'"CVV_NOT_CHECKED"' and '"AVS_REJECTED"' Causing Fraud Alerts on our Customer's we check out?


We use Square in App Payment SDK for checking out our customer’s in person through our own app. Recently we’ve been getting notification from Square requiring us to give more information for certain card transactions before we can receive the funds (Annoying Lengthy Process but I understand). However, I noticed the payments that we are getting these flags on are receiving ‘’“CVV_NOT_CHECKED”’ and ‘“AVS_REJECTED”’ in the payment api Response?

My Question: For us to run the card in our app we are required to input valid CVV and Zip Codes (At least when I have tested with my own cards). Is ‘“CVV_NOT_CHECKED”’ and ‘“AVS_REJECTED”’ saying that we are running customer’s card “Succefully” without valid CVV or Zip Codes? If so, how do we enable that we want all CVV and Zip Codes to come back as ’ ```
“cvv_status”: “CVV_ACCEPTED”,
“avs_status”: “AVS_ACCEPTED”,
`` before the transaction is approved?

Square Dashboard allows for setting up “RiskManagment” where you can create these specific rules, but the rules cannot be applied to out In App Payment SDK according stated by Square itself??

Is there no way to ensure the CVV and Zip come back with a match before processing the card? We would rather decline the card all together if they don’t come back with a match. I imagine there has to be a way to enable this with the SDK’s,. no??

Info and Help is much appreciated!!!

Thank You


Unfortunately, we don’t control whether or not the AVS or CVV is checked by the bank. The bank is the one that will validate the data that we send them. There is unfortunately no way for use to force them to check this. :slightly_smiling_face:

1 Like

How is it it can be set as a rule the RiskManagment in square dashboard rules?

What changes when we move to the SDK side of things?

At this time you can only enable a force check in Risk manager. There isn’t a programatic way to create rules in Risk manager at this time. We’re constantly working to improve our features based on feedback like this, so I’ll be sure to share your request to the API product team. :slightly_smiling_face:

1 Like

Thanks for the feedback!

Couple last questions before I cut you loose out of this discussion haha!

  1. Does RiskManagment apply to transactions we process directly through the square app? Meaning if we switch back to the square app to process the card we can then force this check? Cause this might be the most plausible solution for the time being then.

  2. Do you know, If we send more/better information through the card payment request in the SDK, does this better eliminate the chance of these transactions being flagged? Meaning if the CVV and or the ZIP are not verified BUT we send over the the customer’s name (matching card), email, address, phone number will this information be inspected before deciding to flag our transaction thus requiring us to complete the intensive square fraud alert form?

Appreciate all your responses and understand certain integrations are still being worked on. :+1:t3:

If your application is using verifyBuyer and passing in a verification_token then the seller can enable Risk Manager rules.

Currently we send all the information collected with the Web Payments SDK to the bank. It’s entirely up to them whether or not they release the funds based on data they check. We can’t force them to do these checks. :slightly_smiling_face:

1 Like