Hello Shopify Community,
I received an order that was marked with medium risk of fraud by Shopify's automatic fraud detection system. I've looked at the results of the fraud analysis and the only thing that I don't understand is the CVV code being unavailable. What does this mean? That the CVV code is invalid? If so, how could the customer successfully place an order? Don't invalid CVV-codes lead to immediate rejection of an attempted card payment?
Furthermore, I would appreciate suggestions for how to proceed with the order. If we should contact the customer, what should we ask them to do do verify the validity of the order?
Posting fraud analysis below.
Nick here from Shopify. Great questions!
There are a number of different ways and questions you can ask the customer when you contact them to verify the validity of the order:
Shopify has a helpful guide with more information on this too which you can find here. It would be up to you to decide whether or not to accept the order though. My take is, if you aren't comfortable or sure about it, then I wouldn't accept it, but everyone is different and it is ultimately up to the store owner.
Regarding your question on the CVV number. There is another Shopify help guide which you can read here that has a note about CVV numbers which can be seen below:
Not all banks support AVS and CVV security checks. When it's enabled, AVS and CVV fraud filters apply only to orders where the customer's card-issuing bank supports these checks. If a bank doesn't support AVS or CVV security checks, then the order is processed, but the security check isn't flagged as a risk indicator in the risk analysis tool.
I wonder if this could be the case for this order?
Hi @ERHAB ,
Welcome! And great question.
The CVV is the last 3 digits on the back of the credit card. It's used as a secondary verification method so knowing the digits on the front of the credit or debit card isn't enough to prove ownership.
From my understanding, the CVV code is not always required. There are some transactions that aren't required to accept a CVV. Think of purchasing gas for your car at a gas station. They ask you for your ZIP code, but not your credit card's CVV.
In this case, Shopify is just telling you the CVV wasn't prompted for this transaction, therefore that additional verification piece is missing.
Shopify offers 2 different ways to add additional verification to help prevent fraud. CVV is one, AVS is the other.
To enable either, follow these directions:
You can read more about these methods in detail at this page: https://help.shopify.com/en/manual/payments/shopify-payments/configuring-shopify-payments
It turns out that we got this message in the fraud analysis system because the person had ordered with Klarna invoice. Quite ridiculous that this leads to an increased fraud risk in the system since no CVV code is required when paying with invoice.