Account Verification Service

The Account Verification Service (AVS) is a service which offers:

• authentication of the cardholder and
• validation of the card account

Benefits

The purpose of this service is to reduce the risk fraudulent transactions by authenticating the cardholder and verifying the card account before payments are made.

AVS also eliminates the need for an authorization transaction followed by a void for card verification, thereby reducing traffic on the networks as well as the associated fees. Banks will be imposing penalties if merchants continue to use authorisation and void transactions for card verification.

Implementation

1. AVS transactions are R0.00 (zero rand) transactions that are sent as either:
   • Authorize transactions only (with no capture) for dual messaging or
   • Payment transactions for single messaging
2. The TransactionType (for HPP) and PaymentService(API) data fields are set to CardVerification
3. The VerificationActionhas a value of: NonPaymentAuthenticationor PaymentAuthenticationor Payment
   as described in the section that follows Three types of Account Verification for Cards
4. Transaction notifications are sent for the above Authorize or Payment transactions if a merchant is enabled for notifications

Three types of Account Verification for Cards

There are 3 types of AVS transactions. The type used is specified in the VerificationAction data field.

1. 3DSecure Authentication Only

These transactions use VerificationAction type NonPaymentAuthenticationand are used for customer authentication.

Use case: when a customer adds a card or modifies previously stored cardholder information.

1. A merchant performs a 3DSecure enrolment request. This will be sent to Bankserv by the Payment Gateway and the response will be sent back to the merchant.
2. If the cardholder is enrolled, then the customer will be directed to authenticate their identity using a One-Time-Pin (OTP) or an in-app authorization.
3. The result of this authentication will be sent in an Authorize request transaction to the gateway. The gateway will send an Authorize response back to merchant (without sending it for authorization to the bank).

2. 3DSecure Authentication and Bank Authorization

AVS transactions using VerificationAction type PaymentAuthentication are used where authentication is needed as well as verification of account details (i.e. the account is valid and open) such as adding a card.

1. A merchant performs a 3DSecure enrollment request. This will be sent to Bankserv by the Payment Gateway and the response will be sent back to the merchant.
2. If the cardholder is enrolled, then the customer will be directed to authenticate their identity using a One-Time-Pin (OTP) or an in-app authorization.
3. The result of this authentication will be sent in an Authorize request transaction to the gateway, which will send an Authorize request to the merchant’s acquiring bank. The bank will send an Authorize response back to the gateway. And the gateway will complete the transaction by sending an Authorize response back to the merchant.
   Note that the customer will see this R0 transaction on their account statement.

3. Bank Authorization Only

Bank authorization only transactions use the AVS VerificationAction type Paymentand are used for account verification only (i.e. the account is valid and open), without customer authentication.

A merchant will send an Authorize request transaction to the gateway, which will send an Authorize request to the merchant’s acquiring bank. The bank will send an Authorize response back to the gateway. And the gateway will complete the transaction by sending an Authorize response back to the merchant. Note that the customer will see this R0 transaction on their account statement.