AVS and CVV Responses
Below are the AVS and CVV responses and their descriptions. To test these in the sandbox environment please see this page of our integration documentation.
Auto Decline based on AVS and CVV Results
We do not offer the ability to systematically decline a transaction based on the AVS or CVV result that we get back from the issuer. However, our APIs return the AVS and CVV response in the event you want to decide based on those results. There are a couple of ways to do this which we’ll describe below.
Process a Sale and then void that Sale if certain AVS and/or CVV results are returned
Our recommended option is to process a Sale as normal. And then build some logic that systematically voids the sale if the AVS and/or CVV combination come back as mismatched. Then have your system display a decline message back to the cardholder. This is the most efficient process as in most cases the majority of the AVS and CVV will be matching.
Another option, which is not as efficient, is to run an Auth Only, and then do a Capture only if the AVS and CVV come back as matching - and then Voiding the Auth if the AVS and CVV do not match. This certainly works but it’s not as efficient as it _always _requires at least two API calls - Capture when matching and Void when not matching. Whereas processing a Sale (assuming AVS and CVV match 80% of the time for example) only requires a second API call to Void the Sale 20% of the time (when AVS and CVV do NOT match).
Call the Verify route
Another option is to call the Verify route before processing the Sale. This route processes a $0 transaction on the cardholder’s card and it returns the AVS and CVV results in the response. This still requires two API calls, however, it does eliminate the need to process a Void in the cases where the AVS and CVV come back mismatched.
AVS Responses
“addressVerificationCode“ property of the Sales response.| Code | Description |
|---|---|
| A | The street addresses match but the postal/ZIP codes do not, or the request does not include the postal/ZIP code. |
| B | Street addresses match, but postal/ZIP code not verified due to incompatible formats. (Acquirer sent both street address and postal/ZIP code.) |
| C | Street address and postal/ZIP code not verified due to incompatible formats. (Acquirer sent both street address and postal/ZIP code) |
| D | Street addresses and postal/ZIP codes match. |
| F | Street addresses and postal codes match. Applies to U.K.-domestic transactions only. |
| G | Address not verified for international transaction. Issuer is not an Address Verification Service (AVS) participant, or AVS data was present in the request but issuer did not return an AVS result, or V.I.P. performed address verification on behalf of the issuer and there was no address record on file for this account. |
| I | Address information not verified. |
| M | Street addresses and postal/ZIP codes match. |
| N | No match. Acquirer sent postal/ZIP code only, or street address only, or both postal/ZIP and street address. |
| P | Postal/ZIP codes match. Acquirer sent both postal/ZIP code and street address, but street address not verified due to incompatible formats. |
| R | Retry: System unavailable or timed out. Issuer ordinarily performs address verification but was unavailable. |
| S | Not applicable. If present, V.I.P. replaces it with U or with G. |
| U | Address not verified for domestic transaction. Address not verified for international transaction. Issuer is not an AVS participant, or AVS data was present in the request but issuer did not return an AVS result, or V.I.P. performed address verification on behalf of the issuer and there was no address record on file for this account. |
| W | Not applicable. If present, V.I.P. replaces it with Z. Available for U.S. issuers only. |
| X | Not applicable. If present, V.I.P. replaces it with Y. Available for U.S. issuers only. |
| Y | Street address and postal/ZIP match. |
| Z | Postal/ZIP match, street addresses do not match, or street addresses not included in the request. |
| 0 | Not Available |
CVV Responses
“cvvVerificationCode“ property of the Sales response.
| Code | Description |
|---|---|
| M | CVV2 Match. Indicates that the Funds Transfer API or the issuer was able to verify the CVV2 value provided by the merchant. |
| N | CVV2 No Match. Indicates that the Funds Transfer API or the issuer was not able to verify the CVV2 value provided by the merchant. |
| P | Not processed. Indicates that the Funds Transfer API or the issuer was unable to verify the CVV2 value provided by the merchant because either their verification system was not functioning, or not all of the information needed to verify the CVV2 value (such as the expiration date) was included in the request. |
| S | CVV2 should be on the card. Indicates that the Funds Transfer API or the issuer was unable to perform CVV2 verification, and notifies the merchant that the card should contain a CVV2 value. |
| U | Issuer does not participate in CVV2 service, or participates but has not provided Visa with encryption keys or both. Indicates that the issuer is not participating in the CVV2 service, or has not provided Visa with encryption keys needed to perform verification, or that STIP has responded to an issuer-unavailable response. |
FAQs
Yes, as long as the the card issuer is an Address Verification Service participant. Visa mandates U.S. and UK issuers participate in AVS. Mastercard mandates it for U.S. and Canada. For all others it is optional, for those specific card types.
Card issuers have discretion on whether they decline a transaction when the CVV2 doesn’t match. They return the results of the CVV2 validation in the CVV2 results field, and with a "no match" they can still approve the transaction - and may choose to do so based on other attributes of what they see in the authorization request, in which case the issuer is taking liability if it ends up being a fraudulent transaction.
Updated 6 months ago