# Understanding AVS and CSC Verification Address Verification System (AVS) and Card Security Code (CSC) verification are two separate verification systems that are often used together when processing card-not-present transactions and manually entered cards in card-present scenarios. AVS and CSC data may be collected through prompts on a PIN pad, entered into the interface by the clerk, or entered into an e-commerce web page by the consumer. The AVS and CSC data is collected and sent with the initial authorization or sale request, but it is not sent in any subsequent requests for a given invoice. If AVS or CSC verification fails on an initial request, Shift4 will automatically void the transaction. Therefore, to retry AVS and CSC verification with new data, a new transaction must be started. However, if an interface sends "POSHANDLEAVSFAIL" in apiOptions for the initial authorization or sale request for a transaction, Shift4 will not void the transaction in the case of AVS or CSC failure. At that point the interface can query the `avs` object to obtain further detail regarding the reason for the failure and proceed according to the merchant's or vendor's business practices. Importantly, AVS and CSC verification are completed separately from transaction authorization. This means that even though a bank may approve a transaction, the AVS or CSC verification may fail. A merchant can also have their account set to return a declined response whenever AVS or CSC is invalid. ## Address Verification System Processors use AVS data, including the name, street number and/or postal code, to validate the identity of the consumer against the information on file with the card issuer. Using AVS helps a merchant achieve better interchange and/or discount rates. ## One and Two Pass Verification There are two methods to verify the cardholder’s AVS information: - One Pass Verification - Two Pass Verification ## One Pass Verification With One Pass Verification, Shift4 goes out to the processor and requests the full amount at the same time the AVS/CSC is being verified. If the AVS or CSC is invalid, then the full amount is put on authorization hold. Shift4 automatically performs a void to release the authorization hold on the customer’s card. Depending on the amount requested, the cardholder’s Open to Buy balance can be significantly affected. The balance on the customer card will be reduced by the amount being held as an authorization until the void is fully processed. Even with real-time reversals, it could take several hours until the authorization hold is released. If the authorization hold is for a large enough amount, the cardholder may be declined for insufficient funds when attempting to make purchases elsewhere. If an interface sends the API Option "POSHANDLEAVSFAIL" for an initial authorization or sale, Shift4 will not automatically void a One Pass transaction which has an AVS or CSC failure. ## Two Pass Verification With Two Pass Verification Shift4 first goes out to the processor to verify the AVS and CSC using a $0 or $1 authorization. If the AVS and CSC are valid then Shift4 goes out to the processor to authorize the full amount requested. If the AVS or CSC is invalid then an `f` code is returned in the `responseCode` field, and the transaction will be automatically voided by the gateway. The major advantage of Two Pass Verification is evident when a Two Pass verification fails, the full amount requested is not subject to an authorization hold. Despite financial institutions supporting real-time reversals, it may still take several hours or a day for the authorization hold on the funds to be removed. Since the authorization is for $1 or $0, the potential impact to the customer’s Open to Buy balance is minimized. The `f` response is only returned when the transaction was approved by the card issuer with a failed AVS or CSC result. Most issuers will decline a transaction that has an invalid Card Security Code rather than sending an approval with an invalid CSC indicator. If the card issuer declines the transaction due to invalid CSC a `D` will be returned instead of an `f` ## How One and Two Pass Verification Works at the Merchant Level When a merchant account is created, Shift4 staff will set a dollar threshold that controls whether One Pass or Two Pass is utilized. Transactions for an amount at or below the threshold will use One Pass Verification, while transactions for an amount higher than the threshold will use Two Pass. For example, if the threshold is set at $100.00, then transactions for an amount at or below $100.00 will use One Pass Verification, while transactions for an amount higher than $100.00 will use Two Pass Verification. As another example, if the threshold is set at $0, then all transactions will use Two Pass. If the threshold is set to $999,999.99, then all transactions will use One Pass. The merchant should let Shift4 staff know what value best suits their business practices.