Making Sense of Credit Card Response Codes
Table of Contents
- What are credit card response codes?
- Response codes merchants should know
- Response codes and chargebacks
- What is a bank response code?
The most important step when processing a credit card transaction is getting an authorization from the card issuer. This provides the confirmation that the customer’s identity has been verified to the best extent possible, and that the card is valid and has sufficient funds to cover the purchase.
A card transaction that hasn’t been authorized is a dangerous thing, and can leave a merchant wide open to chargebacks and fraud. However, interpreting the authorization codes that the issuer sends back can be confusing. What do the various codes sent back in authorization response messages mean, and how can merchants use them to make safer decisions when processing transactions?
The authorization message that you really want to see is simply “approved,” but there are more than 100 different codes in existence. Some of them mean that you should cease processing the transaction immediately and ask for an alternate payment method—and some will even urge you to confiscate the card because the issuer suspects fraud.
Not every code that isn’t a straightforward “approved” means the transaction cannot go through, however. It’s important to know when you can safely resubmit a transaction without inviting future chargebacks.
Many point-of-sale terminals and payment processing programs will help interpret these response codes for you, but the code descriptions themselves aren’t always crystal clear, and it’s good to have your own base of knowledge to fall back on instead of relying entirely on software tools to tell you what’s going on with your transactions. We’re here to help you make sense of the occasionally confounding world of credit card authorization response codes.
What are credit card response codes?
When you process a credit card transaction, one of the first things that happens is that your terminal or payment processing software sends an electronic authorization request to the card issuer.
This request includes information such as the relevant payment credentials and the purchase amount. The issuer automatically reviews this information, checks it against their internal account data, and sends back a response: A short message containing an alphanumeric code sequence.
This response code will contain indicators that tell you whether the Address Verification Service and CVV number successfully matched, and will include an authorization code as well. This part of the response can tell you a lot about the status of the card and its account, and will specify whether the authorization is approved, declined, or requires follow-up action.
Approval is granted when the card account is in good standing, with no issues reported, and contains funds sufficient to cover the transaction amount.
Approval messages are usually straightforward, but there are some which contain additional important information. For example, authorization code 10 indicates that the transaction has been approved for a partial amount, a response that's common with prepaid cards. Authorization code 08, on the other hand, tells the merchant to approve the transaction, but only after checking the customer's ID.
In contrast to approval messages, a decline can encompass a wide range of issues, some of which may be resolvable at the time of the transaction, some of which will not be. In normal circumstances, merchants should never “force” a declined transaction through, as that exposes them to liability if fraud occurs.
If a provisional decline response is given, the merchant and customer may try to resolve the issue, but you should not finalize the transaction until you can send another authorization request and get an approval response back.
Response codes merchants should know
While you don’t have to memorize what every number means, it’s good to be familiar with some of the response codes that require specific actions on the merchant’s part. Here’s the one merchants are always hoping to see:
- 0 - Approved
Some codes indicate problems that may be fixable right away, and if you can clear them up with the customer, it should be safe to retry the transaction. For example:
- 1 - Refer to Card Issuer
This one is telling you to call the issuer to receive guidance.
- 13 - Invalid Amount
This code may indicate that you keyed on the wrong transaction amount. You can double-check the amount and try again.
- 55 - Incorrect PIN
The customer has entered the wrong PIN, which is easy enough to do by mistake. It’s fine to let them try again, but if they keep getting it wrong, you might get response code 38 or 75, both of which indicate that the allowable PIN attempts have been exceeded. Of course, even if you don't receive one of those codes, it's probably not a good idea to let someone keep trying to guess at a PIN indefinitely.
- 80 - Invalid Date
- 82 - Incorrect CVV
These codes may also indicate that you keyed in some data incorrectly. Review your information, and if you see that you made an error, you can try again.
- CR - Chip Card Removed
This just means that the customer removed their EMV card prematurely. Tell them to try again and this time leave the card inserted until the terminal instructs them to remove it.
Other issues are not likely to be cleared up right away. When you get one of these response codes, you’re going to have to ask the customer to provide a different payment method:
- 5 - Do Not Honor
- 14 - Invalid Card Number
- 51 - Insufficient Funds
- 54 - Expired Card
- 57 - Transaction Not Permitted to Cardholder
- 65 - Exceeds Withdrawal Frequency Limit
Some reason codes indicate a high likelihood of fraud, and instruct you to hold on to the card and contact the bank:
- 4 - Pick Up Card
- 7 - Pick Up Card, Special Conditions
- 33 - Expired Card – Pick Up
- 34 - Suspected Fraud – Pick Up
- 35 - Contact Acquirer – Pick Up
- 36 - Restricted Card – Pick Up
- 37 - Call Acquirer Security – Pick Up
- 41 - Lost Card – Pick Up
- 43 - Stolen Card – Pick Up
This list is far from exhaustive, and some responses may require a call to the issuer to figure out what’s going on. Your payment processor and acquiring bank can provide a more detailed list of response codes and the specific actions they advise you to take when confronted with them.
Response codes and chargebacks
Understanding credit card response codes and how to react to them is an important part of chargeback defense.
Unauthorized charges are always subject to chargebacks, and response codes can give you an early warning that something is wrong with a card or customer and that processing the transaction may lead to a dispute down the line.
When you see a response code that you aren’t sure how to handle, you can always ask for an alternate payment method. The vast majority of customers will have at least two methods of payment on hand—a credit card and a debit card, for example—and will be happy to provide it if only to avoid the time spent trying to get the first one to work.
You can also increase the chances a customer will have another payment method to try by accepting more types of payments, such as Google Pay, Apple Pay, PayPal, etc. With new payment methods being launched all the time, it can be hard to keep up, but if you keep your ear to the ground and try to accept any method that becomes popular enough to be worth the effort, you can reduce the chances of losing a customer because their card was declined.
If the customer doesn’t have another payment method you can accept, you should contact the bank for instructions. Response codes are always trying to tell you something important—listen to them and follow the guidelines provided by your payment processor or acquirer to stay safe and protect yourself.
What is a bank response code?