A client pointed this out to me recently. It doesn't appear the Authorize.Net CIM is sending bill-to address. Thus AVS never gets checked.
When I look at AuthNetCIMProvider.cs, I see two routines DoStandardAuthorize() and DoProfileAuthorize()
DoProfileAuthorize() is called when a stored profile is being used for the transaction. However nowhere in the DoProfileAuthorize() routine is the bill-to address populated before the request is sent to AuthNet.
The transaction object returned from the request will show an AVS response. However that response is mislabeled in Able Gold.
In Able Gold, response code "Partial Match (P)" is shown. However according to current AuthNet documentation, response code "P" is not a match at all - it's actually a response code representing AVS is "Not Applicable".
https://support.authorize.net/s/article ... onse-CodesP = AVS not applicable for this transaction
This response code is returned when address information is not checked against the AVS system. Examples of this would be eCheck.Net® transactions, credits, voids, prior auth capture transactions, capture only transactions, declines and other transactions that do not include address checking.