Hosted Checkout and setting the right AVS and CVV2

I would like the transaction to be declined when the following happens:
invalid expiration date
invalid cvv code
invalid zip code

I think we have gotten the first 2 to be declined by turning on the CVV2 filters: N, P, I
But for the AVS we have tried multiple combinations and somehow it still gets approved.

We are doing relay url, so we are getting the response codes for avs and cvv but at that point the transaction is already approved. Am I supposed to check those codes and make a call to void the transaction?

Any help with understanding how this works would be greatly appreciated.