How Do AVS / CVV Code Checks Work?

When a credit card payment is processed for an order, additional security checks may be applied to help reduce fraud.  The most common types of checks are AVS and CVV (Security Code) validation.

AVS Validation

AVS validation requires customers to provide parts of their billing address, such as a street address or zip code.  That information is then checked against the billing information on file with the cardholder's account.  Depending on the validity of the information, an AVS Code is returned to indicate whether some or all of the address information matched.

That AVS Code is then matched against a series of rules to determine whether the transaction is permitted.

CVV / Security Code Validation

The security code on a card can also be validated.  When the transaction is returned, it includes a CVV Match Code to indicate whether the code was matched, if it was provided.

Performing Security Checks at Your Gateway

Your payment gateway / processor may provide these security features.  If you have enabled AVS or CVV validation at your gateway, you should ensure that Paytronix Online Ordering is collecting the appropriate billing information, under the Payment Settings configuration screen.

For example, if your gateway is configured to require and validate the customer's zip code, you should ensure that the zip code is being collected at checkout.

By default, Paytronix Online Ordering does not collect any billing address information, to keep the checkout process simple.

Performing Security Checks within Paytronix Online Ordering

Paytronix Online Ordering also provides the ability to perform AVS and CVV validation.  These options can be configured under the Payment Settings configuration screen.

Note on Customer Funds

If a transaction is rejected due to an AVS or CVV validation issue, the transaction is still being authorized by the customer's bank, and then voided by the payment system.  Because the transaction was authorized, the customer may lose access to these funds until their bank removes the authorization.  The transaction may continue to appear on the customer's banking statements / online banking, as well, and appear to be a double-charge.