Enhanced Authorisation Data Service merchant implementation guide
Introduction
When a transaction is authorised, the card issuer provides a detailed authorisation response code, known as an ‘issuer’ or a ‘raw auth’ response code to us. We map these codes to a simplified list, known as an ‘acquirer’ response code’, which you receive in the authorisation message we send you. By signing up for our Enhanced Authorisation Data Service you’ll receive the ‘issuer’ response code as extra
real-time data as part of the authorisation message, in addition to the ‘acquirer’ response code.
Benefits Of Using The Service
If you carry out ecommerce and/or card on file transactions (for example, recurring transactions) Enhanced Authorisation Data provides you with a richer, more detailed set of authorisation responses, particularly for declined transactions.
Our service provides you with:
- Improved analytics, to help you pinpoint why transactions are declined
- Assistance in identifying when you can attempt to re-authorise a transaction, or the actions that you need to take before trying to authorise the transaction again
- The opportunity to focus and streamline operational processes
- The ability to increase the number of successful authorisations.
Requirements For Using The Service
Issuer response codes will be provided to you as additional data in the authorisation response message we send you, see Appendix A for more details. To ensure you can receive this, please refer to our Authorisation and Settlement Technical Specification Guide, which is available from your Relationship Manager.
Customer Set up Process
Before implementing the service, we recommend that you complete testing with us. Please contact your Relationship Manager to arrange this.
Issuer Response Code Tables
See Appendix B for a list of the issuer response codes.
See Appendix E for details of the Mastercard Decline Reason Code Service for CNP transactions.
Frequently Asked Questions
What’s the Enhanced Authorisation Data Service?
Our Enhanced Authorisation Data Service provides you with ‘issuer’ response codes in the authorisation response message,
in addition to the ‘acquirer’ response codes you already receive.
What are the benefits of using the service?
You can use ‘issuer’ response codes to identify when you can retry to authorise a declined transaction and increase successful transaction volumes.
Which Card Schemes will I receive an issuer response code for?
Issuer response codes are provided for Mastercard, Visa and American Express transactions.
How will I receive the issuer response codes?
The codes will be provided in the authorisation response message, in addition to the acquirer response codes (see Appendix C for further details of these).
Will I receive an issuer response code for every authorisation I process?
You’ll receive an issuer response code for the majority of transactions. However, there are some instances where one won’t be provided. For example, if there’s a problem with the format of the message or if the card issuer’s authorisation system is down.
In these circumstances we’ll still provide you with the ‘acquirer’ response code but the ‘issuer’ response code will be blank.
Do card issuers always provide a detailed response?
We’re only able to pass on the response codes we receive from the card issuer. Some only send back a generic ‘do not honour’ response for declines (005 for Mastercard and Visa, 100 for American Express) rather than using the full set of responses.
How do I get set up for the service?
Please speak to your Relationship Manager for more details. As part of the set- up process we recommend you firstly test your systems to ensure that you can receive the issuer response codes before proceeding.
How long does testing take?
There isn’t a standard timescale for testing as this depends on the availability of IT resource at both your offices and ours.
As a guide, once testing has been scheduled and no issues are encountered, it should take around two weeks to complete the testing, analysis and sign off.
I have a Global Payments terminal can I use the service?
The service is only available to customers who submit authorisation requests to us through their own equipment or via a Payment Service Provider.
Are there any costs involved?
There’s an initial fee payable prior to you starting testing and once you’re set-up there’s also a regular ongoing charge.
Your Relationship Manager will advise you of the cost of both of these.
What are Payment Decline Reason Codes (PDRC)?
The PDRC value is included in the authorisation response, to provide guidance on decline retries. It is mapped from the Mastercard MAC (Merchant Advice Code) and Visa Auth Code Category, to provide one value back. Values and descriptions are shown in Appendix D.
For details of how the PDRC is provided in the auth response message, refer to the ASTS Guide.
What is the Mastercard Decline Reason Code Service?
A service introduced on 2 November 2021, to provide more meaningful decline information to help optimize authorization retry strategies. This could lead to higher sales and reduced costs involving unsuccessful authorization attempts.
The Decline Reason Code Service:
- is limited to card-not-present declines
- excludes mail and telephone order and ATM transactions
- only pertains to authorizations processed on the Mastercard Network. It involves:
- Mastercard map a subset of sensitive decline reasons on behalf of the issuer into categories and provide them as authorisation decline codes:
- Life cycle (79)
- Policy (82), and
- Fraud/Security (83)
- The codes need to be analysed in conjunction with the Mastercard Merchant Advice Code (MAC), which is provided back to you as the GPUK Payment Decline Reason Code (PDRC).
