The short answer
Address Verification Service (AVS) is a system in which the cardholder's submitted street number and ZIP are checked against the issuer's records at auth time. The issuer returns a single-letter code describing the match — and your gateway either approves, declines, or scores based on it.
The codes
- Y — street AND ZIP match. Ideal.
- A — street matches, ZIP doesn't.
- Z — ZIP matches, street doesn't.
- N — neither matches. Red flag.
- U — issuer didn't respond / unavailable.
- G / S — non-US issuer / not supported.
What operators need to know
- AVS is US-only for most issuers — international cards return U/G and you can't rely on it.
- Missing AVS on a CNP transaction bumps you to a more expensive interchange tier (~30 bps).
- AVS match ≠ real cardholder — stolen cards with ZIP harvested from breaches match AVS fine. Don't treat Y as safety.
- AVS mismatch ≠ fraud — customers move, mistype, or use shipping as billing. Declining on A or Z alone kills good orders.
- Combine with CVV — full AVS match + CVV match is a meaningfully stronger signal than either alone.
- Configure per-brand — a luxury brand with low fraud might accept A/Z; a rep-heavy subscription brand might only accept Y.
Numbers to know
In clean e-commerce, AVS returns Y on ~85% of US transactions, A or Z on ~8%, N on ~2%, U on ~5%. Declining on N alone saves roughly 30–50% of card-testing fraud with almost no legit order loss. Declining on A+Z costs you 4–7% of legitimate orders for marginal fraud reduction.
Why multi-brand operators care
AVS rules set at the brand level let you tune risk per brand — tighter on high-ticket fashion, looser on low-ticket CPG. Centralize the rules in one fraud-scoring layer at the parent with brand-level thresholds so you don't end up with 5 different inconsistent fraud policies.