Card Verification for Card Not Present Transactions

The Square Best Practices for accepting Card Payment say:

Ask a customer to provide the card number, the name on the card, billing address, expiration date, and CVV code on the back of the card.

What is the reason for capturing the customer’s billing address? Is there value in passing it to Square, or is it just for the merchant to verify that the zip matches what is on the card?

When charging a customer card, does square use the customer’s stored address to provide additional verification? If no, if billing_address is passed on the Create Payment request, is that used to provide additional verification? Is more than just the zip code used in this verification?

What fields should a merchant store on the Customer or pass in the Create payment API call if they want to have maximum fraud protection / verification of the card?

Does “Strong Customer Authentication” work or provide any value in the US, or is it just for EU use?

Thanks in advance for your answers.

Hey @derek welcome to the forums!

To answer your question, the billing address definitely helps in the case of a dispute. Basically, the more data the customer provides, the further it looks like a real payment and assuming the merchant is legitimate, would help protect the Square Seller from losing disputes (obviously not a guarantee, though).

As for if Square uses it for verification: I can’t really go into the details of what we use, or how we use it, but as I mentioned above: typically the more data the better.

Regarding SCA, it will only help in the EU as of now. It’s up to the banks to actually request customer authentication, so if banks do not request it, then the customer will never be asked to authenticate (thus verifyBuyer within Square will always succeed).