See Appendix E for details of how the Mastercard Category Codes and PDRC needs to be used for decline retries.
Do Visa provide guidance on how to manage authorisation declines?
Visa provide a Category Code for each of their authorisation response codes. This is shown in the Visa table in Appendix B - Issuer Response Codes.
GPUK also map this Category Code and provide it back to you as a PDRC. This is shown in Appendix D - Visa PDRC Mapping Logic.
Appendix A – Auxiliary Data Record
TYPE Z1: ISSUER RESPONSE CODE
Num |
Name |
F/V |
Type |
Len |
M/O/C |
Comment |
31.3 |
Auxiliary Data Record |
|||||
31.3.1 |
Record Separator |
F |
RS |
1 |
M |
1E (HEX) |
31.3.2 |
Auxiliary Data Record Type |
F |
A |
2 |
M |
‘Z1’ |
31.3.3 |
Auxiliary Data Record Sub-Type |
F |
N |
2 |
M |
‘01’ |
31.3.4 |
Group Separator |
F |
GS |
1 |
M |
1D (HEX) |
31.3.5 |
Issuer Response Code |
F |
A |
3 |
M |
|
31.3.6 |
Group Separator |
F |
GS |
1 |
M |
1D (HEX) |
31.3.7 |
Reserved For Future Use |
F |
A |
20 |
O |
|
31.3.8 |
Group Separator |
F |
GS |
1 |
M |
1D (HEX) |
The above Auxiliary Data Record should be used in conjunction our Authorisation and Settlement Technical Specification Guide, which is available from your Relationship Manager.
Appendix B – Issuer Response Codes
The following tables detail the issuer response codes that may be returned for Code Definition Category each Card Scheme.
Visa
Code |
Definition |
Category |
00 |
Approved And Completed Successfully |
Approval |
01 |
Refer To Card Issuer |
4 |
02 |
Refer To Card Issuer, Special Condition |
4 |
03 |
Invalid Merchant |
2 |
04 |
Pick up card (no fraud) |
1 |
05 |
Do not honour |
4 |
06 |
Error |
4 |
07 |
Pick up card, special condition (fraud account) |
1 |
10 |
Partial approval |
Approval |
11 |
Approved (V.I.P.) |
Approval |
12 |
Invalid transaction |
1 |
13 |
Either: Invalid amount / Currency conversion field overflow |
4 |
14 |
Invalid account number (no such number): No modulus 10 check / Not a valid length for issuer / Not in positive PIN Verification file / Separator in wrong position |
1,3 |
15 |
No such issuer (first 8 digits of account number do not relate to an issuing identifier) |
1 |
19 |
Re-enter transaction |
2 |
21 |
No action taken |
n/a |
25 |
Unable to locate record in file |
n/a |
28 |
File is temporarily unavailable for update or inquiry |
n/a |
39 |
No credit account |
4 |
41 |
Lost card, pick up card (fraud account) |
1 |
43 |
Stolen card, pick up (fraud account) |
1 |
46 |
Closed account |
1 |
51 |
Not sufficient funds |
2 |
52 |
No checking account |
4 |
53 |
No savings account |
|
54 |
Expired card or expiration date missing |
3 |
55 |
PIN incorrect or missing |
3 |
57 |
Transaction not permitted to cardholder Used by switch when function requested is not allowed for product or card type |
1 |
58 |
Transaction not allowed at terminal |
4 |
59 |
Suspected fraud |
2 |
61 |
Exceeds approval amount limit |
2 |
62 |
Restricted card (card invalid in region or country) |
2 |
63 |
Security violation (source not correct issuer) |
n/a |
64 |
Transaction does not fulfill AML requirement |
4 |
65 |
Exceededs withdrawal fequency limit |
2 |
70 |
PIN data required |
3 |
74 |
Different value than that used for PIN encryption errors |
4 |
75 |
Allowable number of PIN entry tries exceeded |
2 |
76 |
Unsolicited reversal-reversal with no original transaction in history. V.I.P. unable to match reversal request to an original message |
n/a |
78 |
Blocked, first used or special condition—new cardholder not activated or card is temporarily blocked |
2 |
79 |
Reversed (by switch) |
4 |
80 |
No financial impact (used in reversal responses to declined originals) |
4 |
81 |
Cryptographic error found in PIN (used for cryptographic error condition found by security module during PIN decryption) |
4 |
82 |
Negative Online CAM, dCVV, iCVV, or CVV results Or Offline PIN authentication inte |
3 |
85 |
No reason to decline a request for address verification, CVV2 verification, or credit voucher or |
