Submit Your Article Forum Rules

Page 1 of 5 123 ... LastLast
Results 1 to 10 of 58

Thread: Authorize.net and AVS

Hybrid View

  1. #1
    Member
    Join Date
    Oct 2005
    Posts
    60

    Authorize.net and AVS

    I'm having a problem with authorize.net and I'm hoping someone has an idea on how to fix it.

    On our website, we have integrated authorize.net into our shopping cart (using their Advanced Integration Method - AIM). When a customer clicks the final submit button, we do a real-time "authorize only" event on their credit card. We also have the address verification system (AVS) turned on. Authorize.net attempts to do the card authorization first, and if that succeeds, then they do the address verification. So what happens is sometimes a legitimate customer will put in the wrong billing address (e.g., moved recently, used work address instead of home address, etc.), which will result in a transaction being declined. However, in reality, the authorization on their card was approved, but since the AVS was declined, the overall status of the transaction from our end results in a decline. If a customer is using a debit card, the bank will withdraw the money immediately upon authorization, even if the AVS fails, because the authorization is done first. What we end up with are customers that never actually completed a sale, but still showing that we charged their card, or completed sales with duplicate transactions. These pseudo-charges can take up to 30 days to be removed from the customers account by the bank, and there is nothing we as a merchant can do to speed up the process.

    The banks have gotten even worse the past few months and often are hitting our customers with overdraft charges in these instances. Here is an example:

    - Customer has $500 in their checking account

    - Customer places a $300 order with us using their debit card. On the first submission, they put their new address, but the bank has not updated the AVS system, so the AVS fails, but the bank shows $300 withdrawn

    - Customer enters their old billing address and re-submits the transaction. This time AVS is successful. However, now the charge has gone through twice, so the bank has taken out a total of $600, and customer gets an overdraft fee.

    We are having these kinds of issues on a weekly basis now. Authorize.net claims they can't reverse the processing order to do AVS before authorization. This is what I got back from authorize after I basically asked them to reconsider:

    "We can not reconsider our policy. It is part of our agreement with the Card-Issuing Banks and the Payment Processors that we will only decline the transactions because of an AVS mismatch after the bank has already authorized the transaction. That is not something that we can reconsider or that we can do differently. I am so sorry about that."

    There is also no way to do an "AVS only" type transaction. I can't believe that as big as authorize.net is, that nobody else is having this problem. I'm open to any suggestions on how to get around this issue. Thanks,

    Bill

  2. #2
    WebProWorld MVP crankydave's Avatar
    Join Date
    Aug 2004
    Posts
    4,726

    Re: Authorize.net and AVS

    Welcome to the "Banks Suck" club.

    I went on a bit of a rant on this about a year ago...

    Merchants Protect Consumers

    The banks don't actually take the money out of their account. The put a hold on the amount that is authorized for a period. Lat customer I talked to was told by their bank the hold was for 10 days. They requested that a fax a letter to their bank with a whole bunch of info in order to release the funds. If I did that every time AVS declined a transaction I'd get nothing done.

    Bottom line... there's nothing you can do and still protect yourself.

    Banks suck! The take no responsibility for anything and throw it all upon the merchant and don't care who they inconvenience.

    These types of transactions are a daily occurrence for me. I field emails and phone calls on a regular basis because of it. When it happens, I tell my customers the truth.

    I tell them that we take the potential unauthorized use of their credit card very seriously and we make every effort to protect them from potential fraud. I tell them that their bank verifies literally nothing when it comes to approving transactions made online with their credit card and that we attempt to verify as much information as we can in order to protect them.

    One thing you can do when this happens is to capture the transaction that has been declined. Once you've satisfied yourself that the transaction is legitimate, go into your virtual terminal and capture only using the authorization number.

    I keep typing but that would only lead me into another rant on how and why banks suck. It's too early in the day and I'm in too good a mood this morning to get started... again.

    Dave

  3. #3
    Moderator SteveGerencser's Avatar
    Join Date
    Jan 2005
    Location
    Small town Tennessee
    Posts
    2,212

    Re: Authorize.net and AVS

    Let me add that anyone using a debit card online is an idiot.. For that matter, debit cards in general are stupid..

    As David said, the problem is not with Authorize.Net, its with the banks.. They have set up the process so that they accept "no" liability for anything, even when they cause the problem directly..

