Decline Codes

Every declined authorization returns a two-digit (or two-character) response code alongside the decline. These codes are the issuer’s signal to the merchant about what happened and what to do next. Acting on them correctly — retrying retryable declines at the right time, abandoning hard declines, requesting authentication where required — is the operational core of authorization rate management.

Common Decline Codes Reference

Soft Declines (potentially retryable)

Code	Meaning	Recommended Action
05	Do Not Honour	Retry after 3–7 days. Catch-all for issuer risk model or daily limit.
51	Insufficient Funds	Retry after 24–48 hours (post-payday or daily limit reset).
57	Transaction Not Permitted to Cardholder	Retry once after 24 hours. May be card control setting.
61	Exceeds Withdrawal Amount Limit	Retry after daily/weekly limit reset window.
65	Exceeds Withdrawal Frequency Limit	Retry next day. In EEA may mean SCA required (3DS).
75	Allowable PIN Tries Exceeded	Retry next day.
91	Issuer or Switch Inoperative	Retry immediately via different routing, then wait 30 minutes.
96	System Malfunction	Retry immediately. Technical error.
1A	Strong Customer Authentication Required	Re-attempt with 3DS2 authentication. EU-specific.

Hard Declines (do not retry)

Code	Meaning	Recommended Action
04	Pick Up Card (no fraud)	Do not retry. Request alternative payment method.
07	Pick Up Card (fraud)	Do not retry. Flag account for review.
14	Invalid Card Number	Do not retry. Collect new card details.
41	Lost Card	Do not retry. Flag account for review.
43	Stolen Card	Do not retry. Flag account for review.
54	Expired Card	Do not retry. Request updated card or use Account Updater.
62	Restricted Card	Do not retry.

CVV/AVS Result Codes

Code	Meaning
M	CVV match
N	CVV no match — high fraud signal, strongly consider declining
P	CVV not processed
S	CVV should have been present

Retry Strategy by Code

Blindly retrying every declined transaction wastes processing fees and degrades your merchant profile with issuers. Scheme rules also prohibit excessive retries:

Visa retry rules: A maximum of 15 authorization attempts for any single transaction. For specific decline codes (05, 57, 61, 62, 65, 82, 88), Visa limits to 1 retry per 24 hours after the first decline.

Mastercard retry rules: Similar restrictions. Excessive retries on hard-decline codes can trigger scheme fines.

The correct approach is a decline-code-specific retry matrix: some codes retry immediately (technical errors), some retry after 24–48 hours (balance/limit issues), some retry after 7 days (generic do-not-honour), and some are never retried.

Decline Code Opacity

In practice, issuers sometimes return generic codes (particularly 05 Do Not Honour) even when the underlying reason is more specific — to avoid giving fraudsters information about why a card was declined. This means the same code can represent very different underlying situations, and retry strategies need to account for this ambiguity.

PSPs with large transaction volumes can build decline-code-to-outcome models based on their own retry success data, producing better timing recommendations than generic scheme guidance alone.