Skip to content
Card Networks ← All terms

Decline Codes

Definition

Decline codes are ISO 8583 response codes from the issuer indicating why a transaction was rejected and whether a retry is appropriate.

Decline codes are standardised numeric or alphanumeric response codes returned by a card issuer when an authorization request is rejected, indicating the reason for the decline. Defined in the ISO 8583 messaging standard, decline codes determine whether a transaction should be retried (soft decline) or abandoned (hard decline), and what action the merchant should take. Common codes include 05 (Do Not Honour), 51 (Insufficient Funds), 14 (Invalid Card Number), and 65/1A (Authentication Required). Correct handling of decline codes is a primary driver of authorization rate optimization.

Every declined authorization returns a two-digit (or two-character) response code alongside the decline. These codes are the issuer's signal to the merchant about what happened and what to do next. Acting on them correctly — retrying retryable declines at the right time, abandoning hard declines, requesting authentication where required — is the operational core of authorization rate management.

Common Decline Codes Reference

Soft Declines (potentially retryable)

CodeMeaningRecommended Action
05Do Not HonourCommon guidance: retry after a few days. Catch-all for issuer risk model or daily limit; timing varies by issuer.
51Insufficient FundsCommon guidance: retry after 24 hours or more (post-payday or daily limit reset); timing varies.
57Transaction Not Permitted to CardholderRetry once after 24 hours. May be card control setting.
61Exceeds Withdrawal Amount LimitRetry after daily/weekly limit reset window.
65Exceeds Withdrawal Frequency LimitRetry next day. In EEA may mean SCA required (3DS).
75Allowable PIN Tries ExceededRetry next day.
91Issuer or Switch InoperativeRetry immediately via different routing, then wait 30 minutes.
96System MalfunctionRetry immediately. Technical error.
1AStrong Customer Authentication RequiredRe-attempt with 3DS2 authentication. EU-specific.

Hard Declines (do not retry)

CodeMeaningRecommended Action
04Pick Up Card (no fraud)Do not retry. Request alternative payment method.
07Pick Up Card (fraud)Do not retry. Flag account for review.
14Invalid Card NumberDo not retry. Collect new card details.
41Lost CardDo not retry. Flag account for review.
43Stolen CardDo not retry. Flag account for review.
54Expired CardDo not retry. Request updated card or use Account Updater.
62Restricted CardDo not retry.

CVV/AVS Result Codes

CodeMeaning
MCVV match
NCVV no match — high fraud signal, strongly consider declining
PCVV not processed
SCVV should have been present

Retry Strategy by Code

Blindly retrying every declined transaction wastes processing fees and degrades your merchant profile with issuers. Scheme rules also prohibit excessive retries:

Visa retry rules: Visa publishes retry limits — commonly cited as a maximum of 15 attempts per transaction, with 1 retry per 24 hours for specific decline codes. The exact code list and thresholds are defined in the Visa Core Rules; verify current limits with your acquirer or PSP, as scheme rules can be updated.

Mastercard retry rules: Mastercard publishes similar retry restrictions. Excessive retries on hard-decline codes can trigger scheme fines — verify current thresholds with your acquirer.

The correct approach is a decline-code-specific retry matrix: some codes retry immediately (technical errors), some retry after 24–48 hours (balance/limit issues), some retry after 7 days (generic do-not-honour), and some are never retried.

Decline Code Opacity

In practice, issuers sometimes return generic codes (particularly 05 Do Not Honour) even when the underlying reason is more specific — to avoid giving fraudsters information about why a card was declined. This means the same code can represent very different underlying situations, and retry strategies need to account for this ambiguity.

PSPs with large transaction volumes can build decline-code-to-outcome models based on their own retry success data, producing better timing recommendations than generic scheme guidance alone.

Related terms