Sign in
An image of the Stripe logo
Create account
Sign in
Support

Card verification checks

Learn how to make use of card verification checks to protect against disputes and fraud.

When a card payment is submitted to a card network for authorization, Stripe provides the CVC, postal code, and billing street address for them to verify (if you collected these from the customer in your checkout flow). The card issuer checks this against the information they have on file for the cardholder. If the provided information doesn’t match, the verification check fails. A failed CVC or postal code check can indicate the payment is fraudulent, so review it carefully before fulfilling the order.

Each Charge object includes the verification response as part of its source attribute. You can also find the verification results in the Dashboard when viewing a payment.

If no information is collected, the card issuer can’t perform a verification check. Collect the CVC, postal code, and billing address for every payment to avoid this issue. The results of verification checks help improve the detection of fraudulent activity.

Card verification code check (CVC)

The CVC (also referred to as CVV) is the three- or four-digit number printed directly on the credit card, usually on the signature strip or the front of the card. Radar includes a rule to block any payments that fail the CVC verification check, which you can enable or disable within the Dashboard (this doesn’t affect payments where the CVC check couldn’t be performed).

You can perform CVC verification by providing the CVC value either when you create a payment with a new card payment method, or when you attach a new card payment method to a customer. To re-verify the CVC on a previously saved card, refer to the integration guide on CVC recollection.

In general, only cardholders in physical possession of the card should have access to the CVC number. Businesses are not permitted to store the CVC number, so it’s unlikely that a fraudster can obtain this information through a computer breach. However, CVC verification doesn’t protect against the physical theft of a card, nor card information being used on a computer or website that isn’t secure.

Address verification (AVS)

Address verification (AVS) checks two pieces of information, the postal code and the billing street address. AVS checks determine whether this information matches the billing address on file with the card issuer. Radar includes a rule to block any payments that fail postal code verification, which you can enable or disable within the Dashboard.

If enabled, these address checks can fail on legitimate payments in some situations. For example, a customer entering their address incorrectly or moving and not updating their address with the card issuer could cause the address check to fail.

Support for both types of AVS checks varies by country and card issuer (for example, certain countries don’t use a postal code or some card issuers don’t support street address verification). However, street address verification is commonly supported for cards issued in the United States, Canada, and the United Kingdom.

See also

Was this page helpful?
Questions? Contact us.
Watch our developer tutorials.
Check out our product changelog.
Powered by Markdoc
On this page
Card verification code check (CVC)
Address verification (AVS)
See also
Stripe Shell
Test mode
                        ▗▄
         ▄▟█           █▀▀
▗▟████▙▖ ██████ ███▗▟█ ███ ███▗▟██▙▖ ▗▟█████▙▖
███▖  ▀▀ ███    ███▀▀▀ ███ ███▀  ███ ███   ███
▝▜████▙▖ ███    ███    ███ ███   ███ █████████
▄▄  ▝███ ███  ▄ ███    ███ ███▄  ███ ███    ▄▄
▝▜████▛▘ ▝▜███▛ ███    ███ ███▝▜██▛▘ ▝▜█████▛▘
                           ███
                           ▀▘


Welcome to the Stripe Shell!

Stripe Shell is a browser-based shell with the Stripe CLI pre-installed. Login to Stripe
docs and press Control + Backtick on your keyboard to start managing your Stripe resources
in test mode.

- View supported commands: 
- Find webhook events: 
- Listen for webhook events: 
- Call Stripe APIs: stripe [api resource] [operation] (e.g. )
The Stripe Shell is best experienced on desktop.
$