Address Verification Service
What Is Address Verification Service? Definition and How It Works
Definition
Address Verification Service (AVS) is a fraud detection tool that compares the billing address submitted by a cardholder during a card-not-present transaction against the billing address on file with the issuing bank, returning a match code that merchants use in their fraud decision logic.
How it works
When a cardholder enters their billing address at checkout, the AVS check passes those details, typically the numeric portion of the street address and the postal or ZIP code, to the acquirer, who forwards them to the issuer via the card network as part of the authorisation request. The issuer compares the submitted details against the address on file for the card and returns an AVS response code.
AVS response codes indicate the degree of match: full match (both address and ZIP match), partial match (one element matches), no match (neither matches), or unavailable (the issuer does not support AVS for that card). The merchant receives the code alongside the authorisation result and applies their configured logic to decide whether to proceed.
AVS is not a decline mechanism, it does not cause the issuer to decline the transaction. It is a data point returned to the merchant for their own decision. A merchant configured to decline on AVS no-match applies that logic themselves; the issuer has already approved the underlying authorisation.
AVS coverage is primarily limited to the United States, United Kingdom, and Canada. Cards issued by banks in most other countries either do not participate in AVS or return unavailable responses because the issuing bank's systems are not configured to perform address matching. This makes AVS unreliable as a fraud signal for merchants with significant international transaction volumes.
Why it matters
Geographic limitation is the key operational constraint: AVS is only reliably available for US, UK, and Canadian-issued cards. For merchants with significant volumes from Europe, Asia-Pacific, or Latin America, AVS unavailable responses are the norm, decline logic based on AVS no-match will block large volumes of legitimate international transactions.
AVS match is a weak signal in isolation: a matching AVS response confirms the cardholder knows their billing address, it does not confirm they are the legitimate cardholder. Fraudsters with full card data (number, expiry, CVV, address) from a data breach will pass AVS checks. AVS is most useful in combination with other signals.
AVS mismatch has a high false positive rate: cardholders frequently enter their address inconsistently (abbreviations, apartment numbers, address changes not yet updated with the bank). Declining all AVS mismatches blocks a significant number of legitimate transactions. Merchants should measure their AVS mismatch decline rate and compare it against fraud rates in that segment before tightening AVS rules.
Level 2 and Level 3 data for B2B transactions uses address data: for commercial card transactions where Level 2/3 data submission reduces interchange, address data is also required. AVS infrastructure serves double duty in B2B acceptance.
With PXP
PXP passes billing address data through AVS checks on all eligible card-not-present transactions. AVS response codes are returned in the transaction result and surfaced in PXP's reporting. Merchants configure their own AVS-based decline logic through PXP's risk rules interface.
Frequently asked questions
What does an AVS partial match mean?
A partial match means one of the two submitted elements matched, either the street address number or the postal/ZIP code, but not both. Partial matches are common due to legitimate data inconsistencies such as address abbreviations or recent address changes not yet reflected in the issuer's records. Partial match should be treated differently from no match, blanket declines on partial match produce high false positive rates.
Should merchants decline all AVS no-match transactions?
Not without measuring the impact first. AVS no-match results include fraudulent transactions but also legitimate transactions where the cardholder entered their address inconsistently or the issuer's records are outdated. Merchants should analyse the fraud rate and transaction value distribution within AVS no-match results before setting decline rules. A risk-score-conditional approach, declining AVS no-match only when combined with other negative signals, typically produces a better fraud-to-false-positive ratio than a blanket rule.
Why does AVS return unavailable for many international cards?
Most issuing banks outside the US, UK, and Canada do not participate in AVS. Their authorisation systems are not configured to perform address matching and return unavailable responses by default. This is a structural limitation of the AVS system, not an error. Merchants should not apply AVS decline logic to unavailable responses, as these are typically generated by legitimate international cards.
Is AVS required for PCI compliance?
No. AVS is a fraud prevention tool, not a PCI DSS requirement. PCI DSS governs how card data is stored, processed, and transmitted, AVS is one optional fraud signal that merchants may use in their authorisation flow. However, merchants who do not perform any card-not-present security checks (AVS, CVV, 3DS) may face questions during a PCI audit about their approach to card-not-present fraud risk management.
Revolutionize your business with PXP
Take complete control of your commerce and payments with one platform.
Get Started