What Is an AVS Response? How It Affects Transactions

The Address Verification System (AVS) is a security tool designed to combat credit card fraud, particularly in transactions where the physical card is not present, such as online purchases or telephone orders. It serves as an important security measure by checking if the billing address provided by a customer matches the address on file with their credit card issuer. This confirms the cardholder’s identity, reducing unauthorized transactions. AVS is widely adopted, providing merchants with an additional data point to assess transaction legitimacy.

How AVS Functions

When a customer makes an online payment, the merchant’s payment processor receives their billing address details. The processor transmits this data to the credit card network (e.g., Visa or Mastercard). The network forwards this data to the issuing bank, which compares the provided street address and ZIP code against its records.

The issuing bank sends an AVS response code back to the card network, which relays it to the payment processor and then to the merchant. This process occurs in near real-time, often within seconds, as part of the transaction authorization request. The AVS check is performed alongside other verifications, such as checking for sufficient funds or validating the CVV.

Interpreting AVS Response Codes

Upon completing an AVS check, the credit card issuer returns a single-letter AVS response code to the merchant, indicating the degree of match between the provided address and the address on file. These codes are standardized but can vary slightly across networks. Understanding them is essential for merchants to assess transaction risk. For instance, ‘Y’ signifies that both the street address and the 5-digit ZIP code match the issuer’s records, indicating high confidence.

‘X’ means the street address and the 9-digit ZIP code match, representing a strong match. ‘N’ indicates that neither the street address nor the ZIP code matches, signaling a high-risk transaction. Partial matches include ‘A’ (street address matches, ZIP code does not) and ‘Z’ (5-digit ZIP code matches, street address does not).

Other codes provide different insights into the verification process. ‘W’ indicates the street address does not match, but the 9-digit ZIP code does. ‘G’ suggests the transaction is for an international card, where AVS may not be fully supported. ‘U’ or ‘S’ mean the issuing bank does not support AVS, has no address information on file, or the service is unavailable.

‘R’ indicates a system retry or an inability to process the request. ‘E’ denotes that AVS data is invalid or that the address is not on file with the issuer. Each code provides nuanced information for merchants, allowing for a more granular assessment.

Transaction Decisions and AVS

Merchants use AVS response codes as a key component in their fraud prevention strategies. A full AVS match (e.g., ‘Y’ or ‘X’) generally suggests a lower risk and often leads to automatic transaction approval. Partial matches (e.g., ‘A’ or ‘Z’) might trigger a more cautious approach.

A partial match could prompt a merchant to manually review the transaction, seek additional verification, or decline it based on their risk tolerance. If the AVS response indicates no match or service unavailability, merchants often configure their systems to automatically decline the transaction due to heightened fraud risk.

The decision to approve, decline, or flag a transaction rests with the merchant, often guided by their configurable fraud rules. AVS integrates with other fraud detection tools, such as CVV verification and IP address analysis, to create a comprehensive security framework. This multi-layered approach helps merchants balance approval rates with effective fraud mitigation.