Interpreting Approval Codes
When a credit card transaction is authorized, the approval code often contains additional information about the transaction that helps determine its validity. Also refer to Basic Fraud Detection and AVS / CVV2 Security Level settings of Cart Options.
Address Verification System (AVS), a tool used to combat fraudulent credit card activity, checks the numeric portions of the billing address supplied by the cardholder to determine if they match the billing address that the issuing bank has on file. Because AVS only verifies the numeric portions of the address, certain anomalies (for example, transposed digits within apartment numbers) can cause false declines; such instances, however, are reported quite infrequently.
Card Verification Value 2 (CVV2) is yet another weapon in the war against credit card fraud. CVV2 is a 3- or 4-digit security code located on the credit card to ensure that the customer is in possession of the physical credit card. It is typically located above the last 5 digits of the embossed credit card number on the front of an American Express card; for VISA, MasterCard, and Discover cards, it is usually a separate group of 3 digits located just to the right of the signature strip (see example).
There are a myriad of payment gateway providers (e.g., PayPal, Authorize.Net, etc.) that Internet-based merchants to accept online payments via credit card and eCheck. As you might expect, each provider maintains its own unique authorization code format. The following authorization code format, shown for illustrative purposes only, represents the format employed by the PayPal Payments Pro gateway.
Sample authorization code format: nnnnnnABC, where:
- nnnnnn is the numeric portion of the authorization code as assigned by PayPal Payments Pro;
- A is the AVS result obtained when an attempt is made to match the numeric portion of the street address as provided by the customer to the billing address which the issuing bank has on file for the cardholder;
- B is the AVS result obtained when an attempt is made to match the ZIP Code provided by the customer to the ZIP Code which the issuing bank has on file for the cardholder; and,
- C is the CVV2 result obtained when an attempt is made to match the 3- or 4-digit security code as provided by the customer to the CVV2 which the issuing bank has on file for the specified credit card.
AVS Result Codes
| Code | Description |
|---|---|
| Y | Numeric portions of street address or ZIP Code match the cardholder's billing address on file with the issuing bank. |
| N | Numeric portions of street address or ZIP Code do not match the cardholder's billing address on file with the issuing bank. |
| X | Card issuer does not support AVS validation (typically, this is only seen with the use of international cards). |
CVV2 Result Codes
| Code | Description |
|---|---|
| Y | The CVV2 supplied by the customer matches the CVV2 on file with the cardholder's issuing bank. |
| N | The CVV2 supplied by the customer does not match the CVV2 on file with the cardholder's issuing bank. |
| X | Card issuer does not support CVV2 validation (typically, this is only seen with the use of international cards). |
As a participating merchant, you have the right (within a prescribed amount of time) to summarily reject, or void, an order if the AVS and/or CVV2 results indicate the absence of a match. In fact, this helps to fight fraud. Please refer to Voiding an Order Before Settlement for additional information.
See also: Basic Fraud Detection and AVS / CVV2 Security Level settings of Cart Options.