Strategies for Managing Credit Card Payments
> Credit card number maintenance: For the convenience of your customers, maintain a database of the credit card numbers each customer has used. This will facilitate future orders. Your e-commerce software, or the application that maintains your customer database, should provide a method to encrypt all but the final four characters of the number along with the expiration date. The encrypted data will get passed with the order in its encrypted state to the gateway. Customers with secure, password-authenticated access should be able to update the expiration date of a card; if they need to change the card number (for a reissue of a lost card, etc.) they can delete the original card and enter data for a new one.
> Address Verification Service (AVS): As part of fraud prevention, many merchants choose to send the house number of the customer's address and the ZIP code along with authorization and charge data. The interchange party will determine if these match the data on file for the billing address of that card. Use of this AVS data also will reduce your interchange processing fee. (You decide whether a non-match or partial match should preclude shipping the order; you are at liberty to ignore it, although your chargeback fees may be higher if you incur one on a non-AVS-approved charge).
> Credit card ID codes: These are the three-digit and four-digit non-embossed codes printed on credit cards for security purposes (referred to as CCVS, CVC2 or CID). You should request these in your shopping cart, and your gateway and service bureau should be able to pass them on to the interchange party.
> Verified by VISA and Verified by MasterCard Secure Code programs: Both of these allow a customer to enter a password—maintained by the card issuer—to verify identity. If your shopping cart supports this, so should your gateway and service bureau.