AVS, or Address Verification System, is a fraud prevention tool used in card-not-present transactions that compares the billing address submitted by the cardholder at checkout against the address on file with the card issuer. The issuer returns a response code indicating whether the street number, postal code, both, or neither matched.
AVS does not approve or decline a transaction on its own. It returns a match result that the merchant or gateway can use as one input in a broader fraud decision. Merchants configure their own rules for how to act on AVS response codes — accepting, flagging, or declining transactions based on the level of match returned.
AVS is supported by Visa, Mastercard, Discover, and American Express on U.S.-issued cards. Its effectiveness is limited for international transactions, as many non-U.S. issuers do not participate in AVS or return consistent match data.
Diving Deeper into AVS
AVS was introduced by card networks in the 1990s as card-not-present transaction volume grew and merchants needed tools to identify potentially fraudulent orders without the ability to physically inspect a card. The premise is straightforward: a legitimate cardholder should know the billing address associated with their card, and a fraudster using stolen card credentials is less likely to have that information.
The system works by passing the cardholder-submitted billing address — specifically the numeric portion of the street address and the postal code — to the issuer as part of the authorization request. The issuer compares these values against what is on file for the account and returns a single-character response code indicating the result.
AVS Response Codes
AVS response codes vary slightly by card network but follow a common structure. The most important codes merchants encounter are full match, partial match, and no match scenarios.
Full Match
A full match — typically returned as code Y — means both the street number and postal code matched the issuer’s records. This is the strongest positive signal AVS can provide and generally indicates the person submitting the transaction has access to the cardholder’s billing information.
Partial Match
Partial match codes indicate that one component matched but the other did not. Code A means the street address matched but the postal code did not. Code Z means the postal code matched but the street address did not. Partial matches require merchant judgment — they may indicate a legitimate cardholder who moved recently or entered their address slightly differently than what the issuer has on file, or they may indicate a fraudster who obtained partial billing information.
No Match
A no match response — code N — means neither the street address nor the postal code matched. This is a strong fraud signal for most transaction types, though merchants in some categories routinely see no match results from international cardholders whose issuers do not return AVS data.
Unavailable or Not Supported
Codes U, S, and G indicate that AVS data was unavailable, not supported by the issuer, or that the card was issued outside the U.S. These responses are common for international transactions and should not be treated as fraud signals on their own.
How Merchants Use AVS
AVS response codes are typically evaluated at the gateway or fraud management layer rather than by the merchant directly. Merchants configure rules that define how each response code should be treated — whether to proceed with the transaction, flag it for manual review, or automatically decline it.
A common configuration accepts full matches and postal-only matches, flags street-only matches for review, and declines no-match responses for domestic cards while allowing no-match responses for international cards where AVS coverage is limited.
AVS and Interchange Rates
Beyond fraud prevention, AVS has a direct impact on interchange rates for card-not-present transactions. Card networks offer lower interchange rates to merchants who submit AVS data with their transactions and receive a match response. Failing to submit AVS data, or consistently receiving no-match responses, can result in transactions downgrading to higher interchange categories — increasing processing costs regardless of whether the transactions are fraudulent.
Limitations of AVS
AVS is a useful signal but not a reliable standalone fraud prevention tool. Stolen card data sold on the dark web frequently includes billing address information, meaning a fraudster may be able to achieve a full AVS match on a stolen card. AVS also provides no signal about whether the card itself is present or whether the transaction was initiated by the actual cardholder.
Merchants relying heavily on AVS without layering additional fraud signals — device fingerprinting, velocity checks, behavioral analytics, 3D Secure — are likely to see both fraud losses and false positives from legitimate customers whose addresses do not match issuer records due to recent moves or data entry inconsistencies.