A card transaction, whether in-store or online, may seem simple enough when an ‘Approved’ message appears on the screen. However, things can get murky when a ‘Declined’ message pops up and it’s unclear to both merchants and customers as to why this has happened.
The customer transaction may fail for numerous reasons – from an expired payment card and location restrictions to a blocked card because of fraud. Understanding what each credit card decline code (also known as card decline codes or CC codes) means is vital for merchants to take the right action and avoid revenue losses.
In this article, we dive into the meaning of decline codes and why they happen. We also look at some of the most common decline codes merchants should be aware of to make better and safer business decisions when processing transactions.
What are credit card codes and why are they important?
Credit card codes are alphabetical and/or numerical tokens that signal to merchants that the customer’s transaction has been approved or declined by the issuer. Before a transaction is considered successful, it goes through various stages and parties within the payment flow, which includes the payment gateway, acquirer, card schemes and issuer. However, errors may occur at any stage of the transaction cycle, which makes card decline codes all the more important.
Why do credit card decline codes occur?
While the card response message merchants want to see is a self-explanatory ‘Approved’, there are over 100 different codes in existence when it comes to a declined transaction (more on this below).
Some of these codes mean that a merchant should stop processing the transaction immediately and ask the customer for an alternative payment method. Some other ones may even urge merchants to refuse to proceed with the sale because the issuer suspects fraud for the payment card the customer has provided.
Card decline volumes can also vary depending on the region, the card type (e.g. credit card, prepaid card, etc.), the transaction type and the Merchant Category Code (also known as a MCC).
In any case, if merchants don’t take the necessary measures based on their acquirer’s advice to address declined transactions, they can risk losing revenue to fraud and chargebacks, including reputational clout and, possibly, repeat customers. One reason for this is because low payment acceptance rates can affect the customer experience, raising unnecessary friction and uncertainty during the checkout process that can, ultimately, lead to lack of brand loyalty.
What is authorisation?
Authorisation is a stage during the transaction process that follows the initiation of a purchase by a customer, where key payment parties work together to validate the cardholder’s payment details. These entities include the acquirer, payment gateway, card schemes (Visa, Mastercard, American Express, etc.) and the issuer (the bank that issued the customer’s card).
Here's how authorisation fits into the overall payment process:
1. A customer attempts to make a purchase online or in-store.
2. The merchant’s payment system sends a payment request to the payment gateway. The payment gateway encrypts the payment data and performs fraud checks, before sending an authorisation request to the acquirer.
3. The acquirer will then send this information between the card schemes to conduct further risk analysis, before it’s shared with the issuer to:
- Verify the cardholder’s details;
- Confirm there are sufficient funds; and
- Validate that the card is legitimate and hasn’t been compromised or stolen.
4. If no issues have been flagged by the issuer or card schemes, the payment will be authorised. The merchant and customer will receive confirmation that the purchase has gone through. The remaining steps of the payment process will be carried out, which includes clearing and settlement.
5. If the payment hasn’t been authorised, the merchant and customer will see a decline code (in card transactions, this will appear on the merchant’s POS terminal).
The 15 most common card decline codes and what they mean?
The list of decline codes is inexhaustible, but we’ve compiled a list of the 15 most common decline codes merchants should be aware of.
05 – Do not honour: The payment hasn’t been validated by the issuer due to a number of reasons like insufficient funds, mismatched credentials or a frozen card, among other things. When this happens, merchants can ask customers to use a different card or, if this fails, you can ask them to get in touch with their bank to authorise the payment.
12 – Invalid transaction: The transaction isn’t authorised because of technical glitches. Merchants shouldn’t re-attempt the transaction and should assess the situation for potential fraud or issues with their terminal.
14 – Invalid account number (no such number): The card or account number (PAN) that the customer has input doesn’t match the number on file with the issuer. The account number can be revalidated and another card can be used. The possibility of fraud should also be investigated.
41 – Lost card, pick up (fraud account): Card fault 41 means that the customer’s bank prevented the transaction because the card has been reported as lost. If in use, this is possibly a case of fraud.
43 – Stolen card, pick up (fraud account): The card has been reported as stolen. It’s advised that merchants do not accept an alternative payment method and ask the customer to contact their issuer.
51 – Insufficient funds: When a decline 51 code appears, the customer’s card doesn’t have enough funds to cover the cost of the transaction. Merchants can ask the customer to try another payment method.
54 – Expired card: This code appears when the card is expired, an expiration date is invalid or an expiry date is missing. The merchant can ask the customer to confirm their expiry date before the transaction is reattempted or ask them for a different payment method. Alternatively, the customer can get in touch with their issuer to investigate the matter.