    They are easily the most qualified to authorize transactions since they hold all of the information, yet they refuse to do so.. They leave it up to the merchant to make the merchants take all the risk..

    Banks suck..
    You can't create artful marketing with color by number seo

  4. #4
    WebProWorld MVP cw1865's Avatar
    Join Date
    Oct 2007
    Posts
    840

    Re: Authorize.net and AVS

    Quote Originally Posted by wdillsmith View Post
    On our website, we have integrated authorize.net into our shopping cart (using their Advanced Integration Method - AIM). When a customer clicks the final submit button, we do a real-time "authorize only" event on their credit card. We also have the address verification system (AVS) turned on. Authorize.net attempts to do the card authorization first, and if that succeeds, then they do the address verification. So what happens is sometimes a legitimate customer will put in the wrong billing address (e.g., moved recently, used work address instead of home address, etc.), which will result in a transaction being declined. However, in reality, the authorization on their card was approved, but since the AVS was declined, the overall status of the transaction from our end results in a decline. If a customer is using a debit card, the bank will withdraw the money immediately upon authorization, even if the AVS fails, because the authorization is done first. What we end up with are customers that never actually completed a sale, but still showing that we charged their card, or completed sales with duplicate transactions. These pseudo-charges can take up to 30 days to be removed from the customers account by the bank, and there is nothing we as a merchant can do to speed up the process.
    1. If the order volume is such that manually running the orders makes sense, do that.
    2. If the order volume exceeds this, perhaps the system can do an authorize and capture (instead of simply authorizing)

    Personally, I manually do it and frankly its the favorite part of my day.

    1. If billing matches shipping, I run the transaction, if AVS is in any way negative, I'm looking at IP Address, if area code for zip code is correct and things of that nature. Even aside from fraud, this also helps to prevent shipping to an incorrect address, you'd think people would type their addresses correctly all the time, but believe it or not they do make errors. I'll even google the phone number/address because sometimes that helps {you'll find addresses linked to freight forwarding companies, and that to me is an automatic kill order}
    2. If billing doesn't match shipping, I do all of the above first and make the decision to authorize/capture based on my own 'subjective' feel AFTER 12 hours has passed. <-this snares most stolen cards because most people DO report their cards stolen.

    Last year I got tagged for ONE fraudulent order and frankly I should've known better.
    Hidden Content on Google+

  5. #5
    Member
    Join Date
    Nov 2005
    Posts
    31

    Re: Authorize.net and AVS

    Quote Originally Posted by cw1865 View Post
    1. If the order volume is such that manually running the orders makes sense, do that.
    2. If the order volume exceeds this, perhaps the system can do an authorize and capture (instead of simply authorizing)

    Personally, I manually do it and frankly its the favorite part of my day.

    1. If billing matches shipping, I run the transaction, if AVS is in any way negative, I'm looking at IP Address, if area code for zip code is correct and things of that nature. Even aside from fraud, this also helps to prevent shipping to an incorrect address, you'd think people would type their addresses correctly all the time, but believe it or not they do make errors. I'll even google the phone number/address because sometimes that helps {you'll find addresses linked to freight forwarding companies, and that to me is an automatic kill order}
    2. If billing doesn't match shipping, I do all of the above first and make the decision to authorize/capture based on my own 'subjective' feel AFTER 12 hours has passed. <-this snares most stolen cards because most people DO report their cards stolen.

    Last year I got tagged for ONE fraudulent order and frankly I should've known better.
    This is the way we do it, too. Manually capture the information, call our CS line, get the number of the issuing bank, speak to a live person whenever possible to validate the information, then process the transaction, or not. We've also gotten pretty good at guessing if an order is fake or not, before we even call to try and verify anything. We also give card users a financial disincentive to using a card by having a 3% Handling Fee to manually process the transaction. On a $30k watch, that's $900 of disincentive; not small potatoes! Worst case scenario, which we've had happen, is for someone's account to be hacked and all the info changed, including addresses. You get a clean and validated transaction...until the real owner files the chargeback 45 days later. You're out the product =and= the cash. As usual, the bank claims no responsibility, even though =their= system was breached. We had this happen one time on a, for us, fairly small transaction; total loss was about $13k. Next time it happens, I think we'll sue the card holder themselves for not protecting their card information better thus allowing the hack.

