Address and Security Code Verification

AVSCV2

The Address and Security Code Verification Service allows the Card HoldersStatement Address and/or the Card Security Code provided by your customer to be compared with the information held by the Issuer when the card payment is authorised. These can be checked to help identify and reduce the impact of fraudulent transactions.

For an AVSCV2 transaction to be classed as successful, it must pass a minimum level of checking. This minimum level of checking is called the policy, and you decide which level is acceptable for your business.

There are three stages to the check, these are outlined below.

Obtaining an Authorisation Code and AVSCV2 Check


Once the payment details have been collected and sent to MasterCard Payment Gateway Services, they are immediately sent to your Acquiring Bank for authorisation. Your Bank forwards the request to the Card Issuing Bank.

The Issuing bank authorises the transaction and compares the CV2 number, postcode and address provided against the details stored in their own systems. Each of these three elements will receive one of five bank responses.

The five bank responses are:

  • No information available

  • Not checked

  • Matched

  • Not matched

  • Partial match1

The authorisation code and the results of the AVSCV2 check are then both passed back to MasterCard Payment Gateway Services. If the Issuer is unable to authorise the transaction,the AVSCV2 information is not returned with the transaction.

1 Only returned if you use Barclays as an Acquirer. Does not apply to the CV2 number.

Comparing the Policy


When MasterCard Payment Gateway Services receive the transaction results, they are immediately compared against your policy for the transaction. When a transaction matches your policy, the transaction response including the results of the AVSCV2 check are returned to you.

Reversing a Failed Transaction


If a transaction does not match your policy,MasterCard Payment Gateway Services will re-contact your Acquirer to reverse the transaction. A successful reversal cancels the authorisation code of the transaction, ensuring that there are no funds reserved against the card. Most Issuers will reverse authorisation codes immediately, though others may take longer.The full transaction response is then returned to you, including the result of the AVSCV2 check and the reversal request. A transaction which does not match your policy cannot be settled.

Requirements


If you are using any of the MasterCard Payment Gateway Services Credit and Debit Card Processing Services, the AVSCV2 Service can also be used. The Service requires no additional configuration of your account.

The level of checking and cards that can be checked will depend upon your Acquiring Bank.These are outlined in the table below:

 

Acquiring Bank

Card Scheme

Checking Available

Standard

Extended

American Express

Amex

yes

yes

Barclays

Visa, Visa Delta, Visa Electron, Mastercard, Solo, Switch

yes

yes

Diners

Diners

yes

yes

Girobank

Visa, Visa Delta, Visa Electron, Mastercard

yes

no

HBOS

Visa, Visa Delta, Visa Electron, Mastercard, Solo, Switch

yes

yes

HSBC

Visa, Visa Delta, Visa Electron, Mastercard, Solo, Switch, JCB

yes

yes

Lloyds TSB

Visa, Visa Delta, Visa Electron, Mastercard, Solo, Switch

yes

yes

NatWest

Visa, Visa Delta, Visa Electron, Mastercard, Solo, Switch

yes

yes

The CV2 number can be checked for any of the above cards issued in any country.

Due to the differing address/postcode formats globally, AVS information can currently only be checked for cards issued in the UK.

AVS checking is not currently available for Diners.

Transaction Processing Models


There are three different ways in which the policy can be specified for card payments.

  • Default Policy - a default policy can be configured on your account. The policy is chosen from a short list of options and can be over-ridden on a per transaction basis if required.

  • Standard Policy - the policy information is sent through with each transaction, over-riding any default policy. The policy is chosen from a pre-defined short list of options.

  • Extended Policy - the policy information is sent through with each transaction, over-riding any default policy. There is much greater flexibility than with the standard policy.

Each time a transaction is submitted to the MasterCard Payment Gateway,it contains the information that determines the model to be used for that transaction. This ensures you have the flexibility to mix and match policies as required on an individual transaction basis - for example, you may wish to have a higher level of checking on your larger value orders.

When choosing a policy, it is important to ensure that enough information is collected from the customer to pass the check. For example: if you only collect CV2data from your customer, choose a policy which does not require the AVSinformation to be matched.

If you are unsure which policy to use, you may wish to initially implement a policy which will accept all responses. This will allow you to receive and monitor the results of the checks without rejecting transactions before choosing.

Default Policy


The default policy is the simplest way to implement AVSCV2 checking.The policy is configured against your account here at MasterCard Payment Gateway Services. It treats the address and postcode as a single element.

