Shift4 Iframe Card Verification and AVS

An option has been added to PrismWeb for the Shift4 Iframe to allow card verification and address verification at the time the order is placed on your website.  Your store can manage options to verify as well as the level of verification in PrismWeb Manager.  

Credit Card Verification and AVS Set up

To use the card verification option you will need to choose the options for what type of verification you would like to use on your website.  If using the AVS (Address Verification Service), you will need to also set the sensitivity level for the verification.  To set these options, in PrismWeb Manager, navigate to Setup > Site Options > Payment Processors.

Setting Credit Card Verification Level 

In the Card Verification section of the Payment Processors page, select from the drop down the level of verification for your website. The drop down options are:

  • Off – No card verification will be done at the time the order is placed

  • Verify Without AVS Check – The credit card will be checked to verify it is an active card. It will also verify the card number, expiration date, and security code are accurate.

  • Verify with AVS Check – The credit card will be checked to verify it is an active card. It will also verify the card number, expiration date, and security code are accurate. The name and address are also verified based on the AVS Sensitivity level selected.

Setting AVS Sensitivity Level

When the Card Verification option is set to Verify with AVS Check, the AVS Sensitivity section will need to be set.  The default sensitivity level is Medium.  If you would like to adjust this option, in the AVS Sensitivity section of the Payment Processors page, select the radial button next to the option you would like to use for your website.  The options are:

  • High - Fail any confirmation of name, street, or zip mismatch.

  • Medium - Fail any confirmation of street or zip mismatch. Forgive name mismatch.

  • Low - Fail any confirmation of zip mismatch. Forgive name or street mismatch.

  • Custom – Choose all scenarios that should be allowed.

Processes and Error Messages 

Card Verification Process

The credit card verification process creates a $0 transaction that immediately gets voided. During this process two things happen. First it is determined whether or not the bank will allow the transaction based on the card number, expiration date, and security code that the user entered. Second, if the bank allows the transaction, a security check is done to verify that the security code entered is correct. If you turn on AVS, a third step is added.

STEP 1: Bank Authorization

Based on the card information that the user enters, the bank will either mark the transaction as APPROVED or not (see the full list of possible outcomes below). If the transaction is APPROVED from the bank, the transaction is allowed to continue to STEP 2. If the transaction is not APPROVED, the customer receives an error message and can choose to try again.

The error message will include a general message along with the description of the response in parenthesis.
Ex. “Card verification failed (Declined). Please try again or use a different form of payment.”

Bank Approval Values and Their Description and Details

Value

 

Description

 

 

Details

 

A

Approved

The transaction is approved.

C

Approved

The transaction is approved without requiring additional authorization because it is less than or equal to a ceiling amount. (The ceiling amount is the original authorization amount multiplied by the tolerance per the merchant’s settings with Shift4 Payments.)

D

Declined

The transaction is declined.

e

Error

There is an error condition.

f

AVS or CSC failure

An AVS or CSC failure has occurred (credit card only).

P

Partial approval

A partial authorization has occurred. Check amount.total for the approved amount.

R

Voice referral

The transaction requires a voice referral.

STEP 2: Security Code Validation

Some banks may allow a transaction even if the security code is inaccurate, which makes this second step necessary. After the bank approves the transaction, another check is done to make sure the security code is valid. If the security code returns as valid the user is either allowed to continue through your website’s checkout process or, if you opted to do address verification, verification will move on to STEP 3. If the security code comes back as invalid, the user will see an error message and can choose to try again.

The error message will include a general message along with the value (see list of values in the table below) of the response in parenthesis.
Ex. “Card verification failed (N). Please make sure the card number, expiration date, and security code were entered correctly.”

Security Code Validation Values and Their Description

Value

 

Description

 

M

CSC matched.

N

CSC did not match.

P

CSC not processed.

S

CSC should have been present.

U

Issuer unable to process.

STEP 3: Address Verification Service (AVS)

If the bank approves the transaction AND the security code is returned as valid AND you have your site set to do address verification, the transaction will do an AVS check to validate the user’s billing info.

Shift4 AVS checks both the house number in the street1 or address1 field and the zip code field to see if it matches against the same info registered to the card’s bank. Some cards also support name verification where, in addition to the address and zip, it validates to make sure the first and last name in the billing info matches that registered to the card. AVS can handle both 5 digit and 9 digit zip codes. It is important to note that the entire address in the street1 field IS NOT used in the verification. Only the house number.
Ex. 123 Main Street Apt 1. Only the BOLD part is used in the street address verification.

Shift4 AVS checks return one of the following “Values” seen in the table below. If the store’s account is setup not to allow for the “Value” that gets returned, address verification will fail and return an error message. The error message will contain a generic message along with the “Value” that gets returned in parenthesis.
Ex. “Card verification failed (A). Please make sure the billing name, address, and zip code match what is listed in your card's bank.“

The four options for AVS Sensitivity and their values are:

  • High - Fail any confirmation of name, street, or zip mismatch.
    Allows values BDEGIJMPQRSUVXY

  • Medium - Fail any confirmation of street or zip mismatch. Forgive name mismatch.
    Allows values BDEFGHIJMPQRSTUVXY

  • Low - Fail any confirmation of zip mismatch. Forgive name or street mismatch.
    Allows values BDEFGHIJLMPQRSTUVWXYZ

  • Custom - Manually choose any of the following scenarios that should be allowed.

