Fraud Detection Suite (FDS)
IMPORTANT: Understanding Roles & Responsibilities Orchid does not process credit card transactions, store cardholder data, or serve as a payment processor. Your payment processing is handled by First American Payment Systems (FAPS), your merchant services provider. This guide is provided by Orchid in the best interest of our clients to help you understand and utilize the fraud prevention tools available through your FAPS 1st Pay Gateway. Proper configuration and monitoring of these tools is essential to protecting your business. |
The sporting goods and firearms industry is a prime target for fraud. Optics, firearms accessories, and other high-dollar items are easily resold for cash, making businesses like yours attractive to criminals using stolen credit cards.
While having an online presence helps market and grow your sales, it comes with inherent risks. Fraudsters actively seek out retailers selling high-value merchandise that can be quickly converted to cash. Although some fraud control systems are not full proof, absent proper employment of those provided by FAPS could result in:”
Chargebacks and lost merchandise – You lose both the product and the payment
Processing fees and penalties – Excessive chargebacks can result in fines or account termination
Reputation damage – Fraud incidents can affect customer trust and business relationships
Operational disruption – Time spent managing disputes instead of growing your business
Your best defense: Properly configure your fraud detection controls in the 1st Pay Gateway and actively monitor your transactions and chargebacks. This guide will show you how.
Your 1st Pay Gateway includes powerful fraud screening tools that can automatically decline suspicious transactions. These controls compare information provided by the customer against data on file with the card-issuing bank.
The FAPS Fraud Detection Controls can be found here - https://support.1stpaygateway.net/transaction-center.aspx?article=configure-fraud-screening. See below for additional information on the settings contained therein. If you need to reach FAPS for any reason, or if you seek further guidance on this matter, please contact:
Due to the inherently risky nature of our industry and rumored attempts to promote fraud, FAPS will now default all of your fraud detection controls to on. While this might be untraditional, or perhaps overkill in some respects, we take such matters very seriously and thought to save you time as you review the guide and make such control decisions based on your own business or as might be recommended by FAPS. If you believe any controls should be disabled, simply log in and turn them off.
AVS compares the billing address provided by the customer with the address on file at the card-issuing bank. Mismatches can indicate fraud, the person using the card may not know where the legitimate cardholder lives.
These settings are strongly recommended to enable:
| Code | Response | What It Means |
| N | No match on address or ZIP | STRONGEST FRAUD INDICATOR – Neither address nor ZIP matches. The person using the card doesn't know where the cardholder lives. RECOMMENDED TO REJECT. |
| U | Address info unavailable | Bank has no address on file for cardholder. Can occur with prepaid cards or certain business accounts. |
| S | AVS not supported by bank | Card-issuing bank doesn't support AVS verification. Some smaller banks and credit unions fall into this category. |
These codes apply to cards issued by U.S. banks:
| Code | Response | What It Means |
| A | Address matches, ZIP does not | Street address matches bank records but ZIP code doesn't. Could indicate a typo, recent move, or potential fraud. |
| W | 9-digit ZIP matches, address does not | Full 9-digit ZIP matches but street address doesn't. Could indicate data entry errors or address formatting issues. |
| Z | 5-digit ZIP matches, address does not | ZIP matches but street address doesn't. Common partial match – could be typos or potential fraud. |
| R | System unavailable, retry | AVS system temporarily unavailable. Technical issue, not a fraud indicator. Rejecting provides maximum security but may decline legitimate sales. |
| O | No response sent | Card-issuing bank did not respond. Communication failure rather than fraud signal. |
| E | AVS Error | System error during AVS check. Verification couldn't be completed due to technical issues. |
These codes apply to cards issued by non-U.S. banks:
| Code | Response | What It Means |
| B | Address matches, ZIP not verified | Address matches but postal code couldn't be verified due to incompatible international formats. Common with legitimate international orders. |
| P | ZIP matches, address not verified | Postal code matches but address couldn't be verified due to international formatting differences. |
| G | Non-US bank doesn't participate | Card issued by non-US bank that doesn't support AVS. Very common for legitimate international customers. Rejecting 'G' will block most international orders. |
CVV2 is the 3 or 4 digit security code printed on the card. Because merchants cannot legally store CVV2 codes, they are rarely compromised in data breaches. Requiring and verifying CVV2 proves the customer has physical possession of the card.
