Payment security is often discussed as if there’s a single best approach. In reality, security requirements vary by region, regulation, and customer expectations. Two of the most common approaches used today are Address Verification Services (AVS) and 3D Secure (3DS).
Both reduce fraud. Both are widely adopted. And both introduce different trade-offs for customer experience and payment operations. Understanding why they exist and when they’re used helps teams design payment flows that are secure without adding unnecessary friction.
Why AVS and 3DS exist
AVS and 3DS were designed to solve similar problems in different environments.
3D Secure was introduced to support Strong Customer Authentication (SCA), particularly in Europe, where regulation requires additional verification for many card payments. It adds an authentication step, often through a banking app or one-time passcode, to confirm the payer’s identity.
AVS takes a different approach. Instead of adding an extra authentication step, it checks whether the billing address entered during a payment matches the address held by the issuing bank. If the details match, the transaction can proceed without interrupting the payment flow.
These approaches reflect regional regulation and customer norms rather than different levels of security maturity. The same security strategy can also perform differently across markets because issuer behavior varies, not just regulation.
Security trade-offs teams need to manage
From a payment operations perspective, the challenge isn’t choosing AVS or 3DS. It’s managing how each method affects conversion, customer experience, and operational overhead.
3DS can reduce fraud and liability, but it introduces an additional step for customers. AVS keeps the payment flow lighter, but relies on accurate address data and issuer checks.
In practice, global organisations often need to support both approaches at the same time, depending on where customers are located and how payments are collected.
To see how market behavior can change outcomes, Stripe published analysis of 3DS transactions in the US compared to regulated markets.
What Stripe found when US businesses requested 3DS
Stripe observed patterns that differ from regulated markets. Several large US issuers route a high share of 3DS transactions through a frictionless path, meaning customers are rarely prompted for a two-factor step.
More surprisingly, Stripe observed cases where authorization rates dropped when businesses requested 3DS through that frictionless pathway. In one subset, authorization held at 87% when transactions were challenged and successfully authenticated, but fell to 82% when routed frictionless.
The takeaway is simple: in some markets, asking for extra authentication can change how issuers score risk, and performance can’t be assumed to carry over from Europe. The broader point applies everywhere: issuer behavior can shift outcomes, even when the payment flow looks the same.
How address verification works in practice
With AVS, billing address details are captured at the point of payment and checked with the issuing bank as part of the transaction request. The result determines whether the payment is approved or declined.
When address details are stored alongside the payment profile in Salesforce, they can also be reused for recurring payments or stored payment methods. This allows teams to apply the same level of verification consistently across future transactions without re-entering data.
This model supports fraud checks while keeping repeat payments predictable for both customers and internal teams.
Applying the right security at the right time
Treating AVS and 3DS as competing options misses the point. Payment security needs to adapt to context, and issuer behavior can vary significantly by market.
FinDock supports both AVS and 3DS across processors and regions, so teams don’t need to redesign payment flows or manage separate security models as they scale. Security controls can be applied where they make sense, while payment data and workflows remain consistent inside Salesforce.
This approach helps teams meet regulatory requirements, reduce fraud risk, and maintain a predictable payment experience without adding operational complexity.
Learn more
To see how AVS and 3DS are configured in practice with FinDock, watch the January release webinar walkthrough or explore the security and payments documentation in the FinDock Knowledge Base.