55 – Incorrect (or invalid) PIN: The customer has entered the wrong PIN and failed the verification process for a POS transaction. The cardholder can try again, but if they keep getting it wrong, they might get other response codes such as 75, which indicates that the allowable PIN attempts have been exceeded. Excessive attempts may result in additional risk investigations. It’s suggested that the customer doesn’t initiate the transaction again the same day to allow limits to reset. Any POS payments can be reattempted as a non-PIN transaction, if applicable.
57 – Transaction not permitted to cardholder: This happens when the customer’s card doesn’t support specific transaction types due to a restriction set by their issuer (e.g. gambling transactions). Merchants can request for a different payment method or ask the customer to get in touch with their issuer to permit the transaction. Once their issuing bank has lifted this restriction, you can reattempt the transaction.
61 – Exceeds issuer amount limit: The customer has exceeded the amount limit with their issuer, meaning they’ve overdrawn their credit or spent over their withdrawal limit for the day. Merchants can ask the customer to try another payment card or retry the following day until the limit resets. Alternatively, the customer is prompted to call their issuer.
62 – Restricted card (card invalid in region or country): Use of the card is temporarily or permanently restricted in a particular country. It’s recommended that the transaction is not immediately reattempted. Also, the merchant can also try again if the customer confirms the restriction has been removed.
65 – Activity limit exceeded: The defined count activity limit set by the card scheme or issuer (typically set daily) has been exceeded. Transactions shouldn’t be reattempted until the following day when the limits have reset. Merchants can ask the cardholder to reach out to their issuing bank to resolve this.
75 – Allowable number of PIN-entry tries exceeded: This happens when the customer has reached the allowable number of PIN-entry attempts for POS transactions. It’s advised not to reattempt the transaction the same day to enable limits to reset. Merchants can ask the cardholder to contact their issuer to resolve this.
96 – System malfunction: The issuer’s system is unable to perform the authorisation due to a malfunction or critical message failure. The customer might be prompted to wait a few minutes before initiating the transaction again.
R0 or R1 – Stop recurring payment: This happens when a customer has requested to stop all recurring payment transactions with a merchant. Cancel any upcoming payments associated with that customer to prevent chargebacks and follow-up with the customer to confirm the change.
Soft declines vs hard declines – what’s the difference?
A card decline code doesn’t necessarily mean that a merchant should write the transaction off as a loss of sale. In some cases, they can take control of the situation. This can be achieved by differentiating between what’s known as “soft” and “hard” declines.
What are soft declines?
A soft decline happens when the customer’s issuer authorises the transaction but an error occurs at another point within the payment chain. For example, this may happen when the registered address doesn’t match the billing address, the payment gateway is down when a customer initiates a transaction or the cardholder has not completed Strong Customer Authentication (also known as Two-Factor Authentication). In the case of a valid soft decline, the merchant should be able to retry the same payment with 3DS. At the same time, the cardholder will be prompted for 3DS authentication, which might involve the customer approving the payment directly in their bank’s app in certain instances.
The key to making sure that a payment is legitimate is to have a robust risk management strategy in place to help mitigate the risk of fraud. Some of the features your strategy may include are:
- CVV verification
- Address Verification Service (AVS)
- Geo-location
- 3D Secure 2.0 (3DS2) technology
It should be noted that when it comes to PDS2, soft declines are linked to specific decline codes (i.e. 1A, 70 for Visa and 65 for Mastercard). This means that the issuer has instructed the cardholder to perform Two-Factor Authentication as part of 3D Secure (3DS). Moreover, the merchant can re-attempt the payment and the customer will automatically be prompted to complete the 3D Secure authentication again. Depending on the merchant’s payment setup, this will be an automated process managed by the merchant or their payment provider.
What are hard declines?
A business is faced with a hard decline when the issuer refuses to approve the transaction. Unlike their counterpart explored above, hard declines occur when transaction authorisations permanently fail and must not be re-attempted with the same payment information.
On most occasions, hard declines are linked with suspicious or fraudulent activity, including:
- Invalid payment card data
- The bank account for a cardholder has been closed
- The payment card has been reported as lost or stolen
All in all, not every decline is associated with lack of funds or fraud. Many declines can be raised due to system or merchant input errors, as well as communication mistakes among banks and payment processors. In other cases, the card itself could be the problem.
How emerchantpay can help
Knowing what each transaction decline code means and how to act next is essential for safeguarding your business’ revenue and providing a smooth payment experience for your customers.
Working with an experienced payment service provider like emerchantpay can help you realise the value of optimised payment processes. Our knowledgeable team of payment specialists provide data-driven insights and strategic advisory services to help you craft your risk and chargeback management strategy, alongside tackling fraudulent transactions and false declines, among other things.
Want to learn more about how to better manage card decline codes for improved payments performance and revenue? Contact our team and find out how.