Payments fraud is an ever-present risk for businesses operating in the digital economy, causing merchants to lose billions of dollars collectively each year. Players in the payments ecosystem are continually innovating to add new layers of protection to protect merchants from falling victim to fraud. One of the most effective measures to emerge in recent decades is the Address Verification Service (AVS) and the ability for merchants to conduct an AVS check.
This article explains:
AVS stands for Address Verification Service, a tool that helps online merchants to authenticate customers. The major card schemes, including Mastercard, Visa, Discover and American Express, offer the service. However, it's worth noting that AVS only applies when the cardholder's address is in the United States, Canada or the United Kingdom.
AVS is a tool online retailers and other card-not-present businesses use to verify the validity of their customers' orders. An AVS check compares the billing address a consumer enters when purchasing with the cardholder's address the issuing bank has on file. The AVS check is performed when the merchant submits a credit card authorization request to the card issuer. The issuing bank then lets the business know whether the addresses fully or partially match (or don't match)—information the merchant can use to decide whether to accept or refuse the transaction.
In a nutshell: AVS is one way to help merchants authenticate the person making the transaction.
Checkout.com customers can simulate an AVS check. Customers can find out how to do that on this documentation page.
There are 3 steps to an AVS check:
Companies usually leverage rules to automatically accept or decline transactions based on their risk appetite.
Although the AVS check codes and the criteria for those codes often differ between payment processors, the AVS will return codes that fall under certain criteria:
Depending on the credit card a customer uses, a one-letter code, such as X or Y, indicates that the street address and the postal code match, which means that the transaction is legitimate and it's ok for the online retailer to approve the transaction.
Sometimes, a customer might enter the correct address, albeit in a format different from that on file. Alternatively, the consumer may have mistyped one digit in the postal code. Since these issues are quite common, online retailers receiving partial match codes from the AVS check must use their best judgment on approving or declining such transactions.
Visa uses the P-code to indicate that the postal code matches, but the street address does not match because the customer entered it in an incorrect format. Mastercard, however, uses the W code to indicate this same scenario. Similarly, Discover uses the Y code when the address matches, but the postal code does not.
Mastercard, Visa, American Express, and Discover all use the N code to indicate that the street address and the postal code do not match. A merchant receiving an N code should either decline the transaction or delay it until the company can verify the address through an alternative method.
Learn more: what is an AVS mismatch?
American Express, Mastercard, and Visa use the R code to alert merchants that the AVS is unavailable. They use the U code to indicate there's no information available because the issuing bank doesn't support AVS or has no information on file. However, Discover uses the U code to indicate that the AVS system is unavailable.
Merchants can find the AVS codes Checkout.com uses here.
The AVS check is a useful tool to help online retailers authenticate legitimate customers and prevent online payment fraud. But it's insufficient in isolation. Card-not-present fraud is incredibly dynamic and complex, that's why merchants should use an AVS check in conjunction with various other layers of protection offered by fraud analytics tools.
Checkout.com's Fraud Detection Pro solution includes an AVS check as well as many other features (IP checks, email, device, payment information & more) that will help merchants detect fraud and enable them to develop a payment risk strategy much more effectively. The more layers of protection online retailers have, the less likely they will become victims of online fraud.