Contents

AVS and security code checks

 

The Address Verification System and security code checks provide a further level of security to a transaction, allowing additional checks regarding the validity of the address and security code information supplied by the customer. These checks are performed automatically by the issuing and acquiring banks as part of the transaction authorisation process.

 


 

Introduction to AVS

As part of the authorisation process, the customer’s address is checked against the address that the card issuer holds for that card. The checks performed are focused on the house number and postcode provided by the customer. The issuing bank will indicate to the acquiring bank whether there is a match between the entered address and the registered card address.  The response from the acquiring bank is mapped to response codes on our system, and this information is made available in the response. (Read on for further information on our security response codes)

 


 

Introduction to security code checks

The security code is a three or four digit number printed on credit and debit cards. It is not stored by Secure Trading, and also must never be stored by merchants.

The number is often printed on the back of the card, on the signature strip.

back of card

Alternatively, on American Express cards the security code can be found on the front of the card, on the right–hand side, above the embossed card number.
front of card

As part of the authorisation process, the security code that the customer has entered is checked against the security code that the card issuer holds for their card. The issuing bank will indicate to the acquiring bank whether there is a match between the entered security code and the correct security code associated with the card. The response from the acquiring bank is mapped to response codes on our system, and this information is made available in the response. (Read on for further information on our security response codes)

Warning
It is imperative that you never store the customer’s security code. Please ensure that no log files or databases contain the security code information on your system.

 


 

Further considerations

Some acquirers will use the results of the AVS or security code checks to decline the transaction, if either the address or security code entered by the customer is incorrect. Others will authorise the transaction and allow you to decide whether or not to continue with the transaction.

Depending on your account configuration, Secure Trading may perform certain actions on the transaction if the results of the AVS and security code checks do not meet a required standard. This behaviour is configured as part of your Security Policy.

 


 

Requirements

Supported cards and banks

 

The availability of the AVS and security code check facility is dependent on the acquiring bank and card issuer, although it should be noted that most cards support this functionality.

 

The ability to conduct address checks is dependent on the location of your acquiring bank in relation to the location of the issuing bank of the card being presented. Most acquirers do support the process but only on locally issued cards. All UK cards and a number of US cards are address checked by all UK acquirers.

 

Security code checks are performed on all Visa, Mastercard and American Express branded cards worldwide and the results are checked internationally by all acquirers.

 

Please contact our Support team for further information on supported acquirers and card types.

Required fields

For checks to be successfully performed on the customer’s details, the customer will need to input their billing address and card details (including the security code) on the Payment Pages.

If the customer fails to submit the required information, the checks will return a “Not given” response.

 


 

Response codes

There are four different possible responses following AVS and security code checks. Each response is assigned a distinct code, as shown in the following table:

Code Description Comment
0 “Not given” Your acquirer was not provided with the information required to perform this check.
1 “Not checked” Your acquirer was unable to perform checks on the information provided.
2 “Matched” The information provided by the customer matches that on the card issuer’s records.
4 “Not matched” The information provided by the customer does NOT match that on the card issuer’s records.

 

Info
A “Not checked” response may be that the card issuer does not support address or security code checking for the card supplied or that the information was not provided. Most foreign cards issued will not be address checked.

 

Together, the AVS and security code checks consist of three total checks, and we assign a response code for each:

 


 

Security policy

Your account’s security policy consists of preferences on how we respond to instances where the address (premise & postcode) and security code entered by the customer does not directly match those found on the card issuer’s records. We can automatically suspend transactions that return certain response codes (listed in the table above).

Warning
By default, we suspend all transactions where the security code check returns a “Not matched” response.

This behaviour can be completely disabled if preferred. Alternatively, the criteria can be expanded to suspend in more situations.

To discuss or make changes to your security policy, please contact our Support team.

 


 

Account checks

Info
Account checks are only available for certain acquirers. Contact our Support team for further information.

An account check is a type of request that performs the AVS and security code checks without reserving funds on the customer’s account. When enabled, account checks are performed immediately prior to each standard authorisation on your account. This allows you to use the results returned to prevent authorisations from being processed, in cases where the aforementioned checks have shown there to be inconsistencies between the values entered by the customer and those being held on record by the issuing bank.

To enable this behaviour, you will need to enable account checks on your site reference(s) and also enable a rule that acts on the results of the checks. To complete these steps, please contact our Support team.

Info
Each account check is assigned a unique transaction reference and you can use this to view details of the request in MyST. If you already know the unique transaction reference, you can type this into the universal search box found at the top of the page. Otherwise, you can use our Transaction search utility and filter request types by “ACCOUNTCHECK” to search over requests.