Configuring Smart Authorization
A fraudulent customer can easily steal a credit card number and use it to place orders at your store. For this reason, when you sell items online, by telephone, or by mail, you need to take precautions to avoid fraud attempts. According to card association rules and even if the cardholder’s bank authorized the transaction, you are liable for losses if customers claim that their cards were used without their knowledge or consent. If this happens, you will be subject to a reversal of payment, also known as a chargeback.
With Smart Authorization and Advanced Smart Authorization, basic fraud detection tools, you can quickly and accurately identify fraudulent orders while minimizing the rejection of valid orders. Smart Authorization returns risk factor codes, which identify the conditions that contribute to a high risk result. You can use these factor codes to identify the reasons for the high risk result and, if justified, to attempt to convert the order to a sale. You decide whether to process the order regardless of the results of Smart Authorization or choose to review the order before you process it further. The figure below shows a sample Smart Authorization settings page. The online help explains how to set the tests that you want CyberSource to run for each of your transactions.
Because CyberSource uses the order data to evaluate the level of risk, you should assess the customer’s input before you submit the data to CyberSource to ensure that the data is accurate. If you detect a problem, such as an typographical error, ask your customer to correct the data.
Rejection by the Smart Authorization tools is a soft reject as opposed to hard reject, which is due to causes other than Smart Authorization, such as invalid data, invalid card, or a system error:
Soft rejection: If an order is rejected because it appears to be risky, you should review the order to verify that it is legitimate so that you can capture the authorization and fulfill the order. For more information on reviewing orders, see Reviewing Declined Credit Card Authorizations.
Hard rejection: You cannot capture these orders.
note
If you use Smart Authorization with card-present transactions, see Card Present: Retail.
Address Verification Service (AVS)
 
* 
Note if you do not use Smart Authorization: The Address Verification Service always screens orders even if you do not use Smart Authorization. If you request a sale (authorization and capture) for an order that receives a no address match result, the order will be processed successfully, and you will not be notified of the address verification results. Therefore, CyberSource recommends that you request only an authorization, which allows you to review the authorization results before capturing the order.
Although the Address Verification Service (AVS) runs automatically for every credit card authorization, AVS data is ignored when no address is submitted for card-present (retail) transactions processed in the Virtual Terminal.
The service compares the customer-provided billing address with the address on file at the issuing bank. A mismatch between these addresses may indicate fraud. Basic Smart Authorization interprets the results of the Address Verification Service. You can use its settings to decline transactions with any or all of these address verification results:
Partial address match. Either the street address or the postal code matches.
No address match. Neither the street address nor the postal code matches.
If you do not use the Smart Authorization settings for the address verification tests, and you request a sale (authorization and capture), your orders will be processed regardless of the address verification results, and you will not be notified of the address verification results.
Service not available. The Address Verification Service is not working or is not supported.
Card issued outside of the United States.
Card Verification Number
The card verification number (CVN) is a three- or four-digit number printed on most credit cards helps to prove that the customer has physical possession of the card, and that the card is valid. The table below gives the details for the cards accepted in the Virtual Terminal.
 
Visa
Card Verification Value (CVV2)
Back of card: if present, 3 digits in the signature area to the right of the card number.
MasterCard
Card Verification Code (CVC2)
Back of card: if present, 3 digits in the signature area to the right of the card number.
American Express
Card Identification Number (CID)
Front of card: 4 digits on the right above the card number.
Discover
Card Identification Number (CID)
Back of card: if present, 3 digits in the signature area to the right of the card number.
Diners Club
Card Verification Value (CVV)
Back of card: 3 digits in the signature area.
JCB
Card Verification Number (CVN)
Front of card: 4 digits on the left below the card number.
This number, which is never printed on credit card receipts, is a security feature that helps ensure that your customer has physical possession of the card. The issuing bank compares the customer-provided number with the number it has on file. A mismatch may indicate fraud. If you want to check this number, ask your customers to provide the number with the credit card number when you request authorization.
The following illustration shows how a card verification number appears on the back of a credit card.
You can decline transactions with any of these card verification results:
Card verification number not matched. The number that the customer provided does not match the number on the card.
Card verification number system unavailable. The card verification check is not working or is not available for this card type.
Card verification number not submitted. A number is printed on the card, but the customer did not provide it.
Card verification not supported by the card issuing bank.
Transaction Amount
You can choose the maximum dollar amount to allow in a single authorization. If a customer attempts to make a purchase for more than this amount, the authorization will be declined.
Advanced Smart Authorization Features
In addition, if you are signed up for Advanced Smart Authorization, you can use additional fraud control tools. Advanced Smart Authorization performs additional tests on each order to identify all of the following conditions, which increase an order’s risk:
Obscenities or nonsensical input, such as the customer’s last name entered as zqmmz.
Billing or shipping address not verified or that do not match.
USA PATRIOT Act compliance. The person or organization placing the order or the country in the shipping address are on a list of denied parties or places to whom the United States prohibits commercial sale according to the USA PATRIOT Act.