AVS Values and Their Description

Value

 

Description

 

A

Street address matches, but 5-digit and 9-digit postal code do not match.

B

Street address matches, but postal code not verified. Returned only for non U.S.-issued Visa cards.

C

Street address and postal code do not match. Returned only for non U.S.-issued Visa cards.

D

Street address and postal code match. Returned only for non U.S.-issued Visa cards.

E

AVS data is invalid or AVS is not allowed for this card type.

F

Card member’s name does not match, but billing postal code matches. Returned only for the American Express card type.

G

Non-U.S. issuing bank does not support AVS.

H

Card member’s name does not match. Street address and postal code match. Returned only for the American Express card type.

I

Address not verified. Returned only for non U.S.-issued Visa cards.

J

Card member’s name, billing address, and postal code match. Shipping information verified and chargeback protection guaranteed through the Fraud Protection Program. Returned only if you are signed up to use AAV+ with the American Express Phoenix processor.

K

Card member’s name matches but billing address and billing postal code do not match. Returned only for the following processors and card types: American Express Phoenix if you are signed up to use Enhanced AVS or AAV+, Paymentech New Hampshire for the American Express card type, Vital for the American Express card type.

L

Card member’s name and billing postal code match, but billing address does not match. Returned only for the following processors and card types: American Express Phoenix if you are signed up to use Enhanced AVS or AAV+, Paymentech New Hampshire for the American Express card type, Vital for the American Express card type.

M

Same as D. Street address and postal code match. Returned only for non U.S.-issued Visa cards.

N

Street address and postal code do not match. or Card member’s name, street address and postal code do not match. Returned only for the American Express card type.

O

Card member’s name and billing address match, but billing postal code does not match. Returned only for the following processors and card types: American Express Phoenix if you are signed up to use Enhanced AVS or AAV+, Paymentech New Hampshire for the American Express card type, Vital for the American Express card type.

P

Postal code matches, but street address not verified. Returned only for non U.S.-issued Visa cards.

Q

Card member’s name, billing address, and postal code match. Shipping information verified but chargeback protection not guaranteed (Standard program). Returned only if you are signed up to use AAV+ with the American Express Phoenix processor.

R

System unavailable.

S

U.S.-issuing bank does not support AVS.

T

Card member’s name does not match, but street address matches. Returned only for the American Express card type.

U

Address information unavailable. Returned if the U.S. bank does not support non-U.S. AVS or if the AVS in a U.S. bank is not functioning properly.

V

Card member’s name, billing address, and billing postal code match. Returned only for the following processors and card types: American Express Phoenix if you are signed up to use Enhanced AVS or AAV+, Paymentech New Hampshire for the American Express card type, Vital for the American Express card type.

W

Street address does not match, but 9-digit postal code matches.

X

Street address and 9-digit postal code match.

Y

Street address and 5-digit postal code match.

Z

Street address does not match, but 5-digit postal code matches.

Troubleshooting

This section is to document and inform about any issues that may be encountered with card verification and AVS.

Error Messages Shoppers May See

“Card verification failed (<Description from Step 1 Table>). Please try again or use a different form of payment.”
This error is a result of the transaction not getting approved by the bank. Check Step 1 table for a better idea of why it failed by looking up the message in the error’s parenthesis.

“Card verification failed (<Value from Step 2 Table>). Please make sure the card number, expiration date, and security code were entered correctly.”
This error means the bank approved the transaction but the card did not pass security code validation. Use the letter in the error’s parenthesis to get more details of the error in Step 2 table.

“Card verification failed (<Value from Step 3 Table>). Please make sure the billing name, address, and zip code match what is listed in your card's bank.“
This error means the bank approved the transaction and security code validation passed but there was a problem with the user’s billing info (name, address, or zip). Use the letter in the error’s parenthesis to get more details of why it failed from Step 3 table.

Problems and Solutions

P. Payment Processor is Moneris and all transactions are getting declined, even cards that are known to be good.
S. Contact Moneris and make sure the setting “Status Enquiry” is enabled.

P. Stores using Shift4 and Elavon are getting declines on all VISA transactions.
S. Go to Site Options>Payment Processors and make sure Security Code Exception is checked. There are four lines of code regarding the CVV information on the card that are not being sent back to PrismWeb, which causes the card to decline. Checking this box allows PrismWeb to allow the card to process as long as all other information is correct, and this will allow the orders to be accepted on the web. If there does wind up being as issue with the CVV, the transaction will be declined in PrismCore as the four lines of code do flow through to PrismCore when the order is processed.

 

First Published 2/18/2021

Edited 2/18/2021

© 2021 Nebraska Book Company, Inc.  All rights reserved.