#allen_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1475429032307851336

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• allen_api, 47 minutes ago, 6 messages

hey there 👋 this isn't exactly possible

every time you send address data (i.e. address line 1 + postal code) with a transaction, Stripe sends that data to the issuer

but there's no way to request/force the issuer to complete an AVS check - it completely depends on whether the issuer chooses to check the data

https://docs.stripe.com/disputes/prevention/verification#avs-check

you can enable Radar rules to block transactions that fail AVS checks: https://docs.stripe.com/radar/rules#traditional-bank-checks

but you can't force the issuer to check this - some issuers do not support AVS checks

thanks for that info, but there's a gap there though right?

i can only request AVS if I have a rule to block if failed?

does that mean there's no config to request the AVS but allow (mainly for card adding for later)

because that's a risk flow, to maybe trigger 3DS on a later transaction if the avs failed

well not exactly

Stripe is already effectively 'requesting' AVS for every transaction (i.e. we send the address data to the issuer)

it's just that whether the AVS check actually happens or not depends on if the issuer supports it

ooooh

almost all of the cards we see in the portal have street check and zip check as "unavailable"

we're primarily in australia

does that mean the banks aren't doing AVS?

I'm seeing conflicting information online about AVS not being widly adopted in AU, but also that it is generally available

Generally yes, it is the bank's discretion as to whether:

• They do an AVS check
• Whether a AVS fail constitutes a decline/fail

What is the underlying concern here?

so there's nothing for me to do on our side to nudge that check at all?

trying to increase our security without a full fledged 3DS

as that's high friction

and tbh the UI flow of the big banks are very ugly 😛

You can't force an AVS check, no. As explained you can optionally decide to block a payment if an AVS check fails, in the scenario the bank doesn't decline

But we probably wouldn't recommend that unless you have specific auth/fraud issues

yea I understand that bit, thanks. So all the cards that I see in our account that are marked as unavailable for zip and street checks mean the bank opted NOT to do an AVS even though stripe sent it over

What 'securtity'? Are you seeing fraudulent payments?

I don't know without a specific example

no, just trying to do a proper implementation to guard against fraud

but with the least amount of friction to the majority of good actors

how can I send you an example to check?

its pretty much all customers on our account's payment methods say unavailable

Well there must be a payment ID (pi_xxx) that you're looking at?

I'm mainly talking about setup intents

Then an seti_xxx

seti_1T3vvQD7cSHszcDMihY5gQvM

and so if this is true and a majority of our onboarded cards are unchecked, what happens if I flip on a Radar rule to block on AVS fail? would all these unchecked card adds just be unaffected and proceeed as usual?

Yeah so you can see on the Setup Attempt (setatt_1T3vvQD7cSHszcDM1Xc9bnbn) object, which is what facilitates the actual card network conversation, there was no AVS checks:

checks: {
        address_line1_check: "unchecked",
        address_postal_code_check: "unchecked",
        cvc_check: "pass"
      },

so that's on the issuer then like you said?

Yes, if unchecked. That would be a different rule: https://docs.stripe.com/radar/rules/supported-attributes?payment-method=card#issuer-checks

e.g. unchecked

is there any report or sigma I could run to see the split of unchecked vs checked on my account?

Hmm, not sure if there is for Setup Intents: https://docs.stripe.com/stripe-data/schema

Otherwise maybe analytics_acceptance_summary table might be useful

https://docs.stripe.com/payments/analytics/acceptance

My understand is that AVS is generally only done in US, CA and UK. Not AU

Support for AVS checks varies by country and card issuer. For example, certain countries don’t use a postal code, and some card issuers don’t support street address verification. Most cards issued in the United States, Canada, and the United Kingdom support street address verification.
https://docs.stripe.com/disputes/prevention/verification#avs-check

okay this has been very helpful, thanks so much!