4 |
86 |
Cannot verify PIN; for instance, no PVV |
2 |
91 |
Issuer unavailable or switch inoperative (STIP not applicable or available for this transaction) - Time-out when no STIP issuer unavailable. Acquirers receiving code must send transaction again. Advices not created. - Issuers can respond with this code, which V.I.P. passes to acquirer without invoking STIP. Issuers use code to indicate they cannot perform authorization on issuer’s behalf. Causes decline at POS. |
2 |
92 |
Financial institution or intermediate network facility cannot be found for routing (receiving institution ID invalid) |
n/a |
93 |
Transaction cannot be completed - violation of law |
2 |
94 |
Duplicate transmission. Transaction submitted containing values in tracing data fields that duplicate values in a previously submitted transaction. |
n/a |
96 |
System malfunction |
2 |
1A |
Additional customer authentication required |
3 |
B1 |
Surcharge amount not permitted on Visa cards or EBT food stamps (U.S. acquirers only) |
n/a |
N0 |
Force STIP. Issuers can respond with this, which routes transaction to STIP. Issuers use code when they cannot perform authorization but want STIP to perform it. |
4 |
N3 |
Cash service not available |
2 |
N4 |
Cash request exceeds issuer or approved limit |
2 |
N7 |
Decline for CVV2 failure |
3 |
N8 |
Transaction amount exceeds pre-authorised approval amount |
n/a |
P5 |
Denied PIN unblock-PIN change or unblock request declined by issuer |
n/a |
P6 |
Denied PIN change-requested PIN unsafe |
n/a |
6P |
Verification data failed |
3 |
Q1 |
Card authentication failed Or Offline PIN authentication interrupted |
n/a |
R0 |
Stop payment order |
1 |
R1 |
Revocation of authorization order |
1 |
R2 |
Transaction does not qualify for Visa PIN |
n/a |
R3 |
Revocation of all authorizations order |
1 |
Z1 |
Offline-declined |
4 |
Z3 |
Unable to go online; offline-declined |
4 |
Response Code Category
- Issuer never approves: Reattempt not permitted.
- Issure cannot approve at this time: Reattempt up to 15 times over 30 days.
- Data quality/revalidate payment information: Revalidate payment information. Prior to Reattempt up to 15 times over 30 days.
- Generic response codes: Reattempt up to 15 times over 30 days.
Mastercard
Value |
Description |
Action |
1 |
Refer to card issuer |
Call issuer |
3 |
Invalid merchant |
Decline |
4 |
Capture card |
Capture |
5 |
Do not honor16 |
Decline |
8 |
Honor with ID |
Approve |
10 |
Partial approval |
Approve |
12 |
Invalid transaction |
Decline |
13 |
Invalid amount |
Decline |
14 |
Invalid card number |
Decline |
15 |
Invalid issuer |
Decline |
30 |
Format error |
Decline |
41 |
Lost card |
Capture |
43 |
Stolen card |
Capture |
51 |
Insufficient funds/over credit limit |
Decline |
54 |
Expired card decline |
Decline |
55 |
Invalid PIN decline |
Decline |
57 |
Transaction not permitted to issuer/cardholder |
Decline |
58 |
Transaction not permitted to acquirer/terminal |
Decline |
61 |
Exceeds withdrawal amount limit |
Decline |
62 |
Restricted card |
Decline |
63 |
Security violation |
Decline |
65 |
Exceeds withdrawal count limit OR Identity Check Soft- Decline of EMV 3DS Authentication (merchant should resubmit authentication with 3DSv1) |
Decline |
70 |
Contact card issuer |
Call Issuer |
71 |
PIN not changed |
Decline |
75 |
Allowable number of PIN tries exceeded |
Decline |
76 |
Invalid/non-existent ‘To Account’ specified |
Decline |
77 |
Invalid/non-existent ‘From Account’ specified |
Decline |
78 |
Invalid/non-existent account specified (general) |
Decline |
79 |
Lifecycle Mastercard use only |
Decline |
81 |
Domestic debit transaction not allowed (regional use only) |
Decline |
82 |
Policy Mastercard use only |
Decline |
83 |
Security Mastercard use only |
Decline |
84 |
Invalid authorisation life cycle |
Decline |
85 |
Not declined. Valid for all zero amount transactions |
Valid |
87 |
Purchase amount only. No cashback allowed |
Approved |
88 |
Cryptographic failure |
Decline |
