We've been getting too many errors on our shop with the Sagepay error 2001 (Authorisation was Rejected by the vendor rule-base), failing when the address given by the user doesn't 100% match the address held by the bank. I think the issues has often been apartment/flat numbers and addresses with both house names and numbers.
We're thinking of taking address verification checks off our Sagepay rule-base and just using CV2 checks (95% of our orders are from the UK) but that increases our likelihood of frauduelent transactions.
Integrating PAF or a similar database with our site would help the end user with not having to enter an address. But would it help with bank address validation on Sagepay?
We use accept CV2 only and have never had a fraudulent transaction in 10 years although we are a low risk business. What SagePay don't tell you is that usually the 'Rejected by Vendor Rules' message is because the Customer has selected the wrong card type (for example they have clicked that they are using a Visa Debit but are trying to enter the number from their Visa Credit card). We are calling Customers multiple times every day to get them to pay over the phone as they are bewildered why their Card are not going through and eventually give up. It's idiotic that the Customer has to select the card type, it should pick it up automatically like 99% of the other card processors. SagePay are aware of it but don't seem bothered about it from the discussions I have had with them.