This is a dual-purpose memorandum and rant regarding AVS for credit card processing. AVS (Address Verification System for the uninitiated) is a standard developed by Mastercard and Visa to help fight fraudulent credit card purchases over the internet. By and large, I think we’d all agree that this is a good thing. Unfortunately, this system is unbelievably flawed.
Over the weekend we tightened down the AVS for both our Blinksale and IconBuffet credit card processing code, and ever since our life here has been a royal headache. In theory, AVS is great. A billing address entered by a customer is cross-checked with the billing address on supply from the card-issuing bank to ensure the card is in the right hands.
Unfortunately if you, the customer, say that you live at “123 Blueberry Street” and the bank says that you live at “123 Blueberry St”, your card will choke. What’s worse, if you live in an apartment and enter your unit number as “#212″—while your bank is looking for “Apt 212″—the card will choke. But wait, that’s still not my favorite:
Let’s say you live at “135 18th Street”, AVS will tell your bank that you live at “13518 Th Steet”. This of course is most definitely a recipe for failure. And don’t get me started on international addresses or PO Boxes (or is it P.O. Boxes?).
AVS is supposed to be this great thing to protect merchants from fraud. I applaud that. But whoever created the system really messed the sucker up. About a third of all legitimate charges that have been attempted at Blinksale or IconBuffet over the last 48 hours have been declined due to false-negative responses. We’ve lost sleep, sanity, time, and sales.
Now we’re frantically working to reverse engineer the whole thing to find an acceptable medium between keeping out the bad guys and letting in the good guys. If this is what AVS has to offer, the folks at Visa and Mastercard need to go back to the drawing board.