89 |
Unacceptable PIN – Transaction declined – Retry |
Decline |
91 |
Authorization System or issuer system inoperative issuer system inoperative |
Decline |
92 |
Unable to route transaction |
Decline |
94 |
Duplicate transmission detected |
Decline |
96 |
System error |
Decline |
American Express
Valid Action Codes: |
|
000 |
Approved |
001 |
Approve with ID |
002 |
Partial approval (prepaid cards only) |
100 |
Deny |
101 |
Expired card/Invalid expiration date |
106 |
Exceeded PIN attempts |
109 |
Invalid merchant |
110 |
Invalid amount |
111 |
Invalid account/Invalid MICR (Travelers Cheque) |
115 |
Requested function not supported |
116 |
Not Sufficient Funds |
117 |
Invalid PIN |
119 |
Cardmember not enrolled/not permitted |
121 |
Limit Exceeded |
122 |
Invalid card security code (a.k.a., CID, 4DBC, 4CSC) |
125 |
Invalid effective date |
130 |
Additional customer identification required |
181 |
Format error |
183 |
Invalid currency code |
187 |
Deny – New card issued |
189 |
Deny – Cancelled or closed merchant/SE |
200 |
Deny – Pick up card |
900 |
Accepted – ATC synchronization |
909 |
System malfunction (cryptographic error) |
912 |
Issuer not available |
Note - Amex do not define category / action to be taken
Discover Global Network
Action Codes: |
||
0 |
pin change successful (EMV only) |
Approved |
1 |
honor with identification |
Approved |
81 |
approved by Issuer (For a successful balance inquiry response) |
Approved |
82 |
approved by Xpress (stand–in) |
Approved |
83 |
approved by Acquirer (stand–in) |
Approved |
84 |
off-line approved (EMV only) |
Approved |
85 |
off-line approved—unable to go online (EMV only) |
Approved |
86 |
card verification successful |
Approved |
100 |
do not honor |
Declined |
101 |
expired card |
Declined |
102 |
suspected fraud (account not on Positive File) |
Declined |
103 |
Customer Authentication Required |
Declined |
104 |
restricted card |
Declined |
106 |
allowable PIN tries exceeded |
Declined |
109 |
invalid merchant |
Declined |
110 |
invalid amount |
Declined |
111 |
invalid card number |
Declined |
115 |
requested function not supported |
Declined |
117 |
incorrect PIN |
Declined |
118 |
cycle range suspended |
Declined |
119 |
Transaction not permitted to cardholder |
Declined |
120 |
Transaction not permitted to Originatora (For Merchant Presented Mode (MPM) QR Code transactions) |
Declined |
122 |
card validity period exceeded |
Declined |
124 |
violation of law |
Declined |
125 |
card not effective |
Declined |
129 |
suspected counterfeit card |
Declined |
140 |
off-line declined—Merchant Forced Acceptance |
Declined |
141 |
unable to go on line, off-line declined—Merchant Forced Acceptance |
Declined |
163 |
security violations |
Declined |
181 |
decline given by POS Participant (adjustment) |
Declined |
182 |
decline given by Issuer |
Declined |
183 |
Domain Restriction Control Failure |
Declined |
184 |
decline given by Xpress, no communication with Issuer |
Declined |
185 |
decline given by Xpress, card is local use only |
Declined |
188 |
Xpress unable to forward request to Issuer X |
Declined |
192 |
Restricted Merchant |
Declined |
194 |
PIN change or unblock failed (EMV only) |
Declined |
195 |
new PIN not accepted (EMV only) |
Declined |
196 |
chip information advice (EMV only) |
Declined |
197 |
card verification failed |
Declined |
198 |
TVR or CVR validation failed |
Declined |
200 |
do not honor |
Declined |
201 |
expired card |
Declined |
202 |
suspected fraud |
Declined |
203 |
card acceptor contact Acquirer |
Declined |
204 |
restricted card |
Declined |
205 |
card acceptor call Acquirers security department |
Declined |
206 |
allowable PIN tries exceeded |
Declined |
207 |
special conditions |
Declined |
208 |
lost card |
Declined |
209 |
stolen card |
Declined |
210 |
suspected counterfeit card |
Declined |
280 |
temporary status lost card |
Declined |
281 |
temporary status stolen card |
Declined |
904 |
format error |
Error |
905 |
Acquirer not supported by Xpress |
