Contents

AVS and security code checks

The Address Verification System and security code checks provide you with a further level of security to a transaction, allowing additional checks regarding the validity of the address and security code information supplied by the customer.

 

Introduction to AVS

A customer’s address is checked against the address that the card issuer holds for that card. The issuing bank will indicate to the acquiring bank whether there is a match between the entered address and the registered card address. The checks performed are focused on the house number and postcode provided by the customer.

 

Introduction to security code checks

The security code is a three or four digit number printed on credit and debit cards. It is not stored by Secure Trading, and also must never be stored by merchants.

Disabled
It is imperative that you never store the customer’s security code.
Please ensure that no log files or databases contain the security code information on your system.

The number is often printed on the back of the card, on the signature strip.

back of card

Alternatively, on American Express cards the security code can be found on the front of the card, on the right–hand side, above the embossed card number.
front of card

The security code that the customer has entered is checked against the security code that the card issuer holds for their card. The issuing bank will indicate to the acquiring bank whether there is a match between the entered security code and the correct security code associated with the card.

 

Process overview

Here is how the AVS and security code checks fit into the standard payment process:

1
The customer agrees to a payment on your website and you submit an AUTH request to Secure Trading. The address and card details are passed on to your bank.
2
Your bank will then contact the customer’s bank to check whether the details entered by the customer matches the details held on their records.
3
These results are returned to Secure Trading, which assigns response codes and returns this information to you in the AUTH response.

Depending on your account configuration, Secure Trading may perform certain actions on the transaction if the results of the AVS and security code checks do not meet a required standard. This behaviour is configured as part of your security policy (scroll down for further information on the security policy).

Info
Some acquirers will use the results of the AVS or security code checks to decline the transaction, if either the address or security code entered by the customer is incorrect. Others will authorise the transaction and allow you to decide whether or not to continue with the transaction.

 

Requirements

 

Supported cards and banks

The availability of the AVS and security code check facility is dependent on the acquiring bank and card issuer, although it should be noted that most cards support this functionality.

The ability to conduct address checks is dependent on the location of your acquiring bank in relation to the location of the issuing bank of the card being presented. Most acquirers do support the process but only on locally issued cards. All UK cards and a number of US cards are address checked by all UK acquirers.

Security code checks are performed on all Visa, Mastercard and American Express branded cards worldwide and the results are checked internationally by all acquirers.

Please contact our Support team for further information on supported acquirers and card types.

 

Required fields

For checks to be successfully performed on the customer’s details, your system will need to submit the cachetoken, billingpostcode and billingpremise in an AUTH or ACCOUNTCHECK request.

If your system does not submit the required information for the checks, we will return a “Not given” response.

 

Response codes

There are four different possible responses following AVS and security code checks. Each response is assigned a distinct code, as shown in the following table:

Code Description Comment
0 “Not given” Your acquirer was not provided with the information required to perform this check.
1 “Not checked” Your acquirer was unable to perform checks on the information provided.
2 “Matched” The information provided by the customer matches that on the card issuer’s records.
4 “Not matched” The information provided by the customer does NOT match that on the card issuer’s records.

 

Info
A “Not checked” response may be that the card issuer does not support address or security code checking for the card supplied or that the information was not provided. Most foreign cards issued will not be address checked.

Together, the AVS and security code checks consist of three total checks, and we assign a response code for each:

 

Security policy

Your account’s security policy consists of preferences on how we respond to instances where the address (premise & postcode) and security code entered by the customer does not directly match those found on the card issuer’s records. We can automatically suspend transactions that return certain response codes:

Info
By default, we suspend all transactions where the security code check returns a “Not matched” response.

To discuss or make changes to your security policy, please contact the Support team.

You can perform AVS and security code checks without debiting the customer. This is achieved by performing an Account Check. Click here to learn more about Account Checks.

 

Testing

We recommend that you thoroughly test your solution before processing live payments.
Click here for test card details that you can submit when testing.