The Address Verification System (AVS) is a system used to verify the address of a person claiming to own a credit card. The system will check the billing address of the credit card provided by the user against the address on file at the credit card company. The other security features for the credit card include the CVV2 number. AVS is used when the merchant verifies credit card data, such as billing address and zip code, against the Visa/MasterCard billing information of the cardholder. AVS verifies that the billing address of the credit or debit card matches the address that was given by the customer.
Because AVS only verifies the numeric portion of the address, certain anomalies like apartment numbers can cause false declines; however, it is reported to be a rare occurrence. AVS verifies the numeric portions of a cardholder's billing address. For example, if the address is 101 Main Street, Highland, CA 92346, in the United States, AVS will check 101 and 92346. Cardholders may receive false negatives, or partial declines for AVS from eCommerce verification systems, which may require manual overrides, voice authorization, or reprogramming of the AVS entries by the card issuing bank.
A quick overview of PayPal's AVS levels--there are four: No, Full, Medium, and Light.
- No is the default setting, and applies NO SECURITY CHECKS. It accepts the transaction even if the addresses don't match at all.
- Full only accepts the order if the street AND zip code match.
- Medium accepts the order if the street OR zip code match.
- Light accepts almost all orders, unless the information doesn't match whatsoever.
You can adjust these settings by following these steps:
- Log in to your PayPal Manager Account. (http://manager.paypal.com)
- Click Service Settings.
- Find the Hosted Checkout Pages heading, and click Set Up.
- Find the Security Options heading, and choose the level of AVS you want. (Ideally Full)
- Click Save Changes. You're done!
Authorize.Net's AVS settings work in a similar way, but instead of PayPal's three options (matches, does not match, not on file), Authorize.Net has a list of codes:
Want to simplify the process? If you only implement one AVS security check, MAKE SURE IT IS N.
N is the most important check--it makes sure that any blatantly obvious mismatched addresses do not go through.
Also, remember that Y is your desired response. You want the addresses to match. Make sure that in your settings, you do not select "Y" as a security code. If you do this, addresses that DO match (and therefore, orders that are perfectly legitimate) will be blocked.
To configure your settings:
- Log in to your account at account.authorize.net.
- Find the main toolbar and click Account.
- Select Settings.
- Find the Security Settings section, and click Address Verification Service.
- Go through the list, decide which AVS codes you want to reject transactions, and check those boxes.
- Click Submit. You're done!
Conclusion
It's important to find a good balance when adjusting your AVS settings. The more strict your settings are, the more transactions that will be blocked; both potentially fraudulent and legitimate.
Sources Cited:
AVS and CVV2 Response Codes (- PayPal Developer)
https://developer.paypal.com/docs/classic/api/AVSResponseCodes/#avs-response-codes
Transaction Response (- Authorize Net)
AVS and CVV2 Response Codes (- Secure Net)
http://spos.securenet.com/WebHelp/fraud_protection/AVS_Verification_Settings.htm
Address Verification System Wikipedia