Last updated 02/21/2023
2 Min Read Time

CNP FAQs - resubmitting declined transactions

Guidance for card not present merchants resubmitting declined transactions

Mastercard and Visa have recently reinforced their guidance on when you may or may not attempt to resubmit a declined authorisation request.

What is the guidance?

All declined transactions now fall into one of four categories, some transactions can be resubmitted again, some should be modified before they are submitted again, and some must never be resubmitted.

Who does this apply to?

All merchants, but the focus is primarily on merchants processing card not present transactions - like ecommerce, mail order, telephone order or initiating their own transactions (e.g. recurring payments or account top-ups).

What are the four categories?

  1. Account information is incorrect or has changed - declined by the card issuer. Action is required before reattempt.
  2. Cannot approve at this time, further attempts permitted.
  3. Declined. Further attempts are not permitted.
  4. Incorrect data - declined by card scheme. Action required before reattempt.

What am I expected to do?

  • You may not reattempt a Category 3 declined transaction in any circumstance.
  • If a transaction is declined for a Category 2 reason, then it is likely that the cardholder simply has insufficient funds and so you should pause for a suitable period and resubmit the transaction.
  • If your transaction is declined with a Category 1 or 4 response then you’re expected to review the transaction and possibly contact the cardholder before modifying the authorisation request and re-submitting it.

What will happen if I don’t follow this guidance?

Visa and Mastercard may apply non-compliance fees if you don’t follow this guidance and we’re obliged to pass them on. So for example if you make multiple attempts to authorise a declined transaction which falls into Category 3, you will face non-compliance fees. Visa and Mastercard expect that a transaction declined with a Category 1 or 4 transaction will be modified in some way before it is resubmitted. It shouldn’t be resubmitted unaltered. Visa and Mastercard will introduce active monitoring programs in their systems to enforce this from October 2021.

How will I know what action I should take?

Both Visa and Mastercard have started adding new flags in the authorisation response to indicate what category the declined transactions falls into. We in turn pass this back in the authorisation response to you and your Payment Services Provider (PSP) using something called the Payment Declined Reason Code (PDRC). The PDRC indicates which of the 4 categories a declined transaction falls into. We wrote to your PSP in April 2020 explaining the PDRC and how it works so they have had sufficient time to integrate that into their systems. They may have built this into the response they provide you or built logic into their systems to manage this and protect you.

Have decline codes changed?

No. The PDRC is a supplemental value to provide guidance over and above the authorisation response code. Most issuers historically have just used the decline response code of ‘05’ - do not honour’ in multiple scenarios, which does not provide clear guidance to merchants. This change is designed to help everyone in the ecosystem, giving merchants more information about what they can do if they get a declined authorisation request and protect card holders and issuers from unreasonable reattempts.

What do I need to do?

If you regularly resubmit declined authorisations you should discuss with your PSP what they have done to support you with this and whether they will be supplying the decline category code to you. You must then follow the advice that now comes with a declined transaction.

When do I need to do it?

The card schemes will begin enforcement from October 2021.

If you have any other questions please contact us on 0345 702 3344*

*Lines are open from 9am to 6pm, Monday to Friday, except public holidays. If you have a speech or hearing impairment, you can call us using the Relay Service by dialling 18001 followed by 0345 702 3344. Calls may be recorded. To help us continually improve on our service and in the interests of security, we may monitor and/or record your telephone calls with us. Any recordings remain our sole property.