In the Fraud analysis system, what does it mean that a customer's CVV code isn't available?

ERHAB
Tourist
3 0 1

Hello Shopify Community,

 

I received an order that was marked with medium risk of fraud by Shopify's automatic fraud detection system. I've looked at the results of the fraud analysis and the only thing that I don't understand is the CVV code being unavailable. What does this mean? That the CVV code is invalid? If so, how could the customer successfully place an order? Don't invalid CVV-codes lead to immediate rejection of an attempted card payment?

Furthermore, I would appreciate suggestions for how to proceed with the order. If we should contact the customer, what should we ask them to do do verify the validity of the order?

Posting fraud analysis below.

  1. Neutral
    Some characteristics of this order are similar to fraudulent orders observed in the past
  2. Neutral
    Card Verification Value (CVV) isn't available
  3. Neutral
    Billing address or credit card's address wasn't available
  4. Neutral
    Billing address ZIP or postal code isn't available to match with credit card's registered address
  5. Neutral
    A payment method other than a credit card was used
  6. Neutral
    Location of IP address used to place the order is MASKED, Sweden
  7. Positive
    There was 1 payment attempt
  8. Positive
    Shipping address is 48 km from location of IP address
  9. Positive
    Billing country matches the country from which the order was placed
  10. Positive
    The IP address used to place the order isn't a high risk internet connection (web proxy)
 
0 Likes
Nick
Community Moderator
Community Moderator
3512 281 675

Hi @ERHAB,

Nick here from Shopify. Great questions! 

There are a number of different ways and questions you can ask the customer when you contact them to verify the validity of the order:

  • Call the number on the order
  • Search for the email address
  • Verify the addresses (I see they are different here, but if the customer can verify them it would be hugely helpful). 
  • Verify the IP address

Shopify has a helpful guide with more information on this too which you can find here. It would be up to you to decide whether or not to accept the order though. My take is, if you aren't comfortable or sure about it, then I wouldn't accept it, but everyone is different and it is ultimately up to the store owner. 

Regarding your question on the CVV number. There is another Shopify help guide which you can read here that has a note about CVV numbers which can be seen below: 

Not all banks support AVS and CVV security checks. When it's enabled, AVS and CVV fraud filters apply only to orders where the customer's card-issuing bank supports these checks. If a bank doesn't support AVS or CVV security checks, then the order is processed, but the security check isn't flagged as a risk indicator in the risk analysis tool.

I wonder if this could be the case for this order? 

Thanks, Nick

Nick | Community Moderator @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

0 Likes
dylanpierce
Shopify Partner
90 0 22

Hi @ERHAB ,

Welcome! And great question.

The CVV is the last 3 digits on the back of the credit card. It's used as a secondary verification method so knowing the digits on the front of the credit or debit card isn't enough to prove ownership.

From my understanding, the CVV code is not always required. There are some transactions that aren't required to accept a CVV. Think of purchasing gas for your car at a gas station. They ask you for your ZIP code, but not your credit card's CVV.

In this case, Shopify is just telling you the CVV wasn't prompted for this transaction, therefore that additional verification piece is missing. 

  • Unavailable == not prompted to the customer
  • Incorrect == prompted to the customer & the customer provided an incorrect CVV

Shopify offers 2 different ways to add additional verification to help prevent fraud. CVV is one, AVS is the other.

To enable either, follow these directions:

  1. In the Shopify Payments section, click Manage.
  2. In the Fraud prevention section, check the options that you want to use to automatically decline charges.
  3. Click Save.

You can read more about these methods in detail at this page: https://help.shopify.com/en/manual/payments/shopify-payments/configuring-shopify-payments

Founder of Verdict - Anti-Fraud Apps for Shopify
  • Blockade - Easily block countries, IP addresses, VPNs
  • Real ID - Verify your customer's real IDs easily & securely
0 Likes
ERHAB
Tourist
3 0 1

Hi Dylan, thanks for your answer. The option to deny non-CVV-verified payments was already activated. How come the customer was still able to place an order without CVV?

0 Likes
ERHAB
Tourist
3 0 1

It turns out that we got this message in the fraud analysis system because the person had ordered with Klarna invoice. Quite ridiculous that this leads to an increased fraud risk in the system since no CVV code is required when paying with invoice.

ayellowgiraffe
Excursionist
13 0 13

I had this issue too. Billing address & zip matched but it said CVV unavailable and marked as "Low Fraud Risk". I am unfamiliar with the way Klarna works, but is a customer able to use it for any online store, even if the business is not associated with Klarna?

Thanks!

0 Likes