RFA Protect is included with all accounts
(CSC, CV2) Security Code Checking
The card security code (CSC) is a security feature for credit or debit card transactions, providing increased protection against credit card fraud.
This CSC is often asked for by merchants for them to secure "card not present" transactions occurring over the Internet, by mail, fax or over the phone. In many countries in Western Europe, due to increased attempts at card fraud, it is now mandatory to provide this code when the cardholder is not present in person.
The CSC is a three or four-digit value printed on the card or signature strip, but not encoded on the magnetic stripe.
AVS - Address and Postcode Verification
AVS is used to validate that the purchaser knows the the card holder address and thus providing an improved fraud protection model.
AVS works by a user forwarding a full address and full postcode. A check is performed by only using the numerics of the address or postcode to validate against that which is stored by the card issuer. Using numerics only prevents issues with formatting of an address, spelling or abbreviated names which are commonly used for addresses.
Numerics are then forwarded to the merchant's acquirer for processing, in turn the acquirer generally forwards this request to the card issuer or card scheme for authorisation including these numerics. These values are then checked against the record on file and a response returned.
At the response stage a transaction may be authorised yet include information containing the result of AVS checking. The decision is then made automatically in the payment gateway whether to accept the transaction. A transaction is subsequently cancelled on line to the acquirer.
Connections between your server and the gateway is encrypted with industry standard high strength ciphers and is maintained as part of our security compliance programme.
Default hot list checking
CityPay maintain a global list of hot list cards which are checked on every transactions. Matches are rejected in real time.
Network and referral access lists
Calls into the gateway are restricted by API calls and checked against a series of access lists tailored to the API.