| Code | Response | What It Means |
| N | No match | STRONG FRAUD INDICATOR – CVV2 doesn't match bank records. Person doesn't have physical card possession. HIGHLY RECOMMENDED TO REJECT. |
| S | CVV2 should be present but wasn't provided | Card requires CVV2 but none was submitted. May indicate use of card data from a breach (CVV2 isn't stored). |
| P | Couldn't be processed | Technical or processing error prevented CVV2 verification. Security check didn't happen. |
| U | Issuer not certified for CVV2 | Card-issuing bank isn't set up to verify CVV2 codes. Relatively rare with major issuers. |
RECOMMENDED: At a minimum, “Require CVV2 in Direct and Process Gateways" – This mandates that all transactions must include a CVV2 code. Transactions without one will be automatically declined, providing strong fraud protection. |
Because we take fraud seriously, we have implemented additional fraud prevention measures on your behalf:
IP Address Blocking: Automatically blocks an IP address if 5 declines are received from that address within 5 minutes
Address Mismatch Review: Orders flagged for review when shipping address doesn't match billing address
3rd Party Services: Soon, Orchid will make available access to an optional 3rd party service provider that offers “chargeback” insurance. Such providers validate the transaction and if they are proven to be incorrect, the cost of the lost merchandise or chargeback will be covered.
Manually review high-risk orders before fulfillment. Flag and review orders with:
Large order values, especially from new customers
Expedited or rush shipping requests on expensive items
Mismatched billing and shipping addresses
Shipping to freight forwarders (unless vetted)
Typos, gibberish names, or suspicious contact information
Free email domains (gmail, yahoo) on high-value orders
Customer unwilling to provide verification when requested
Request email confirmation of order details
Call the customer to verify (use phone number on file, not one provided in order)
Ask customer to confirm last 4 digits of card
For very high-risk orders: request photo ID matching the card name
Configure your checkout to reduce risk without killing legitimate sales:
Limit or disable guest checkout for high-value orders
Require account login for expensive items
Block or flag mismatched billing and shipping countries
Flag multiple cards used on one account
Require signature for high-value orders – This provides proof of delivery and reduces "item not received" claims
Use tracked shipping only – Never ship without tracking
Avoid reshipments without thorough verification
Be cautious shipping to freight forwarders or known high-risk regions
Active monitoring is essential. Track all disputes and identify patterns:
Review chargeback reasons – Are they fraud claims or service issues?
Identify common fraud signals in disputed orders
Use chargeback alerts to act before disputes finalize
Maintain records of all shipping confirmations and customer communications
For detailed instructions on configuring your fraud screening settings, visit [xxxx]
You acknowledge and agree that the fraud detection services provided by Orchid are provided solely as an aid to assist in identifying potential fraudulent activity. Orchid makes no representations, warranties, or guarantees of any kind, whether express or implied, that the fraud detection services will detect, prevent, identify, or eliminate any or all instances of fraud, errors, or unauthorized activity. Without limiting the foregoing, Orchid does not guarantee the accuracy, completeness, timeliness, or effectiveness of the fraud detection services. Orchid shall have no liability arising from or related to any failure of the fraud detection services to detect or prevent fraud.
You further acknowledge and agree that you cannot rely exclusively on the fraud detection services implemented by Orchid for fraud prevention or detection and that you remain solely and fully responsible for implementing appropriate safeguards, exercising independent judgment, and conducting ongoing monitoring, review, and investigation of potential fraud.