The Address Verification System (AVS) is a system used to verify the address of a person claiming to own a credit card. The system will check the billing address of the credit card provided by the user with the address on file at the credit card company. The other security features for the credit card include the CVV2 number.
AVS is used when the merchant verifies credit card data, such as billing address and zip code, against the Visa/MasterCard billing information of the cardholder. AVS verifies that the billing address of the credit or debit card matches the address that was given by the customer. Because AVS only verifies the numeric portion of the address, certain anomalies like apartment numbers can cause false declines; however, it is reported to be a rare occurrence.
AVS verifies the numeric portions of a cardholder's billing address. For example, if the address is 101 Main Street, Highland, CA 92346, in the United States, AVS will check 101 and 92346. Cardholders may receive false negatives, or partial declines for AVS from eCommerce verification systems, which may require manual overrides, voice authorization, or reprogramming of the AVS entries by the card issuing bank.
A quick overview of PayPal's AVS levels--there are four: No, Full, Medium, and Light.
- No is the default setting, and applies NO SECURITY CHECKS. It accepts the transaction even if the addresses don't match at all.
- Full only accepts the order if the street AND zip code match.
- Medium accepts the order if the street OR zip code match.
- Light accepts almost all orders, unless the information doesn't match whatsoever.
You can adjust these settings by following these steps:
- Log in to your Paypal Manager Account. (http://manager.paypal.com)
- Click Service Settings.
- Find the Hosted Checkout Pages heading, and click Set Up.
- Find the Security Options heading, and choose the level of AVS you want. (Ideally Full.),
- Click Save Changes. You're done!
Authorize.Net's AVS settings work in a similar way, but instead of PayPal's three options (matches, does not match, not on file), Authorize.Net has a list of codes:
The default settings:
Want to simplify the process? If you only implement one AVS security check, MAKE SURE IT IS N. N is the most important check--it makes sure that any blatantly obvious mismatched addresses do not go through.
Also, remember that Y is your desired response. You want the addresses to match. Make sure that in your settings, you do not select "Y" as a security code. If you do this, addresses that DO match (and therefore, orders that are perfectly legitimate) will be blocked.
To configure your settings, follow these easy steps:
- Log in to your account at account.authorize.net.
- Find the main toolbar and click Account.
- Select Settings.
- Find the Security Settings section, and click Address Verification Service.
- Go through the list, decide which AVS codes you want to reject transactions, and check those boxes.
- Click Submit. You're done!
SecureNet works much the same as Authorize.Net, and uses these codes for the system:
Changing the settings is fairly easy. Just follow these steps:
- Go to terminal.securenet.com and log in.
- Find the top menu bar and click "Tools."
- Find the bullet point that reads "Fraud Protection--Prevent & Identify Fraudulent Transactions," and click on "AVS Verification."
- Click on the box that requires fraud protection for ONLY eCommerce and MOTO transactions.
- In the "AVS Validation Issue/Problem or Both Street Address and Zip Code Does NOT Match" section, click all the appropriate boxes.
- Do the same in the "Reject If Street Address Matches, but 5- or 9- digit does not" section.
- Do the same in the "Reject If Zip Code Matches but Street Address Does NOT Match" section.
- Click submit. You're done!
It is important to find a good balance when adjusting your AVS settings. Mind you the more strict, the more transactions that will be blocked; both potentially fraudulent and legitimate. You can always reference failed transactions by:
1. Looking up Failed Orders
2. Transaction Details
These details will reveal information on why the checkout was declined. Here is an example:
TIMESTAMP = 2014-05-29T19:14:57Z
CORRELATIONID = xxxxxxx3f4d
ACK = Failure
VERSION = 76
BUILD = 11165465
L_ERRORCODE0 = 11611
L_SHORTMESSAGE0 = Transaction blocked by your settings in FMF
L_SEVERITYCODE0 = Error
L_ERRORPARAMID0 = ProcessorResponse
L_ERRORPARAMVALUE0 = 0000
AMT = 411.74
CURRENCYCODE = USD
AVSCODE = N
CVV2MATCH = M
By referencing the AVS codes, we can see that PayPal denied the transaction because the Cardholder Address and Postal Code entered at checkout did not match the cardholders billing information.
AVS and CVV2 Response Codes (- PayPal Developer)
Transaction Response (- Authorize Net)
AVS and CVV2 Response Codes (- Secure Net)
Address Verification System Wikipedia