Address Verification Service (AVS) for Merchants: Codes, Decline Rules, and Best Practices

Written by Tyler DurbinJune 16, 2026
Merchant Alternatives is reader-supported. When you make purchases through links on our site, we may earn a commission. This is always at no additional cost to you and helps us continue to provide accurate, transparent and up-to-date information on the things that matter most to your business, for free.

Address Verification Service (AVS) is one of the simplest fraud signals available to most online merchants. It checks whether the billing address details a customer enters match what the card issuer has on file.

Used well, AVS can reduce card-not-present fraud and help you avoid preventable chargebacks. Used poorly, it can also cause good customers to get declined, especially when they are moving, traveling, buying gifts, or using wallets and autofill.

This guide explains how AVS works, what the most common AVS response codes mean, how processors use AVS, and how to build AVS rules that protect your approval rate.

What is AVS and what does it check during authorization?

AVS compares the numeric portion of a cardholder's billing address (street number) and postal code to the issuer's records, then returns an AVS response code with the authorization result.

In most setups, AVS runs as part of the authorization request your gateway sends to the issuer. You do not need a separate integration for an AVS check in many gateways, but you do need to decide what to do with the response code.

Key point: AVS is not identity verification. It is a data match signal. A fraudster can sometimes pass AVS if they have stolen full billing details, and a legitimate customer can fail AVS because their issuer file is outdated.

What do AVS response codes mean (and why do they vary by network)?

AVS returns a short code indicating whether the address, the postal code, both, or neither matched.

A common source of confusion is that the same letter can mean different things depending on the card brand and processor mapping. Some systems return a single normalized value (match, partial, no match, unavailable), while others return the raw network code.

Here are practical groupings you can use for decisioning.

AVS outcome group Common codes you will see What it usually means
Full match Y, X Street address and ZIP or postal code match
ZIP match only Z (5-digit ZIP match), W (9-digit ZIP match) Postal code matches, street address does not
Address match only A Street address matches, ZIP does not
No match N Neither street address nor ZIP match
Unavailable / not supported U, S, R (retry) Issuer did not provide AVS data or the system was unavailable

Do not treat every partial match as fraud. Many legitimate customers will produce ZIP-only matches because of formatting differences (apartment numbers, international variations, or how issuers store address lines).

When should you use AVS (and when should you avoid hard declines)?

Use AVS anytime you accept card-not-present payments and you can collect a billing address. The question is not whether to run AVS. The question is whether to decline on AVS mismatch.

Hard declining on AVS can make sense when:

  • The transaction is high risk for your business model (first-time customer, high dollar amount, expedited shipping, or digital delivery).
  • Your fraud losses are concentrated in transactions where AVS fails.
  • Your approval rate is less important than margin protection (some high-risk verticals).

Avoid hard declines when:

  • You sell subscriptions and must optimize lifetime value.
  • You have meaningful international volume where AVS may be unavailable or inconsistent.
  • You sell to customers who frequently ship to addresses that are not their billing addresses (gifts, corporate purchases).

A better default is: treat AVS as a risk signal, not a standalone rule.

How do gateways and processors use AVS to approve or decline payments?

Some processors will pass the AVS result to you and let you decide.

Others may allow you to configure AVS filters that reject transactions before they are submitted to the network. This is sometimes called a gateway rejection. It can be useful, but you need to remember that your decline reason may look different than an issuer decline.

In practice, there are three layers where AVS can affect an outcome:

  1. Issuer authorization decision: the issuer can approve or decline based on AVS plus other signals.
  2. Gateway rules: your gateway can reject an otherwise approved authorization based on your AVS settings.
  3. Manual review: your team can hold an order for review based on AVS.

If you see higher than expected declines, confirm whether you are declining at the gateway layer. Many merchants think the bank declined the payment when the gateway actually rejected it due to a strict AVS rule.

Keep in mind that AVS settings can be set at the processor account level, the gateway level, and sometimes per-MID for businesses with multiple merchant accounts. A change at one layer can be silently overridden at another. Document where each rule lives so you can trace a sudden decline spike back to the right configuration screen.

How does AVS support differ across Visa, Mastercard, Amex, and Discover?

All four major networks support AVS for US-issued cards, but the coverage and the response codes vary in ways that matter for decisioning.

  • Visa and Mastercard: Broadest AVS support across US issuers. Most decline-vs-review rules are written against the Visa/Mastercard code set.
  • American Express: Returns its own AVS values that processors typically normalize to Y/A/Z/N. Amex tends to weight cardholder behavior heavily, so an AVS mismatch on Amex paired with a clean account history is often safe to approve.
  • Discover: Supports AVS through its US issuers, but the response set is narrower in practice. Some processors map Discover responses into the Visa code set for consistency.
  • International cards: AVS coverage outside the US is inconsistent. Treat unavailable as the most likely outcome for cross-border traffic, and lean on 3DS rather than AVS for that segment.

If your policy treats every brand identically, you may be over-declining on one network and under-declining on another. Review fraud and chargeback rates by brand at least once per quarter.

Which AVS codes should you accept, review, or decline?

A practical approach is to build an AVS policy with three buckets.

Bucket 1: Auto-accept (low friction)

Start by auto-accepting:

  • Full match (Y, X)
  • Address match only (A) if other signals are strong
  • Unavailable (U, S, R) for low risk orders, especially outside the US

Why accept unavailable? Because some issuers do not support AVS or do not return AVS data, and blocking those orders can reduce approvals without a fraud payoff.

