Decline Codes
Definition
Decline codes are ISO 8583 response codes from the issuer indicating why a transaction was rejected and whether a retry is appropriate.
Decline codes are standardised numeric or alphanumeric response codes returned by a card issuer when an authorization request is rejected, indicating the reason for the decline. Defined in the ISO 8583 messaging standard, decline codes determine whether a transaction should be retried (soft decline) or abandoned (hard decline), and what action the merchant should take. Common codes include 05 (Do Not Honour), 51 (Insufficient Funds), 14 (Invalid Card Number), and 65/1A (Authentication Required). Correct handling of decline codes is a primary driver of authorization rate optimization.
Every declined authorization returns a two-digit (or two-character) response code alongside the decline. These codes are the issuer's signal to the merchant about what happened and what to do next. Acting on them correctly — retrying retryable declines at the right time, abandoning hard declines, requesting authentication where required — is the operational core of authorization rate management.
Common Decline Codes Reference
Soft Declines (potentially retryable)
| Code | Meaning | Recommended Action |
|---|---|---|
05 | Do Not Honour | Common guidance: retry after a few days. Catch-all for issuer risk model or daily limit; timing varies by issuer. |
51 | Insufficient Funds | Common guidance: retry after 24 hours or more (post-payday or daily limit reset); timing varies. |
57 | Transaction Not Permitted to Cardholder | Retry once after 24 hours. May be card control setting. |
61 | Exceeds Withdrawal Amount Limit | Retry after daily/weekly limit reset window. |
65 | Exceeds Withdrawal Frequency Limit | Retry next day. In EEA may mean SCA required (3DS). |
75 | Allowable PIN Tries Exceeded | Retry next day. |
91 | Issuer or Switch Inoperative | Retry immediately via different routing, then wait 30 minutes. |
96 | System Malfunction | Retry immediately. Technical error. |
1A | Strong Customer Authentication Required | Re-attempt with 3DS2 authentication. EU-specific. |
Hard Declines (do not retry)
| Code | Meaning | Recommended Action |
|---|---|---|
04 | Pick Up Card (no fraud) | Do not retry. Request alternative payment method. |
07 | Pick Up Card (fraud) | Do not retry. Flag account for review. |
14 | Invalid Card Number | Do not retry. Collect new card details. |
41 | Lost Card | Do not retry. Flag account for review. |
43 | Stolen Card | Do not retry. Flag account for review. |
54 | Expired Card | Do not retry. Request updated card or use Account Updater. |
62 | Restricted Card | Do not retry. |
CVV/AVS Result Codes
| Code | Meaning |
|---|---|
M | CVV match |
N | CVV no match — high fraud signal, strongly consider declining |
P | CVV not processed |
S | CVV should have been present |
Retry Strategy by Code
Blindly retrying every declined transaction wastes processing fees and degrades your merchant profile with issuers. Scheme rules also prohibit excessive retries:
Visa retry rules: Visa publishes retry limits — commonly cited as a maximum of 15 attempts per transaction, with 1 retry per 24 hours for specific decline codes. The exact code list and thresholds are defined in the Visa Core Rules; verify current limits with your acquirer or PSP, as scheme rules can be updated.
Mastercard retry rules: Mastercard publishes similar retry restrictions. Excessive retries on hard-decline codes can trigger scheme fines — verify current thresholds with your acquirer.
The correct approach is a decline-code-specific retry matrix: some codes retry immediately (technical errors), some retry after 24–48 hours (balance/limit issues), some retry after 7 days (generic do-not-honour), and some are never retried.
Decline Code Opacity
In practice, issuers sometimes return generic codes (particularly 05 Do Not Honour) even when the underlying reason is more specific — to avoid giving fraudsters information about why a card was declined. This means the same code can represent very different underlying situations, and retry strategies need to account for this ambiguity.
PSPs with large transaction volumes can build decline-code-to-outcome models based on their own retry success data, producing better timing recommendations than generic scheme guidance alone.
Related terms
Authorization
Authorization is the real-time process by which a card payment is approved or de...
Authorization Rate
Authorization rate is the percentage of payment authorization requests that are ...
Issuer
An issuer (or issuing bank) is the financial institution that provides payment c...
Soft Decline
A soft decline is an issuer rejection of a card transaction for a reason that ma...