Reducing Credit Card Fraud Without Increasing Cart Abandonment
One of the “quick wins” I recommend to retailers in improving their conversion rates by reducing cart abandonment is to explain what the credit card security code is, why it’s asked for and where to find it. We take it for granted that many people don’t know the “security code” or CVV2 (card verification value) asked for in the checkout process can be found on the backside of their credit cards. CVV2 is used to reduce fraud for card-not-present transactions. (Not all online retailers require the CVV2 so this tip only applies to retailers who do).
Often the checkout form looks like this, with no explanation of what the security code is, where to find it and why it is asked for:
I usually suggest using a link that says “What is this?” with more information in a mouseover. I recently spotted AT&T doing one better — showing exactly where to find the number using an image:
Remember that different cards have different CVV2 locations, so mention that.
This tactic could easily be saving AT&T millions in sales each year. Why don’t you try it?
Another reason customers may hesitate to provide the CVV2 code is the erroneous belief that they are actually risking their personal information more by providing the super-secret code. They feel like you’re not just asking for an email address but a password too!
Of course, the fact you’re asking for the CVV2 code is proof you value their security – you’re preventing anyone who’s stolen their card number from making a fraudulent purchase. But customers don’t see it that way. Reassure them that the CVV2 code is NOT stored in a database and is only used in card-not-present transactions for preventing fraud.
These 2 point-of-action assurances (showing the CVV2 visually and reassuring CVV2 is not stored in a database) should have a positive influence on your conversion rate if you are required to ask this information from customers.
Like This Article?
|
Get New Posts Delivered to You
|
Add to del.icio.us
Sphinn It!
Stumble It
Something to question is whether to actually fail a transaction on a CVV mismatch. We’ve seen some gateways / processors that return CVV errors fairly frequently. The last thing you want to do is lose sales because you believe the CVV or AVS is not matching, when it actually is.
If you do require CVV, which I also recommend, I highly suggest keeping a close eye on CVV errors and declines. Usually they come across as an error, or not available response, but I’ve also seen them marked as a mismatch.
Hi Linda
That’s a really good idea. Thanks.
Some of our clients are sometimes constrained in what they can achieve on the payment screens but where possible we’ll try using this.
Do you know if there are any stats on the reduction in checkout abandonment?
David Sealey
CVV is really a requirement of good card risk management, the banks have a lot to answer for in declines on AVS and CV2, they talk up their desire to decrease fraud but show little interest in helping retailers prevent it!
As we approach 2010, we have gone beyond the problems of conversions due to lack of understanding of CV2 and headlong into the issue of how to push customers through a 3D secure transaction.
I welcome anyone to share their conversion stories on this, this is not something that usually gets publicly tested.
Also, a good addition to the AT&T way is to show the image only when the user’s mouse hover or when the user activates the CVV form field. This way you make the checkout seem more simple and uncluttered at first glance + you have to ability to also show some instructive text below the image.
#Thomas; regarding 3D secure it have huge usability problems. Especially when the customer has to activate it for the first time – they often have to click thru as much as 3 extra screens (besides the normal checkout) of cryptic instructions.
I have to agree on the 3D. We have a merchant processing about $2M per month, and their VBV, Secure code transactions were getting about 50% declined. Consumers have no idea what it is or they forget their PIN, and it simply kills conversions. I would not recommend being a pioneer of 3D until 90% of cardholders have it and know how to use it.
I have to agree on the 3D. We have a merchant processing about $2M per month, and their VBV, Secure code transactions were getting about 50% declined. Consumers have no idea what it is or they forget their PIN, and it simply kills conversions. I would not recommend being a pioneer of 3D until 90% of cardholders have it and know how to use it.
Oops…forgot to say great post! Looking forward to your next one.
It is simply not a case of being a ‘pioneer’ of 3D secure anymore. It is now a stipulation of our contract with our merchant. If you are as big as Amazon you can probably get away with not implementing this but certainly in the UK, retailers are not being given a huge amount of choice. It would seem that the best way to deal with this is to ensure the process is explained to customers at the checkout. Tesco UK is probably one of the better examples of how to execute this and is a model we will look at for our implementation which has been thrust upon us.
3D secure initiative now sending regular notifications to UK online traders warning of fines for companies that do no comply. I believe no company yet has been fined, but this suggests 3D will become standard in UK. The concern is of course that most shoppers will not register a password or indeed know their password.
Here’s a thought: ask for the information in the same sequence it appears on the credit card:
long number
expiry date
cardholder name
3-digit code on back
then you could even have a picture with some arrows showing which bit goes where…
Got to be worth a split test against whatever jumbled-up sequence you use right now.
Here I got the information that I am searching since few days. Thanks for you post. It is helpful.
Unfortunatley professional fraudsters can and do obtain CVV codes of card holders. Additionally, even a clear description of what the CVV is and where it’s located does not provide many consumers with an added level of comfort in providing the information.
No one has ever proved to me that CCV2 does anything but keep good customers from checking out. With all the fishing sites out there, CVV2 checks don’t do much (or so I’ve heard). Does anyone have any data to the contrary? I keep hearing banks say we should have it, but I have yet to see a conclusive study that it works as intended.
I haven’t seen a head-to-head study (split test) but I’ll keep my eyes open.