card companies in the
UK, the Address Verification System (AVS) is designed to protect
retailers and consumers from credit card fraud.
UK, the Address Verification System (AVS) is designed to protect
retailers and consumers from credit card fraud.
However, what would appear to be a simple yet
effective security feature is being exploited by criminals to steal
goods from online retailers, an analyst at card fraud protection
specialist 3rd Man has discovered while monitoring daily card
transactions for a retailer client.
effective security feature is being exploited by criminals to steal
goods from online retailers, an analyst at card fraud protection
specialist 3rd Man has discovered while monitoring daily card
transactions for a retailer client.
In essence AVS checks the billing address of
the credit card provided by the user with the address on file at
the credit card company.
the credit card provided by the user with the address on file at
the credit card company.
It works by matching the house number and
postcode numbers for each card issued. For example, 43 Crooks
Close, B10 7GB would result in an AVS number of 43107.
postcode numbers for each card issued. For example, 43 Crooks
Close, B10 7GB would result in an AVS number of 43107.
Andrew Goodwill, director and fraud expert at
the 3rd Man explained that what they have discovered is that
fraudsters are now using card details where the genuine
cardholder’s address numerals exactly match the address they want
delivery to. “So, not only are they obtaining goods fraudulently,
they have them delivered to their chosen address,” said
Goodwill.
the 3rd Man explained that what they have discovered is that
fraudsters are now using card details where the genuine
cardholder’s address numerals exactly match the address they want
delivery to. “So, not only are they obtaining goods fraudulently,
they have them delivered to their chosen address,” said
Goodwill.
He stressed that this is a serious flaw
fraudsters are exploiting in significant volume. “Retailers relying
on AVS, or where a retailer will only deliver to the billing
address, are facing a potentially huge risk,” warned
Goodwill.
fraudsters are exploiting in significant volume. “Retailers relying
on AVS, or where a retailer will only deliver to the billing
address, are facing a potentially huge risk,” warned
Goodwill.
He added that other methods of security systems
for merchants, Verified by Visa or MasterCard SecureCode, are also
open to compromise.
for merchants, Verified by Visa or MasterCard SecureCode, are also
open to compromise.
He explained that quite simply when a fraudster
finds card details that have not been registered for these services
by the cardholder the fraudster will simply register the card
themselves, using a password of their choice.
finds card details that have not been registered for these services
by the cardholder the fraudster will simply register the card
themselves, using a password of their choice.
“If this trend continues and nothing is done
about it, we will have multi-million pound losses to UK business
and banks,” he concluded.
about it, we will have multi-million pound losses to UK business
and banks,” he concluded.
Go deeper with GlobalData
