Menu

Risk Settings


Worldpay risk settings allow you to reduce fraud on your website or app.

Fraud risks are constantly changing. That's why Worldpay puts significant resources into staying ahead of the trends in fraud management, saving you the large expenses associated with managing fraudulent transactions.

Worldpay checks every transaction against a minimum of 200 validation tests in less than a second. This ensures a higher incidence of legitimate transactions and reduces false sales and chargebacks.

For this aspect of Worldpay, we have preset all our validation tests to values which we know work well for the majority of businesses. There are two gate settings that you can set yourself: Address Verification and Card Security Code .

3D Secure, also known as "Verified by Visa" and "MasterCard SecureCode", is detailedhereand in ourAPI Reference.

Address Verification Gate

Address Verification System (AVS) checks the address provided by your customer against the information that this customer's bank has on file, producing either a full, partial or mis-match. AVS is used by all UK and USA card issuers and by certain issuers in other countries.

If AVS gate is enabled, Worldpay will automatically decline all transactions which produce an AVS mis-match, disregarding any other risk indicators. Partial matches will not automatically be declined due to this check alone, and the same for transactions where AVS is not available from the customer's bank, in order to avoid creating too many missed orders for you. However this means that AVS cannot be your only defence against fraud, and for this reason, Worldpay strongly recommends that you also enable the Card Security Code check.

When a transaction is declined due to an AVS mismatch, we will populate the PaymentReasonCode attribute in the order response with this information.

You can find your AVS gate setting inSettings: Risk.

Card Security Code Gate

The Card Security Code is the 3-digit number on the back of the card, or for Amex the 4-digit number on the front of the card.

The Card Security Code gate ensures that the code provided by your customer matches that on file at their bank. When you have enabled the gate we will automatically decline transactions where there is a mismatch, disregarding any other risk indicators.

When a transaction is declined due to a CSC mismatch, we will populate the PaymentReasonCode attribute in the order response with this information.

You can find your Card Security Code gate setting inSettings: Risk.

The Address Verification and Card Security Code settings are both enabled by default when you sign up to Worldpay.

Enhancing Risk Checking Effectiveness

Risk checking increases in effectiveness when more information is provided about an order.

We recommend that the following details are included with every order:

  • Full Name
  • Billing Address of Card / Payment Method (necessary for AVS checking)
  • Delivery / Shipping Address
  • Shopper Email Address
  • Shopper IP Address
  • Shopper session ID on your site

Details on how to include these details in your orders can be found in theAPI Reference.