Error |
909 |
system malfunction |
Error |
916 |
MAC key invalid |
Error |
923 |
request in progress |
Error |
JCB
Code |
Message |
Action |
00 |
Approved or completed successfully |
Approve |
01 |
Refer to Issuer |
Referral |
03 |
Invalid merchant |
Referral |
04 |
Pick-up |
Pick-up |
05 |
Do not honor |
Decline |
06 |
Error |
Referral |
07 |
Pick-up card, special condition, counterfeit |
Pick-up |
09 |
Request in progress |
Referral |
10 |
Partial Approval (Not Applicable to GP UK) |
Approve |
12 |
Invalid transaction (Duplicate transaction) |
Referral |
13 |
Invalid amount |
Referral |
14 |
Invalid card number (no such number) |
Decline |
15 |
No such Issuer |
Decline |
20 |
Invalid response |
Referral |
30 |
Format error |
Referral |
31 |
Bank not supported by switch |
Decline |
33 |
Expired card |
Pick-up |
34 |
Suspended fraud |
Pick-up |
36 |
Restricted card |
Pick-up |
40 |
Requested function not supported |
Decline |
41 |
Lost card |
Pick-up |
42 |
No universal account |
Decline |
43 |
Stolen card, pick-up |
Pick-up |
51 |
Not sufficient funds |
Decline |
54 |
Expired card, or expiry date error |
Decline |
55 |
Incorrect personal identification number |
Decline |
56 |
No card record |
Referral |
57 |
Transaction not permitted to cardholder |
Decline |
58 |
Transaction not permitted to terminal |
Decline |
59 |
Suspected fraud |
Decline |
61 |
Exceeds withdrawal amount limit |
Decline |
62 |
Restricted card |
Decline |
63 |
Security violation |
Referral |
65 |
Exceeds withdrawal frequency limit |
Decline |
75 |
Allowable number of PIN tries exceeded |
Decline |
76 |
Incorrect reversal (Auth-ID, STAN, AMNT) |
Referral |
77 |
Lost, stolen, pick-up |
Pick-up |
78 |
Shop in black list |
Decline |
79 |
Account status flag false |
Decline |
81 |
PIN cryptographic error found ( This is set only by JCBI, Licensees cannot use this code) |
Decline |
85 |
Not Declined (only used for Balance Inquiry and Address Verification with zero amount) (Not Applicable to GP UK) |
Valid |
87 |
Incorrect passport number |
Decline |
88 |
Incorrect date of birth |
Decline |
89 |
(Not approved: free message) |
Decline |
90 |
Cutoff is in progress |
Referral |
91 |
Issuer or switch is inoperative |
Referral |
92 |
Financial institution cannot be found for routing |
Decline |
94 |
Duplicate transmission |
Referral |
96 |
System malfunction |
Referral |
Appendix C - Acquirer Response Codes
For up to date Acquirer Response Codes, see the latest Authorisation and Settlement Technical Specifications (ASTS Guide), Authorisation Response Codes and Message Text Table.
Appendix D - Payment Decline Reason Code
PAYMENT DECLINE REASON CODE (PDRC) |
|
1 |
New account information available |
2 |
Cannot approve at this time; try again later |
4 |
Do not try again |
8 |
Payment blocked by card scheme |
0 |
NONE |
For details of how this is provided in the auth response message, refer to the ASTS Guide.
Visa PDRC Mapping Logic
Visa Auth Response Category |
GPUK Payment Decline Reason Code (PDRC) |
1 Issuer will never approve |
4 Do not try again |
2 Issuer cannot approve at this time |
2 Cannot approve at this time; try again later |
3 Data quality issues |
1 New account information available |
4 Generic response codes |
0 None |
Appendix E - Mastercard Decline Reason Code Service
MC Response Code |
PDRC |
Merchant Action |
Merchant Advice Description |
79 or 82 |
1 |
updated information was found in the Mastercard ABU database. Check for new information before reattempting. |
Updated information needed |
79 or 82 |
4 |
updated credentials are not found to be available in the Mastercard ABU database. Do not retry. |
Do not try again |
83 |
1 |
authentication may improve the likelihood of an approval. Retry using authentication (such as EMV® 3DS). |
Additional information needed |
83 |
4 |
suspected fraud. Do not retry. |
Do not try again |
79 or 82 or 83 |
2 |
retry the transaction later. |
Try again later |
79 - Lifecycle
82 - Policy
83 - Security