Logo

AVS

AVS, billing address verification, address verification

Reading time6 min

← Back to glossary

AVS (Address Verification Service) is a fraud prevention system that compares the billing address provided by a customer during checkout with the address on file at the card-issuing bank. Merchants use this system during card-not-present transactions to verify customer identity. The issuing bank returns a specific response code indicating whether the street numbers and postal codes match.

AVS acts as a security filter that validates a cardholder billing address against the issuer records to detect unauthorized card usage. This verification step occurs seamlessly within the payment processing flow during the initial authorization request. Properly configuring AVS rules matters for merchants because overly strict settings can trigger false declines, while balanced rules help reduce payment issues without compromising the overall transaction approval rate.

Why do merchants use AVS?

Merchants rely on Address Verification Service primarily to combat fraud in e-commerce and mail-order environments. In a card-not-present scenario, the merchant cannot physically inspect the credit card or check a customer ID. AVS provides an extra layer of confidence that the person entering the card details is the legitimate account holder.

When a bad actor purchases stolen credit card numbers, they often lack the accompanying billing address. By requiring a valid address at checkout, merchants can block fraudulent attempts even if the card number and expiration date are correct.

Beyond fraud prevention, utilizing AVS can also result in lower processing fees. Card networks like Visa and Mastercard often provide better interchange rates for transactions that include address verification data, as these transactions carry a lower risk of chargebacks.

How does AVS work in the payment processing flow?

Address verification happens in milliseconds during the standard checkout process. The process relies strictly on the numeric values of an address rather than the text.

Here is the step-by-step transaction flow:

  • The customer enters their payment details and billing address to complete an order.
  • The merchant payment gateway extracts the numeric portion of the street address and the ZIP or postal code.
  • The gateway packages this data alongside the transaction amount and card details into the payment authorization request.
  • The issuing bank receives the request and compares the numeric address data against the cardholder profile on file.
  • The issuer returns an AVS response code to the merchant gateway.

It is important to understand that the issuing bank rarely declines a transaction solely because of an AVS mismatch. If the account has sufficient funds, the issuer will typically approve the financial authorization but attach a negative AVS code. The merchant payment gateway then decides whether to proceed or trigger a transaction declined event based on the merchant customized security rules.

What do AVS response codes mean?

When the issuing bank evaluates the address data, it sends back a single-letter code representing the result. Understanding this issuer response is critical for troubleshooting checkout issues and configuring gateway rules.

While specific codes vary slightly between card networks, they generally fall into three categories. Full match codes indicate that both the street address and postal code match the bank records. Partial match codes mean that only the postal code or only the street address matches. No match codes indicate that neither data point aligns with the issuer records.

Common response codes include:

  • Y: Exact match for both street address and 5-digit ZIP code.
  • Z: 5-digit ZIP code matches, but the street address does not.
  • A: Street address matches, but the ZIP code does not.
  • N: Neither the street address nor the ZIP code matches.
  • U: AVS is unavailable or the issuer does not support it.

Merchants must decide which codes are acceptable for their business risk tolerance. Automatically declining every partial match will stop fraud but will also block legitimate customers who recently moved or made a typo.

How does AVS impact transaction approval rates?

Strict AVS rules can create significant friction in the customer journey. If a legitimate customer enters an abbreviation or formats their apartment number in a way the issuer system does not recognize, they may find their card declined despite having plenty of available funds.

This creates a balancing act for payment teams. Setting rules too tight causes false positive declines, which frustrates customers and hurts revenue. Setting rules too loose exposes the business to chargebacks and higher fraud costs.

To optimize transaction approval rates, many merchants accept partial matches but route those transactions through secondary fraud screening tools. They might look at the customer IP address, device fingerprint, or purchase history to make a final decision rather than relying on AVS alone.

AVS vs CVV verification

Both AVS and CVV (Card Verification Value) are essential tools for securing card-not-present transactions, but they verify different things.

AVS checks whether the buyer knows the billing information associated with the account. CVV checks whether the buyer is in physical possession of the credit card, as the 3-digit or 4-digit security code is printed on the card but not stored in the magnetic stripe or merchant databases.

Using both systems together provides a strong defense. A transaction that passes a CVV check but fails an AVS check might just be a legitimate customer shipping a gift to a new address. A transaction that fails both checks is almost certainly fraudulent.

How should merchants handle AVS-related payment failures?

When a transaction fails due to an address mismatch, the merchant has to decide how to recover the sale. Simply submitting the exact same payment authorization request will almost always result in the same failure.

In e-commerce scenarios, the best practice is to prompt the customer to re-enter their billing address, explicitly reminding them to use the address associated with their bank statement.

For recurring billing, outdated address data is a massive driver of subscription payment issues. Customers move frequently and forget to update their billing profiles. In these cases, intelligent retry strategies are necessary. A platform like SmartRetry handles payment optimization and intelligent retries of declined payment transactions by analyzing the exact decline codes. If an AVS mismatch causes a recurring failure, the system can systematically retry failed payments without passing the outdated address data, helping merchants recover revenue and improve transaction approval rates.

Understanding the mechanics of AVS is a cornerstone of effective payment recovery. By reading the issuer response correctly and adjusting rules dynamically, merchants can reduce payment declines and maximize their legitimate revenue.

Frequently asked questions about this term

AVS is a fraud prevention check that compares the billing address entered at checkout with the address on file at the card issuer during card-not-present transactions.
The gateway sends the numeric street address and ZIP or postal code in the authorization request. The issuer compares them to its records and returns an AVS response code.
No. The issuer often approves the financial authorization and returns a mismatch code. The merchant or gateway then decides whether to accept or decline it.
AVS checks whether the buyer knows the billing address on the account. CVV checks whether the buyer has the card’s printed security code.
Rules that are too strict can cause false declines from typos or formatting differences. Balanced AVS settings help reduce fraud while protecting legitimate approvals.

Share this article