AVS & CVV Rules

Note: AVS and CVV rules only apply to credit card transactions.

Many banks approve transactions even if they recognize that the address information or Card Verification Value (CVV) included with the transaction doesn’t match what they have on file. Braintree offers customizable Address Verification System (AVS) and CVV rules that reject transactions based on response codes returned by the bank, so you can help ensure that only authorized users of a credit card are able to make purchases. You can set up rejection criteria based on any of the AVS and CVV response codes listed below.

Enabling AVS and CVV rules

  1. Log into the Braintree Control Panel
  2. Navigate to Settings > Processing > Basic Credit Card Fraud Tools > AVS or CVV
  3. Click Edit
  4. Select your desired AVS or CVV rejection criteria
    • You have the option to apply the rules to all transactions or only to specific card types, amounts, or merchant accounts
  5. Click Save

Note: You will also need to enable AVS and CVV in the BigCommerce control panel.

How AVS and CVV rules work

When you submit a transaction for a new payment method, we pass the address and CVV information provided by the customer to the issuing bank. If the bank approves, their approval response will also include AVS and CVV response codes (see below); these codes indicate whether the numeric values in the address and CVV match their records.

If the issuing bank’s response triggers one of your AVS or CVV rules, we will reject the transaction or verification and send a void request to the issuing bank. Keep in mind that some banks don't recognize void requests immediately.

If you do not have AVS or CVV rules enabled, Braintree will ignore the response code.

Recommended setup options

Different business models require different AVS and CVV rules to help mitigate fraud. That being said, there are some standard recommendations that apply to most merchants.

It's best practice for most merchants to collect CVV information—it helps lower the risk of fraudulent transactions and can be used as supporting evidence in your favor if the customer issues a dispute. Regardless of whether you choose to verify the CVV, selecting to reject transactions if CVV is not provided will ensure that your customer supplies this information.

Because AVS rules only check the numeric values of an address, we typically don't recommend enabling Street Address Verification. If your customer lives at 12345 6th Street, depending on how they enter the information, it could confuse the system and cause false rejections.

International AVS

By default, AVS rules will only apply to transactions and verifications with a billing address in the US and transactions that don’t specify a country.

While many countries do not consistently support AVS, addresses in the US, Canada, and the UK are standardized enough for AVS checks to be run. AVS rules are not enabled for Canada and the UK by default, but if you’d like this functionality, you can set the Country Scope to Global when editing your AVS rules.

Note: If you choose to go this route, we recommend that you do not select Issuing bank does not support AVS as a reason to reject transactions.

AVS and CVV response codes

AVS

Response Description
Postal Code matches (M) The postal code provided matches the information on file with the cardholder's bank.
Postal Code does not match (N) The postal code provided does not match the information on file with the cardholder's bank.
Postal Code not verified (U) The card-issuing bank received the postal code but did not verify whether it was correct. This typically happens if the processor declines an authorization before the bank evaluates the postal code.
Postal Code not provided (I) No postal code was provided.
Street Address does not match (N) The street address provided does not match the information on file with the cardholder's bank.
Street Address not verified (U) The card-issuing bank received the street address but did not verify whether it was correct. This typically happens if the processor declines an authorization before the bank evaluates the address.
Street Address not provided (I) No street address was provided.
Issuing bank does not support AVS (S) AVS information was provided but the card-issuing bank does not participate in address verification. This typically indicates a card-issuing bank outside of the US, Canada, and the UK.
AVS system error (E) A system error prevented any verification of street address or postal code.

CVV

Response Description
CVV matches (M) The CVV provided matches the information on file with the cardholder's bank.
CVV does not match (N) The CVV provided does not match the information on file with the cardholder's bank.
CVV is not verified (U) The card-issuing bank received the CVV but did not verify whether it was correct. This typically happens if the processor declines an authorization before the bank evaluates the CVV.
CVV not provided (I) No CVV was provided.
Issuer does not participate (S) The CVV was provided but the card-issuing bank does not participate in card verification.

Still have questions?

Chat with the BigCommerce support team today.

1-888-699-8911