AVS and security code checks
The Address Verification System and security code checks provide you with a further level of security to a transaction, allowing additional checks regarding the validity of the address and security code information supplied by the customer.
Introduction to AVS
A customer’s address is checked against the address that the card issuer holds for that card. The issuing bank will indicate to the acquiring bank whether there is a match between the entered address and the registered card address. The checks performed are focused on the house number and postcode provided by the customer.
Introduction to security code checks
The security code is a three or four digit number printed on credit and debit cards. It is not stored by Secure Trading, and also must never be stored by merchants.
Here is how the AVS and security code checks fit into the standard payment process:
Depending on your account configuration, Secure Trading may perform certain actions on the transaction if the results of the AVS and security code checks do not meet a required standard. This behaviour is configured as part of your security policy (scroll down for further information on the security policy).
Supported cards and banks
The availability of the AVS and security code check facility is dependent on the acquiring bank and card issuer, although it should be noted that most cards support this functionality.
The ability to conduct address checks is dependent on the location of your acquiring bank in relation to the location of the issuing bank of the card being presented. Most acquirers do support the process but only on locally issued cards. All UK cards and a number of US cards are address checked by all UK acquirers.
Security code checks are performed on all Visa, Mastercard and American Express branded cards worldwide and the results are checked internationally by all acquirers.
Please contact our Support team for further information on supported acquirers and card types.
For checks to be successfully performed on the customer’s details, your system will need to submit the cachetoken, billingpostcode and billingpremise in an AUTH or ACCOUNTCHECK request.
If your system does not submit the required information for the checks, we will return a “Not given” response.
There are four different possible responses following AVS and security code checks. Each response is assigned a distinct code, as shown in the following table:
|0||“Not given”||Your acquirer was not provided with the information required to perform this check.|
|1||“Not checked”||Your acquirer was unable to perform checks on the information provided.|
|2||“Matched”||The information provided by the customer matches that on the card issuer’s records.|
|4||“Not matched”||The information provided by the customer does NOT match that on the card issuer’s records.|
Together, the AVS and security code checks consist of three total checks, and we assign a response code for each:
- Card security code
- Billing postcode
- Billing premise
Your account’s security policy consists of preferences on how we respond to instances where the address (premise & postcode) and security code entered by the customer does not directly match those found on the card issuer’s records. We can automatically suspend transactions that return certain response codes:
To discuss or make changes to your security policy, please contact the Support team.
You can perform AVS and security code checks without debiting the customer. This is achieved by performing an Account Check. Click here to learn more about Account Checks.
We recommend that you thoroughly test your solution before processing live payments.
Click here for test card details that you can submit when testing.
3-D SecureAccount checks