How are some website capable of charging my card without 3D?

[JamesDonkey]

I have 1-2 cards with 3D security authentication. On some websites I'll enter my bank card number and it'll go through without 3D, immeediatelly, and each time so. I think I even have deliberately misspelled my name and haven't entered CVV either, and it still has gone through.

While on others the same cards will require proper 3D authentication, and precise name spelling.

How's that? Do the 1st types of website use merchant accounts?

 

[Sols]

The short answer is that it depends on a lot of factors. Different types of transactions have different rules and are treated differently.

There is also a degree of choice by the merchant and the payment processor, where some choose to take a greater risk in order to make it easy to pay. Ignoring CVV is one such choice.

Another factor is what type of card you have, where it issued, and by which bank. Some security mechanisms are only available in some countries or some cards.

 

[JamesDonkey]

The short answer is that it depends on a lot of factors. Different types of transactions have different rules and are treated differently.

There is also a degree of choice by the merchant and the payment processor, where some choose to take a greater risk in order to make it easy to pay. Ignoring CVV is one such choice.

Another factor is what type of card you have, where it issued, and by which bank. Some security mechanisms are only available in some countries or some cards.

In other words, your answer equals absense of one.

 

[Sols]

I see you didn't get the help I wished you last time I tried to offer you some assistance. I truly hope you do find some solution to whatever it is that causes this quickness to rudeness. Once you have sunnier disposition, you will find more success and be able to engage in meaningful discussions with people who know more about certain topics than you do. This could have been an interesting topic for all parties, but instead, all you've done here is alienate.

 

[JamesDonkey]

You trully hope? You make me laugh
How can you "trully hope" and at the same time try to offend the other party?

 

[Sols]

I have nothing to gain from this thread turning from what could be an interesting discussion to you calling my genuinely friendly attempt at shedding some light no answer into an aggressive, alienating void where nothing of value is achieved for either party. I have much more to gain from you instead taking a positive, constructive approach and having follow-up questions or adding additional details, so that we can continue the discussion around how come certain online transactions are subject to 3D Secure, CVV checks, AVS, and so on.

So I actually do mean it when I say I truly hope for what I mentioned.

 

[Martin Everson]

Sols gave correct answer. 3D Secure is activated by vendor and uses rules they defined on their back-end. For example Amazon does not do 3D Secure on one of my cards but another site does do it on same card. The vendor can choose not to activate 3D secure although they know its available on your card.

P.S Most card providers do not validate the name for the obvious reasons that it complicates the transaction if misspelled. Same applies to Swift transactions. Account name is not validated by default unless bank chooses to do so.

 

[JamesDonkey]

But doesn't it have to do more with using a) payment processor or agregator vs b) merchant account? rather than on the settings and preferences of an individual website.

 

[Sols]

I will say more, sites can withdraw money from your card without even knowing the CVV!

Banks, processors, and merchants are realising that CVV checks are — in many cases — pointless. If a card is stolen, so is the CVV.

For many businesses, the extra risk of not checking CVV is worth it to make it easier to pay. On some websites that ask for CVV, it doesn't matter what you fill in. They just silently discard it, thereby removing risk of a transaction being declined due to the customer typing in the wrong CVV or abandoning the payment because the customer has the card number saved in the browser, but none of those browsers also store the CV.

The risk for the merchant is that it can be a lot easier to charge back a transaction where CVV wasn't checked. In some cases, not checking CVV will increase the cost of the transaction.

 

[extremedox101]

in my experience the address is way more important than name on card . i never tried to put wrong cvv or leave it blank .

 

[Marie Manila]

I sometimes put a wrong name at checkout because I was curious if the payment goes through. And yes, payment was always successful.
Some years ago I gave a wrong CVV. The payment was declined by my credit card company.
But with the same card payments at Amazon go through without CVV code.

 

[Sols]

For Visa and Mastercard, there is no way to automatically verify the name on the card. Amex has had a service for it, although I haven't seen it in action in a while.

Address is often verified through AVS (Address Verification Service). The exact implementation varies by region and issuer but in most cases checks to see that postal/zip code matches. Some also check that street number matches. But because there are so many ways to spell an address, that is rarely checked/enforced.

https://www.chasepaymentech.com/address_verification_service.html
AVS is available on most Visa, Mastercard, Amex, and Discover cards issued in US, Canada, and UK. Because so many EMIs use (or used) UK-based issuer for prepaid cards, many not living in the UK will have come across AVS without even knowing about it.

Most PSPs let merchant choose to ignore AVS. Doing that can increase the transaction processing cost and decreases the merchant's chances of winning chargeback disputes.

 

[JamesDonkey]

Address is often verified through AVS (Address Verification Service). The exact implementation varies by region and issuer but in most cases checks to see that postal/zip code matches. Some also check that street number matches. But because there are so many ways to spell an address, that is rarely checked/enforced.

Matches with *what*? With an existing building? Anyone can use any existing address of a country where a card is issued, and which address may nothing to do with said person. One can open google maps and use any random address.

 

[Sols]

Matches with *what*? With an existing building? Anyone can use any existing address of a country where a card is issued, and which address may nothing to do with said person. One can open google maps and use any random address.

Matches the data on the billing address with what the card issuer (bank, credit company) has on file as your residence/billing address. So if you have moved but not notified your bank or credit card company, you would fail AVS.

 

[JamesDonkey]

Matches the data on the billing address with what the card issuer (bank, credit company) has on file as your residence/billing address. So if you have moved but not notified your bank or credit card company, you would fail AVS.

But it can be bypassed easily -- if I've moved, but I continue to use the old address for the sake of avoiding such validation errors?

 

[Sols]

But it can be bypassed easily -- if I've moved, but I continue to use the old address for the sake of avoiding such validation errors?

Correct. It's not a very good system.