Happy Business Starts Here

Support SME

Best Practice for Credit Card Authorization

 

We have switched from one payment gateway to a new payment gateway and there’s been a lot of noise from the team that credit card declines are up. We got feedback that because we are authorizing for $1, then immediately charging the card, it’s flagged as fraud and the card is declined. So far this was from 1 instance but it has bubbled up and it’s now a hot topic and our settings are now in question as to whether or not they are correct.

 

We are mostly a Card Not Present environment where the customer verbally relays the card information to us to enter. But we also have an external site where the customer enters in the card information themselves. As soon as the customer pays, they have access to the services they bought. In many cases they already have access from a free trial.

 

We want to make sure that it’s a good card but we also don’t want to trigger a bunch of fraud alerts. Does anyone at Zuora have any recommendation for us?

 

  • Should we change to $1 to $0?
  • Should we uncheck either of these settings? Verify new credit card or Verify updated credit card
  • Should we uncheck the Enable CVV Filtering?





If you found my answer helpful, please give me a kudo ↑
Help others find answers faster by accepting my post as a solution √

3 REPLIES 3
Highlighted
Support SME

Re: Best Practice for Credit Card Authorization

Should we change to $1 to $0?

 

  • The majority of US-based payment gateways recommend a $1 authorization. However, some payment gateways will recommend that you use $0 authorization, also known as an “AVS-only” authorization. In this case, you want to make sure that you enable the "Enable AVS Filtering" setting your Zuora payment gateway settings.

Zuora relies almost exclusively on the payment gateway to validate the payment method data. Zuora passes all nonempty payment method fields to the gateway for validation, including the method's billing address, IP address, and so on. Contact your payment gateway provider or check their website. They should be able to provide you with their best-practice fraud prevention policies.

 

 

Should we uncheck either of these settings? Verify new credit card or Verify updated credit card

 

  • These settings work exclusively with the Authorization amount. When you enable either or both of the Verify new credit card and Verify updated credit card options, Z-Payments (within the Zuora UI and Zuora API) submits key information to the payment gateway to authorize all credit cards for authenticity and fraud prevention.

 

Should we uncheck the Enable CVV Filtering?

 

  • When this setting is enabled, Zuora will decline Credit Card transactions for certain CVV response codes returned by the gateway, even if the gateway has approved the transaction. This is another level of Fraud protection, however based on the above explanation it can also lead to more declines.

In conclusion, fraud protection is a balancing act for merchants. While payment gateways and processors give you the ultimate flexibility to control fraud, it is ultimately your choice as to HOW MUCH detection you want to use. The more detection used could lead to more declines but less fraud, while the less detection could get you more approvals but also more fraud. Especially being a Card Not-Present business, protecting yourself from fraud is key but may require more work to investigate legitimate versus erroneous declines.






If you found my answer helpful, please give me a kudo ↑
Help others find answers faster by accepting my post as a solution √

Newly Enrolled

Re: Best Practice for Credit Card Authorization

We would like to use credit card for purchase, but we would like to remove holder name and surname. ATM we get error from server side also if we uncheck in Zuora settings for mandatory field. Can you please point me how to setup backend?

Scholar

Re: Best Practice for Credit Card Authorization

This answer may be outdated.

 

Both Visa and Mastercard want you to use a $0 Verification Authorizations -- you will actually be charged more if you do a $1 Verification Autorization and that verification will stay on the customer's account for up to two weeks.  I ran an in-house billing system through Chase and we had to make this update to $0 auths years ago.

 

Discover and Amex do not support $0 Verification Authorizations and you must issue a $1 Verification auth for those two.

 

Note that the way Zuora Payment Gateway setup has one field for 'Default Authorization Amount' which can be 0 or 1 (or something else for some reason), so if you want to do $0 auth for visa/mastercard and $1 auth for discover/amex, you must set up 2 separate Payment Gateways using the same merchant id.

 

Here is the visa documentation for $0 auth.: https://usa.visa.com/dam/VCOM/global/support-legal/documents/acct-numb-verif-service-a-quick-method-...