About AVS and CVV Security
Address Verification Service (AVS) is a tool provided by credit card processors and issuing banks to merchants in order to detect suspicious credit card transactions and prevent credit card fraud. The AVS checks and verifies that the billing address submitted by the card user with the cardholder's billing address on record at the issuing bank.
AVS response codes are returned to the merchant during the authorization process, and the merchant can decide whether to approve or decline the transaction.
Card Verification Value (CVV) is an additional layer of security for credit or debit card transactions that helps verify that the person making the transaction physically possesses the card. On Visa, MasterCard, and Discover cards, the CVV is a 3-digit number printed on the back of the card, usually near the signature strip. On American Express cards, it's a 4-digit number printed on the front, above the card number.
Both security measures work together to prevent credit card fraud, especially in “card-not-present" transactions.
EPASS Pay and CTP AVS and CVV security options can be configured to either Allow, Prompt for verification, or Reject payment transactions that do not meet specified security criteria. We recommend that you review these settings and adjust them in accordance to your unique payment security needs.
In EPASS, AVS security applies to card-not-present transactions only (Form Keyed or Card on File). CVV security is ignored for card present transactions.
Accessing AVS and CVV Options in EPASS
-
Go to Tools > System Maintenance > Variables > EPASS Pay.
-
Click the AVS & CVV tab.
info- The image above shows the default AVS and CVV settings.
- These settings only apply to EPASS and Mobile Tech (not Click to Pay).
AVS and CVV Response Code Definitions
The majority of AVS and CVV response codes are self-explanatory, but there are a few that require a more detailed explanation.
AVS Codes
| Code | Definition |
|---|---|
| B - Incompatible formats (postal code): Street addresses match. Postal code not verified due to incompatible formats. AND C – Incompatible format (all information): Street address and postal code not verified due to incompatible formats | The address information provided in the transaction could not be verified because the format does not match the format expected by the card issuer. Entering the postal code without the expected formatting could cause this problem. For example, not including a space for a Canadian postal code (M4B 1B3 vs M4B1B3) would trigger this error. In addition, since AVS is primarily used in the U.S, Canada, and the U.K., attempting to process a card from a different country with an unexpected address format could also cause this error. |
| E – Edit error: For example, AVS not allowed for this transaction | The transaction was not eligible for AVS processing, possibly due to the type of card, the country of origin, or how the transaction was configured. AVS may not be allowed for certain transactions, such as non-U.S./Canada/UK transactions or recurring billing. |
| R – Retry: System unavailable or timed out | The AVS system was not reachable or did not respond in time during the transaction attempt. This error should only be temporary and can be resolved by trying the payment again. |
| S – Service not supported: issuer does not support AVS | The AVS check could not be performed because the card-issuing bank does not offer AVS as a service. Many non-U.S., non-Canadian, and non-U.K. banks do not support AVS. Some banks do not participate in AVS, even for standard credit or debit cards. |
| 0 – No address verification has been requested | The transaction was submitted without requesting an AVS check, so no address data was validated. This will occur for cards saved on file. |
CVV Codes
| Code | Definition |
|---|---|
| U – Issuer is not certified for CVV processing | The card-issuing bank does not support or is not certified to process CVV verification requests. Some international banks may not support CVV verification. In addition, certain card types (such as corporate credit cards) may not support CVV validation. Generally, A "U" response doesn't mean the CVV is wrong—just that it couldn't be verified. |
| X – Service provider did not respond | Indicates a network error and a response was not received in time. This error should only be temporary and can be resolved by trying the payment again. |
Viewing AVS and CVV Codes on Transactions in Merchant Track
AVS and CVV codes are recorded on each transaction, which you can view in Merchant Track.
-
Open Merchant Track by clicking the Merchant Track button on the toolbar.
-
Search for a transaction.
-
Click the Transaction ID link.
-
Scroll down to Processing Details to view the AVS and CVV response codes for the transaction.
