12 SEPEcommerce merchants rely heavily on the Address Verification System (AVS) and Card Verification Value (CVV2) as a first line of defense against fraudsters. In a recent data review, we found that, when a mismatch is considered to indicate fraud, both of these data points trigger over 90% false positives. Our data review sampled our most recent million transactions. We considered AVS response codes of 'N', 'I4', 'I5', 'I6', 'I7', and 'I8' to be mismatches, though in many payment gateway configurations, 'Z' is also included in this group. For CVV2 response codes, we only sampled transactions that generated an 'N'.