AVS Mismatch Still Allowed – Potential Fraud?

Hi everyone,

I recently ran into an issue with a transaction on my store, and I’m hoping to get some advice on why my fraud prevention settings didn’t block it. I’m also trying to decide whether to proceed with the order or cancel it, and I’d really appreciate your input.

The Situation:

I have fraud prevention settings enabled on my payment gateway, including:

• Decline charges that fail CVV verification – ON
• Decline charges that fail AVS postal code verification – ON
• Require shipping and billing address to match – ON

Despite these settings, an order was processed where:

• Both the billing street address and postal code did not match the credit card's registered address.
• The fraud analysis flagged the order as "Medium Risk."
• The CVV verification was correct.
• The shipping address is close to the IP address used for the transaction (only 7 miles apart).
• The IP address is from a city close to the shipping address, suggesting geographic proximity.
• The payment was made with a debit card (not a credit card).

My Questions:

1. Why would this transaction still be processed despite an AVS failure and the "Decline charges that fail AVS postal code verification" setting being enabled?
2. Are there common scenarios where AVS mismatches or address mismatches are overridden (e.g., by partial match allowances or issuing bank policies)?
3. Does the fact that the customer used a debit card instead of a credit card lower the risk of fraud in any way?
4. Should I cancel the order or proceed with fulfillment, given the mixed indicators (e.g., AVS failure vs. correct CVV, geographic proximity of IP and shipping address, and use of a debit card)?

I want to ensure my fraud prevention measures are working as intended, but I also want to avoid unnecessary order cancellations if this is just a false flag.

Thanks in advance for your advice—any similar experiences or recommendations would be super helpful!