 

Policy

Places Priority on

Accepts transaction if

0

-

Accepts all transactions

1

AVS

The AVS elements have been checked and the data matched

2

CV2

The CV2 element has been checked and the data matched

3

AVS and CV2

All elements have been checked and all the data matched

5

AVS

Either the AVS elements have been checked and matched, or all elements returned not checked

6

CV2

Either the CV2 element has been checked and matched or all elements returned not checked

7

AVS and CV2

Either all the elements have been checked and matched, or all elements returned not checked

When a AVSCV2 check is performed using the default policy, the results of each individual element of the check are converted into a single standard response for the entire transaction. This conversion is performed using a set of rules provided by your Acquiring Bank. Further information about the conversion is available in the Support Centre if required.

 

The five standard converted responses are:

  • ALL MATCH

  • SECURITY CODE MATCH ONLY

  • ADDRESS MATCH ONLY

  • DATA NOT CHECKED

  • NO DATA MATCHES

If you choose to use the default policy, please contact Support to configure your chosen default policy on your account prior to sending transactions.

Standard Policy


The standard policy is very similar to default policy. If a standard policy is used, this will be used in preference to any default policy configured on the account. This gives increased flexibility, as it allows you to alter the policy on a per transaction basis.

The differences between standard and default policies are:

  • A policy value of 0 (zero) cannot be used as a standard policy, only as a default policy. The remaining policies are unchanged.

  • The standard policy is submitted to the DPG along with the transaction details.

Extended Policy


The extended policy has the most flexibility of all the models.Instead of choosing from a short list of pre-defined policies, the extended policy allows you to precisely define the results of each of the elements which are acceptable to you.

When choosing an extended policy for each of the CV2, Address and Postcode elements, a decision needs to be made on whether to accept or decline each of the five bank responses.

For example, you may wish to accept transactions if the CV2 number is eithermatched or not checked and both the postcode and address are matched - all other responses would be rejected.

When using the extended policies, the results of each individual element of the check are returned to you in the transaction response.

Performing Transactions


To incorporate the full AVSCV2 service into your payment process, the following information needs to be collected from the card holder:

  • the CV2 number

  • the customers statement address

  • the customers statement postcode

In addition you will also need to choose a policy, which should either be configured on your account for default policy, or submitted with the transaction for the standard and extended policies.

If you wish to perform only part of the AVSCV2 check, the full customer details do not need to be collected.

Response Codes


When using the AVSCV2 Service, the basic Responses for transactions become:

  • Accepted

  • Declined

  • Referred

  • CV2AVS Declined

In addition there are various error codes that can be produced by this service. Examples of each response type available in the Developers Guide.

For all AVSCV2 checked transactions, the results of the check and the policy used will be returned to you.

Accepted Transactions


An Accepted transaction has successfully passed the AVSCV2 check with the policy chosen, and the bank has authorised the transaction.

Once a transaction is accepted, your system can complete the normal ordering process. If you are using the Two Stage model, please remember that the second stage must be completed to debit / credit the card.

Declined Transactions


If a transaction is declined the result of the AVSCV2 check will not be available.
Some Issuers may decline a transaction if the data they receive for the AVSCV2 check does not match their records. For example: American Express have advised that they may at some stage in the future require merchants to collect all three items of data to guarantee a successful transaction.

Referred Transactions


If a transaction is referred the result of the AVSCV2 check will still be returned. If the AVSCV2 check was successful using the selected policy, you will be able to complete the transaction using an authorize_referral_request transaction as for a normal Bank Card transaction. 
If the AVSCV2 check was not successful using the selected policy then any attempt to use an authorize_referral_request will result in a CV2AVS Declined response
 

CV2AVS Declined Transactions


If a transaction is CV2AVS declined, the data provided by your customer failed to match your chosen AVSCV2 policy. The result of the AVSCV2 check will be returned to you, together with the authorisation code and the result of the request to reverse the authorisation code.

Error Messages


A complete list of Response Codes for this service is available here. TheSupport Centre also contains extensive examples for most error codes. Illustrations are given to demonstrate on how they would appear in both Reporting and an XML Response. Suggestions are also given to help you prevent them from occurring.

Reporting


When a transaction has been checked using the AVSCV2 service, the details of the check will be available for each transaction on the Bank Card Detailspage

The Support Centre contains full hints and tips to help you get the most out of Reporting.