Skip to main content

CV2 and AVS

Card issuers conduct two anti-fraud checks alongside the transaction authorisation. Known as AVS and CV2, they were developed in response to the increase in fraudulent transactions, notably those where the cardholder is not present at the point of sale, for example mail order or Internet transactions.

CV2 (Card Verification Value)

The name CV2 is actually a collective term derived from Card Verification Value (CVV2) used by Visa and Card Verification Check (CVC) used by MasterCard. It is a three or four-digit number usually found printed after the card number on the signature strip on the back of a card. The purpose of this number is to confirm that the cardholder is actually in possession of the card.

During an authorisation, the CV2 is checked along with the main card number. While the card number is subject to strict security and storage controls the CV2 requirements go a step further stating that it must never be stored, printed, or retained in any way. Thus, in the event a card number is compromised or guessed it is highly unlikey the fraudster would also have access to the CV2.

For most transactions types the CV2 is considered a mandatory field and it is rare for a card issuer to approve a transaction without the correct CV2 TransactDirect can be configured at merchant level to automatically decline any transactions that may be authorised with an invalid or missing CV2.

AVS (Address Verification Service)

The Address Verification Service (AVS) is used to confirm that the billing address given by the cardholder during a transaction matches the cardholder's billing address held by the card issuing bank.

The AVS checks the numeric values of the full address and postcode given by the cardholder against the records held by their card issuer. Upon submission of a full address and postcode, TransactDirect will derive the AVS check value and pass it to the issuing bank for verification.

TransactDirect can be configured at merchant level to automatically decline any transactions that may be authorised with invalid or missing address details however this should be carefully considered due to varying levels of issuer support and complexities in handling some addresses. In most cases the CV2 and 3-D Secure systems provide a more better level of security for transactions.