Bucket 2: Review (high signal, not definitive)

Route to review when:

  • ZIP-only match (Z or W) and the order is high risk (high amount, new customer, shipping mismatch)
  • Unavailable (U, S) but other risk flags are present

Bucket 3: Decline (only when paired with other risk)

Decline or cancel when:

  • No match (N) AND you see additional risk flags (email mismatch, risky IP, velocity, shipping to freight forwarder)
  • Repeat attempts where AVS is consistently failing with different cards

If you decline on N by default, consider doing it only above a threshold amount, or only for first-time customers.

How does AVS interact with CVV, 3DS, and fraud tools?

AVS is most effective when it is one signal among several.

  • CVV: CVV checks whether the card security code matches what the issuer expects. AVS checks address data. A strong fraud rule often requires both to be good for high risk orders.
  • 3DS: 3D Secure shifts authentication to the issuer. If a transaction is fully authenticated via 3DS, strict AVS declines may be unnecessary and can reduce conversion.
  • Device and IP signals: Fraud tools often score device fingerprinting, IP geolocation, and behavioral data. Use these to decide whether an AVS mismatch is meaningful.

A common best practice is to treat AVS mismatch as a reason to step up authentication (3DS challenge) instead of a hard decline.

Why do legitimate customers fail AVS?

AVS failures are not always fraud. Common legitimate reasons include:

  • The customer recently moved and the issuer file is not updated.
  • The issuer stores the address differently (abbreviations, unit formatting).
  • The customer uses a corporate card tied to a billing address they do not know.
  • The purchase is cross-border where AVS data may not be available.
  • Autofill or wallet data inserts a billing address variant that does not match the issuer file.

If you are seeing a spike in AVS mismatches, check whether your checkout form is forcing address formatting that does not match what issuers typically store.

How to tune AVS rules without tanking your approval rate

You can improve fraud performance without triggering a conversion cliff by tuning your policy around context.

Start with data, not opinions

Pull 60 to 90 days of transaction data and segment by:

  • New vs returning customers
  • Ticket size bands
  • Domestic vs international
  • Digital vs physical goods

Then compare fraud and chargeback rates by AVS outcome group.

Use step-up actions before hard declines

Instead of declining, try:

  • Requiring the customer to re-enter billing address (remove autofill)
  • Asking for a different card
  • Triggering 3DS for mismatches
  • Holding the order for review when shipment is high risk

Add a second check: shipping risk

If you ship physical goods, combine AVS with:

  • Shipping distance from billing address
  • Freight forwarder detection
  • Signature required thresholds

This reduces fraud while keeping approvals for low risk orders.

What should you log and monitor for AVS?

If you want AVS to actually help, you need clean logging.

At minimum, store:

  • Raw AVS code returned by the gateway
  • A normalized AVS category (full, partial, none, unavailable)
  • Whether the transaction was declined by issuer or rejected by your gateway rules
  • Whether 3DS was applied

Monitor weekly:

  • Approval rate by AVS bucket
  • Chargeback rate by AVS bucket
  • Manual review rate and false positive rate

If your gateway supports it, log both the AVS code and the gateway's interpretation of it. That will save hours when you debug changes.

FAQ

Does AVS prevent chargebacks?

AVS can reduce fraud that leads to chargebacks, but it does not prevent disputes by itself. It is best used as one risk signal alongside CVV, 3DS, and order review.

Is AVS only for the US?

AVS is most common in the US, and support varies by country and issuer. Many cross-border transactions may return unavailable codes, so you should not hard-decline all AVS-unavailable results.

Should I decline every AVS mismatch?

No. Declining every mismatch can create unnecessary false declines. A better approach is to review or step up authentication for mismatches, then decline only when other risk signals also look bad.

What is the difference between an issuer decline and an AVS gateway rejection?

An issuer decline is a bank decision during authorization. A gateway rejection happens when your gateway filters the payment based on your AVS settings, even if the issuer would have approved.

Which AVS codes are safest to auto-approve?

Full matches (Y and X) are the safest. Many merchants also approve address-only match (A) and unavailable (U/S) for low risk orders, while reviewing ZIP-only matches (Z/W) for high risk orders.

Does AVS affect interchange rates?

Yes, indirectly. Card-not-present transactions often require AVS data (and sometimes CVV) to qualify for the best available interchange tier. Missing AVS data, or AVS data that comes back as not provided, can downgrade a transaction and raise your effective rate. If you want to dig deeper into how downgrades work, our interchange fees explainer walks through the most common reason codes.

Can I run an AVS-only check without charging the card?

Most gateways allow a zero-dollar or low-dollar authorization that returns an AVS response without capturing funds. This is commonly used for account updates, subscription reauthorization, and pre-checkout validation. Confirm with your processor whether the test posts a temporary hold on the cardholder's available balance.

Next steps: reduce fraud without killing approvals

If you want to tighten fraud controls without watching your approval rate fall, start by auditing your current AVS settings, then build a policy that uses review and step-up actions before hard declines.

You can apply for a merchant account through Easy Pay Direct or another processor that fits your model. Other options worth a look:

  • https://merchantalternatives.com/go/easypaydirect/
  • https://merchantalternatives.com/go/soar-payments/
  • https://merchantalternatives.com/go/paymentcloud/
Written by 

Tyler Durbin