Address Verification Service (AVS) is one of the most widely used fraud prevention tools in card-not-present payments. It checks the billing address a customer enters at checkout against the address on file with their card issuer, returning a response code that merchants can act on. Understanding how AVS works and its limitations, helps you use it effectively without blocking legitimate customers.
AVS is part of ConvesioPay’s built-in fraud prevention toolkit for WooCommerce, configurable alongside CVV, 3DS2, and velocity rules. Get started →
1. How AVS Works
When a customer enters their billing address at checkout, your payment processor sends it to the card issuer as part of the authorization request. The issuer compares the submitted address against the address on file for that card and returns an AVS response code.
AVS checks two elements separately:
- Numeric street address — the house/building number (e.g., “42” from “42 Oak Street”)
- ZIP/postal code — the billing postal code
It does not verify the street name, city, state, or country, only the numeric elements. This is an important limitation: a fraudster who knows the correct house number and ZIP code (but not the full address) would pass AVS.
2. AVS Response Codes
Response codes vary slightly between card networks, but the primary codes are:
| Code | Street number | ZIP code | Recommended action |
|---|---|---|---|
| Y | Match | Match | Proceed — strongest positive signal |
| A | Match | No match | Proceed with caution; monitor |
| Z | No match | Match | Proceed with caution; monitor |
| N | No match | No match | Decline or hold for review |
| U | Unavailable — issuer doesn’t support AVS or didn’t respond | Common on international cards; apply alternative screening | |
| R | System unavailable — retry | Retry; if persistent, treat as U | |
| S | AVS not supported by issuer | Apply alternative screening | |
| G | International card — AVS not applicable | Apply risk-based alternative screening | |
3. How to Configure AVS Rules
Best practices for AVS rule configuration:
- Auto-decline on N (full mismatch) — both street and ZIP don’t match on a domestic card is a strong fraud signal; decline automatically
- Review on A or Z (partial mismatch) — one element matches; hold high-value orders for manual review, allow lower-value orders with monitoring
- Don’t decline on U, S, or G automatically — these codes don’t indicate fraud; they indicate AVS isn’t available for that card. Auto-declining all international cards would block a large portion of legitimate customers
- Combine with CVV — a partial AVS mismatch with a CVV pass is lower risk than a partial AVS mismatch with a CVV failure
4. AVS Limitations
International Cards
AVS is primarily a US, UK, and Canada feature. Cards issued in most other countries return code U or G — the issuer doesn’t support AVS checking. For international orders, rely on CVV, 3DS2, and behavioral signals rather than AVS.
Numeric-Only Verification
AVS only checks the numeric portion of the street address. “42 Oak Street” and “42 Elm Avenue” would both pass the street check if the house number is 42. This limits its effectiveness against fraudsters who know the general address format but not the full street name.
False Positives
Legitimate customers sometimes fail AVS, they’ve moved recently, entered a work address instead of their billing address, or their card has an outdated address on file. Aggressive AVS rules (declining all non-Y responses) can block legitimate transactions and create customer service issues.
Not a Standalone Solution
AVS is one signal among many. It should be used in combination with CVV verification, device fingerprinting, 3DS2, and velocity rules, not as the sole fraud gate.
5. AVS in WooCommerce with ConvesioPay
ConvesioPay returns AVS response codes for every card transaction and makes them available for rule configuration. You can set rules to:
- Automatically decline transactions with code N
- Trigger a 3DS2 challenge for transactions with code A or Z
- Flag partial-match transactions for review on orders above a threshold
AVS works alongside ConvesioPay’s other fraud prevention tools, CVV checking, velocity rules, device fingerprinting, and 3DS2, as part of a layered approach to CNP fraud prevention.
For related fraud prevention tools, see CNP Fraud Prevention: Protecting Your Online Store from Card-Not-Present Fraud and Payment Fraud Prevention: A Complete Guide for Ecommerce Merchants.
ConvesioPay includes AVS as part of its built-in WooCommerce fraud prevention stack. Configure rules, combine with 3DS2, and protect your store from card-not-present fraud. Get started →