    Lyle Knox
    FeelGoodWatches.com

  6. #6
    Senior Member
    Join Date
    Sep 2006
    Posts
    359

    Re: Authorize.net and AVS

    It is not just the banks, but Authorize.net sucks too. I heard so many complaints about them and had so many complaints about them myself (customers) that I actually switched to PayPal Pro. Tho not perfect and some people laugh, they are actually far more flexible and much better overall than companies like Authorize.net.

    If you get a programmer who knows the PPP API, you can get it to work the way YOU want it to, and not hear "that's just the way it is, kid, now go away, you bother me" from Authorize.net.

  7. #7
    Rest in Peace 1946 - 2013 deepsand's Avatar
    Join Date
    May 2004
    Location
    State College, PA
    Posts
    16,376

    Re: Authorize.net and AVS

    Quote Originally Posted by Dinghus View Post
    It is not just the banks, but Authorize.net sucks too. I heard so many complaints about them and had so many complaints about them myself (customers) that I actually switched to PayPal Pro..
    PayPal's "address verification" is a joke. They've even "verified" non-existent addresses!

  8. #8
    Member
    Join Date
    Oct 2005
    Posts
    60

    Re: Authorize.net and AVS

    I'm not sure if I should be comforted that it's not just me, or more annoyed because it's not just me...

    To answer some of the questions in posts above:

    Doing a Capture instead of Auth & Capture at the time of entry will not help because the goods may not be shipping right away, and charging the customer at order time would be a violation of the card terms of service. Also, if the transaction is declined for AVS, regardless of which method I use, it will be declined and can only be captured manually, at authorize.net.

    No, I don't have time to manually force capture AVS errors, as they occur all day every day.

    We are a gift company, so the billing address and shipping address almost never match, because most of our customers are sending gifts to other people. Thus I cannot rely on that check for fraud, but we do employ other methods that are pretty effective, although they are time consuming as they all involve human intervention.

    The ones that seem to get hurt the worst are the debit card holders, as the withdrawals are immediate. Did I mention there is also no way to determine ahead of time whether a card is debit or credit? I'm looking at a bunch of workarounds, which vary from really stinky to just a faint odor, but I'm not happy about any of them.

    Thanks for the feedback though, as at least now I know to move ahead with my workarounds.

    Bill

  9. #9
    Member
    Join Date
    Nov 2007
    Posts
    46

    Re: Authorize.net and AVS

    You can turn off the switch in Authorize.net to decline transactions where the AVS do not match. That way the system will notify you that the AVS did not match but also aprove the transaction.

    So you can in fact process sales without AVS matching and that's not a problem (many merchants do it).

    What they do is call the customer directly if the transaction looks suspicious.

    If you would like to discuss this via email contact me any time at msinfo@merchantseek.com

    Joe
    Joe - MerchantSeek.com
    Hidden Content

  10. #10
    WebProWorld MVP crankydave's Avatar
    Join Date
    Aug 2004
    Posts
    4,726

    Re: Authorize.net and AVS

    Quote Originally Posted by msinfo View Post
    You can turn off the switch in Authorize.net to decline transactions where the AVS do not match. That way the system will notify you that the AVS did not match but also aprove the transaction.

    So you can in fact process sales without AVS matching and that's not a problem (many merchants do it).

    What they do is call the customer directly if the transaction looks suspicious.

    If you would like to discuss this via email contact me any time at msinfo@merchantseek.com

    Joe
    And you get to pay your discount/transactions fees on all bank approved transactions. Not to mention far more time consuming. Not a viable option as I see it. Unless of course you want to pay those fees and potential loses for me.

    The banks have the needed info. If their interest is in protecting their cardholders they should be verifying it PRIOR to issuing an approval/authorization. Their interest is not in protecting their cardholders from potential fraud. They wash their hands of any responsibility and drop it straight into the laps of merchants.

    Merchants who have to deal daily with their refusal to protect THEIR cardholders from potential misuse of a credit card.

    Dave

Similar Threads

  1. Authorize.net down from a single fire
    By amxfan in forum eCommerce Discussion Forum
    Replies: 1
    Last Post: 07-03-2009, 01:42 PM
  2. Is Authorize.net down?
    By minorgod in forum eCommerce Discussion Forum
    Replies: 4
    Last Post: 01-09-2007, 02:21 AM
  3. Giving of Authorize.net password to web designer
    By chelseaandco in forum eCommerce Discussion Forum
    Replies: 6
    Last Post: 12-28-2003, 11:53 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •