TIPS – What is a “Suspicious Transaction?”

/in /by

If your email address is set to receive notifications from Authorize.net then you may have received an email with the ominous sounding subject line that looks like: “Suspicious Transaction 39027484872 – Your Payment Gateway ID is: 48928787382.” Upon opening it the message will tell you that a specific transaction, identified by the transaction ID, has been declined by the Enhanced AVS Handling Filter. This is a typical example:

 

That certainly doesn’t sound good but it’s actually quite benign. AVS stands for Address Verification System. It is one of the anti-fraud settings you can enable and configure in your Authorize.net account (https://account.authorize.net). In a nutshell, it simply checks to make sure the billing address your member enters on the payment screen matches the address on file with the credit card issuer. Accidentally mistype your zip code and, depending on what AVS settings your club has enabled, the transaction will be declined.

You find the settings for AVS in Authorize.net under Tools -> Fraud Detection Suite.

On the Fraud Detection Suite screen you have a number of different settings. Scroll down to Transaction Settings and you’ll see the option for Enhanced AVS Handling Filter.

This is where you can see what is supposed to happen if various card information isn’t provided or doesn’t match the information on file. Before we address those options, let’s pause for a second to consider why you would want Address Verification enabled. We all know identity theft is a big issue. If someone gets ahold of your credit card information they can easily ring up fraudulent charges. But they’ll have to have the card number, expiration date AND the CCV code — the three or four digit number found on the back of your card (or front for Amex). Without all three pieces of information they can’t use the stolen info.

AVS simply adds another piece of info. someone would need to use your card. Even if they have all of the other info. if they don’t know who you are or your address they wouldn’t be able to make a charge. For most businesses there’s no reason not to use AVS. For clubs though, the story is somewhat different. It’s highly unlikely a member would attempt to use a stolen card to pay for dues — makes it pretty easy to find them! When you see the AVS filter triggered it is basically always because of a typo; the address in Member Splash isn’t current (it gets pre-filled on the payment screen); or the address with the card issuer isn’t correct (someone moved and forgot to update it).

In Authorize.net there are detailed explanations of what the above settings mean. Short version is that the letters — N, A, Z, W, Y — are response codes that come back from a card issuer depending on the error. An A response code, for example, means the street address matched but the zip code didn’t.

In the screenshot above we have response code N set to decline the charge. That would mean that BOTH the street address and zip code didn’t match. Which likely means the member recently moved and hasn’t updated their address with the card issuer yet.

What settings you choose depends on your club’s preferences. If you choose Authorize and Hold for Review the charge won’t actually be processed until someone manually looks at it in Authorize.net and okays it. If you choose Allow, Report Triggered Filters the charge will be processed but you’ll get an email alerting you that not everything matched so you can check to make sure it is legimate.

In any case where there is an address mismatch you’ll get a Suspicious Transaction email, but now you know what it means!