AVS and security code checks
The Address Verification System and security code checks provide a further level of security to a transaction, allowing additional checks regarding the validity of the address and security code information supplied by the customer. These checks are performed automatically by the issuing and acquiring banks as part of the transaction authorisation process.
Introduction to AVS
As part of the authorisation process, the customer’s address is checked against the address that the card issuer holds for that card. The checks performed are focused on the house number and postcode provided by the customer. The issuing bank will indicate to the acquiring bank whether there is a match between the entered address and the registered card address. The response from the acquiring bank is mapped to response codes on our system, and this information is made available in the response. (Read on for further information on our security response codes)
Introduction to security code checks
The security code is a three or four digit number printed on credit and debit cards. It is not stored by Secure Trading, and also must never be stored by merchants.
As part of the authorisation process, the security code that the customer has entered is checked against the security code that the card issuer holds for their card. The issuing bank will indicate to the acquiring bank whether there is a match between the entered security code and the correct security code associated with the card. The response from the acquiring bank is mapped to response codes on our system, and this information is made available in the response. (Read on for further information on our security response codes)
Some acquirers will use the results of the AVS or security code checks to decline the transaction, if either the address or security code entered by the customer is incorrect. Others will authorise the transaction and allow you to decide whether or not to continue with the transaction.
Depending on your account configuration, Secure Trading may perform certain actions on the transaction if the results of the AVS and security code checks do not meet a required standard. This behaviour is configured as part of your Security Policy.
The availability of the AVS and security code check facility is dependent on the acquiring bank and card issuer, although it should be noted that most cards support this functionality.
The ability to conduct address checks is dependent on the location of your acquiring bank in relation to the location of the issuing bank of the card being presented. Most acquirers do support the process but only on locally issued cards. All UK cards and a number of US cards are address checked by all UK acquirers.
Security code checks are performed on all Visa, Mastercard and American Express branded cards worldwide and the results are checked internationally by all acquirers.
Please contact our Support team for further information on supported acquirers and card types.
For checks to be successfully performed on the customer’s details, the customer will need to input their billing address and card details (including the security code) on the Payment Pages.
If the customer fails to submit the required information, the checks will return a “Not given” response.
There are four different possible responses following AVS and security code checks. Each response is assigned a distinct code, as shown in the following table:
|0||“Not given”||Your acquirer was not provided with the information required to perform this check.|
|1||“Not checked”||Your acquirer was unable to perform checks on the information provided.|
|2||“Matched”||The information provided by the customer matches that on the card issuer’s records.|
|4||“Not matched”||The information provided by the customer does NOT match that on the card issuer’s records.|
Together, the AVS and security code checks consist of three total checks, and we assign a response code for each:
- Card security code
- Billing postcode
- Billing premise
Your account’s security policy consists of preferences on how we respond to instances where the address (premise & postcode) and security code entered by the customer does not directly match those found on the card issuer’s records. We can automatically suspend transactions that return certain response codes (listed in the table above).
This behaviour can be completely disabled if preferred. Alternatively, the criteria can be expanded to suspend in more situations.
To discuss or make changes to your security policy, please contact our Support team.
An account check is a type of request that performs the AVS and security code checks without reserving funds on the customer’s account. When enabled, account checks are performed immediately prior to each standard authorisation on your account. This allows you to use the results returned to prevent authorisations from being processed, in cases where the aforementioned checks have shown there to be inconsistencies between the values entered by the customer and those being held on record by the issuing bank.
To enable this behaviour, you will need to enable account checks on your site reference(s) and also enable a rule that acts on the results of the checks. To complete these steps, please contact our Support team.