While processing a credit card payment, if the transaction is declined for any valid reason, such as an AVS or CVV mismatch response, you have to decide what to show your customer. This may sound like a very simple thing to do, however, one wrong word can drastically impact a customer’s desire to change their information and try again.

It was earlier recommended to give a visitor a single response for any decline, AVS mismatch, error or otherwise. Depending on how your customers react to their transaction not going through as planned, it’s possible to lose a measurable amount of sales by not displaying the correct message.

In such a scenario, the first step is blocking the IP’s that card testing often comes from. Blocking IP addresses works fairly well in this situation. Secondly, one may develop an error message for different responses that you get from your payment gateway. These should be broad, but specific enough for your customer to understand what they need to do to correct the situation. If the message is too broad or to detailed, the customer would fail to understand what needs to be done.

For instance:

General decline: We’re sorry but your credit card was declined. Please use an alternative credit card and try submitting again. If you experience further problems, please call us at (phone number) to complete your transaction over the phone.

AVS mismatch, error, unavailable: We’re sorry but it appears that the billing address that you entered does not match the billing address registered with your card. Please verify that the billing address and zip code you entered are the ones registered with your card issuer and try again. If you experience further problems, please call us at (phone number) to complete your transaction over the phone.

AVS tips: Remember that your customer’s needn’t know exactly what you match with regards to AVS. While the system works in theory, it is prone to errors, and more often than not street address errors are something other that the person entering the wrong street address. The zip code should most definitely be matched, but only the first 5 digits should be required. Very few people know the second 4 digits of their zip code.

Card Verification (CVV2, CVC, CVV, etc…) Tips: Card code verification should be processed on every transaction. It costs nothing extra, and not using it is a poor practice at the expense of you and your customers. However, actually requiring a positive card code match is something that many would debate. Merchants must require it on the website, validate that a card code is entered, process it, but don’t decline on a card code mismatch. It’s best to flag transactions for further review if a card code mismatch occurs. Card codes get worn off, the system often returns errors or not-available responses, and the number of declines is usually more than an acceptable or actual amount.

With either AVS or CVV, if you sell products that carry a high risk of fraud and chargebacks, have high dollar sales, or you have had problems in the past with fraud, then I would definitely require a positive match in both areas. This would include any custom products, electronics, and high dollar merchandise (>$1000), etc. Also, your processor may require a positive card code match for online transactions, and you should definitely abide in this case.

You should always be on the lookout for card testing if you decide to show different responses for declines and errors. Blocking those IP addresses will do nothing if the person doing the testing is not in one of those ranges. If it ever becomes a problem, the numerous fraud prevention options that payment gateways have are designed to curb card testing. Whatever the case, action needs to be taken quickly to minimize the negative effects that can come from card testing.