Criminals targeting the web are taking advantage of a loophole in an online payment verification system used by retailers, according to research.

It is understood that a glitch was spotted in the address verification system (AVS), a popular identity verification system used by credit card companies and banks on behalf of retailers.

Under the system, identities are checked by matching the house number and postcode associated with the cardholder records, but e-criminals are now bypassing the verification standard by using alternative addresses with the same house number and digits in a different postcode, which is then accepted by AVS.

The loophole allows fraudsters to almost guarantee that retailers have no means of verifying the information, so transactions are successfully completed, according to the research, which follows the news that up to 38,000 customer records were stolen from the database of UK clothing retailer Cotton Traders.

The research was carried by out by fraud protection specialists The 3rd Man.