I have a web application configured to use PayFlow Pro with hosted checkout pages and SecureToken. It's currently in TEST mode and I've configured the account (via the PayPal Manager) to use FULL AVS, however when I make a payment with an invalid test ZIP (> 50000) I see the AVSZIP flag set to 'N' in the response from PayFlow, but the transaction is approved with a RESULT of 0, and RESPMSG of 'Approved'. When I check the transaction ledger on PayPal Manager that also shows an approved, successful transaction (ironically it also shows an AVS Zip Match of 'N')
My understanding from the online help documentation is that when AVS is set to Full, PayPal will void the transaction and the buyer is decline (which is the behavior I'm looking for), but that's not what I'm seeing. I did notice in the Payflow Gateway Developer Guide (last updated 07 Feb 2013) the following statement around AVS:
Address verification service compares the submitted billing street address and zip code with the values on file at the cardholder’s bank. The response includes values for AVSADDR and AVSZIP: Y, N, or X for the match status of the customer’s street address and zip code. Y = match, N = no match, X = cardholder’s bank does not support address verification service. The address verification service result is for advice only. Banks do not decline transactions based on the address verification service result. The merchant decides to approve or decline a transaction. Most US banks and some international banks support the address verification service.
However, that seems contradictory to the online help documentation.
Below are the request and response data POSTed back and forth. I've left out the intermediate POST and redirect to payflowlink.paypal.com since all that contains is the SecureTokenID and SecureToken.
Can someone shed some light on what I might be doing wrong? Do have a missing or incorrect value in my inital request to pilot-payflowpro.paypal.com? Other than this issue, everything is working great and exactly as I expect.
To https://pilot-payflowpro.paypal.com:
Mode=TEST&CreateSecureToken=Y&SecureTokenID=1508D489FD8F4A0BB47CA541D7191427&User=########&Vendor=#######&Partner=PayPal&Pwd=#######&TrxType=S&Tender=C&FirstName=Test&LastName=User&Address=101 N. Wacker Dr.&City=Chicago&State=IL&Zip=60606&Country=US&Phone=312-000-0000&Email=test.user@testdomain.com&Amt=160.00&Currency=USD&User1=276&User2=C161168&Comment1=Tampa Spring Regional Training Event&Comment2=Current User PersonID: 690399, Effective Current User PersonID: 690399&CancelURL=http://localhost:5527/PaymentQueue/Registration/ProcessPayPalCancel&CSCRequired=True&CSCEdit=True&DisableReceipt=True&Template=TEMPLATEA&ErrorURL=http://localhost:5527/PaymentQueue/Registration/PaymentError&ReturnURL=http://localhost:5527/PaymentQueue/Registration/ProcessPayPalResponse&URLMethod=POST
From https://payflowlink.paypal.com:
AVSZIP=N&STATE=IL&TYPE=S&BILLTOEMAIL=test.user@testdomain.com&USER2=C161168&ACCT=4444&PROCCVV2=M&BILLTOLASTNAME=User&BILLTONAME=Test+User&CVV2MATCH=Y&LASTNAME=User&PNREF=V78A4A45A75A&TENDER=CC&EMAIL=test.user@testdomain.com&PHONE=312-000-0000&METHOD=CC&BILLTOFIRSTNAME=Test&AMT=160.00&SHIPTOCOUNTRY=US&TRANSTIME=2013-04-05+07%3A47%3A38&ZIP=60606&AUTHCODE=031PNI&BILLTOCOUNTRY=US&EXPDATE=1213&IAVS=N&RESPMSG=Approved&COUNTRY=US&BILLTOZIP=60606&BILLTOCITY=Chicago&TAX=0.00&BILLTOSTATE=IL&CARDTYPE=1&FIRSTNAME=Test&AVSDATA=YNY&PROCAVS=A&SECURETOKEN=#########&SECURETOKENID=1508D489FD8F4A0BB47CA541D7191427&AVSADDR=Y&CITY=Chicago&BILLTOPHONE=312-000-0000&NAME=Test+User&USER1=276&HOSTCODE=A&COUNTRYTOSHIP=US&BILLTOSTREET=101+N.+Wacker+Dr.&RESULT=0&ADDRESS=101+N.+Wacker+Dr.
