Managing authorization reattempts

This section provides an overview of managing Visa and Mastercard authorization reattempts and maintaining compliance.

Please note that the new response codes and Netaxept’s transaction blocking mechanism presented on this page are currently active only in the Netaxept Test environment for merchant testing. The deployment to production will be on the 25th of January 2024.

Efficient and compliant retry logic on card payments

In card payments, it's possible for a card issuer to decline an authorization request for various reasons. These reasons can include insufficient funds, an expired card, an incorrect CVC, and more.

To enhance the visibility of transaction declines and to reduce unsuccessful authorization reattempts, Visa and Mastercard have introduced detailed reason codes. These codes aim to guide you through appropriate actions.

These actions are based on the reason codes, and they can be summarised as follows:

Do not try again - you should not reattempt authorization since the card issuer will never approve.
Try again later - you may retry, with certain limitations, as reattempts often lead to successful outcomes at a later point.

It is important to note that some transaction declines permit reattempts, while others do not. Retrying an authorization could result in fines from Visa or Mastercard.

Netaxept provides response codes for each unsuccessful authorization reattempt, allowing you to make informed decisions. To support compliance, Netaxept automatically blocks further reattempts based on the response code's indication of a low authorization likelihood.

New response codes have been introduced for these specific purposes:

PB - permanent block
TB - temporary block

To stay compliant, you should take appropriate actions when a transaction is declined with any of the two mentioned response codes.

To learn more about how to manage these scenarios, please refer to the following sections on Never reattempt and Reattempts allowed with limitations scenarios and their related codes.

Declined authorizations you should never reattempt

You should never reattempt authorizations that the card issuer has declined with a Do not try again response code. These transactions will never be approved if reattempted.

To assist you in complying with card scheme rules, Netaxept has implemented a permanent transaction-blocking mechanism for transactions that result in a response code indicating that authorization cannot be reattempted.

Once this rule becomes active, Netaxept will automatically block subsequent reattempts and return a BBSException within the Process call. This exception will contain the decline reason (response code) along with a descriptive message:

ResponseCode: PB
ResponseText: Transaction permanently blocked as per card scheme authorization reattempt rules. Do not try again.
ResponseSource: Netaxept

To optimize transaction handling and align with industry best practices, it is crucial not to process reattempts for transactions flagged with a response code categorized as Do not try again. Avoiding the PB response code, signaling the triggering of a block, is essential for maintaining a streamlined transaction flow. In the event of receiving the PB response, it is recommended to enhance your retry logic to achieve more efficient outcomes.

Example of an error response for an authorization that has been permanently blocked

<Exception xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <Error xsi:type="BBSException">
    <Message>Unable to sale</Message>
      <Result>

The response codes from Visa and Mastercard for declined authorizations that should never be reattempted

Code	Meaning	Recommended action	Card
04	Pick up card (no fraud)	Do not reattempt. The issuer will never approve.	Visa/Mastercard
07	Pick up card, special condition (fraud account)	Do not reattempt. The issuer will never approve.	Visa only
12	Invalid transaction	Do not reattempt. The issuer will never approve.	Visa only
14	Invalid account number	Do not reattempt. The issuer will never approve.	Visa/Mastercard
15	No such issuer	Do not reattempt. The issuer will never approve.	Visa only
41	Lost card, pick up	Do not reattempt. The issuer will never approve.	Visa/Mastercard
43	Stolen card, pick up	Do not reattempt. The issuer will never approve.	Visa/Mastercard
46	Closed account	Do not reattempt. The issuer will never approve.	Visa only
54	Expired card	Do not reattempt. The issuer will never approve.	Mastercard only
57	Transaction not permitted to cardholder	Do not reattempt. The issuer will never approve.	Visa/Mastercard
62	Restricted card	Do not reattempt. The issuer will never approve.	Mastercard only
63	Security violation	Do not reattempt. The issuer will never approve.	Mastercard only
79	Life cycle	Do not reattempt. The issuer will never approve.	Mastercard only
82	Policy	Do not reattempt. The issuer will never approve.	Mastercard only
83	Fraud/Security	Do not reattempt. The issuer will never approve.	Mastercard only
R0	Stop payment order	Do not reattempt. The issuer will never approve.	Visa only
R1	Revocation of auth order	Do not reattempt. The issuer will never approve.	Visa only
R3	Revocation of all auth order	Do not reattempt. The issuer will never approve.	Visa only

Mastercard response codes that belong both the "Do not try again" and "Try again later" groups

Code	Meaning	Response code: Recommended action
05	Do not honor	PB: Do not reattempt / TB: Try again later
51	Insufficient funds	PB: Do not reattempt / TB: Try again later
79	Life cycle	PB: Do not reattempt / TB: Try again later
82	Policy	PB: Do not reattempt / TB: Try again later
83	Fraud/Security	PB: Do not reattempt / TB: Try again later

If Netaxept responds with the PB response code (permanent block), you should not reattempt the authorization again.

Reattempts allowed with limitations

Visa and Mastercard have established reattempt limits for declined authorizations that receive the Try again later response code.

Visa allows 15 attempts within a 30-day period.
Mastercard allows 9 attempts within a 24-hour period.

For the Try again later category response codes and all others, we recommend a consistent approach for retry logic across Visa and Mastercard transactions. Set a common limit of 15 reattempts within a 30-day period. However, configure the implementation to restrict the number of reattempted authorizations to no more than 9 within a 24-hour timeframe.

To assist you in complying with these new rules, Netaxept has implemented a temporary blocking mechanism for transactions with limited reattempts:

Visa: a temporary block is applied to reattempted authorizations that exceed 15 reattempts within a rolling 30-day period.
Mastercard: a temporary block is applied to reattempted authorizations that exceed 9 reattempts within a 24-hour duration.
The reattempt counter is reset after receiving an approval response.

ResponseCode: TB
ResponseText: Transaction temporarily blocked as per card scheme authorization reattempt rules. Try again later.
ResponseSource: Netaxept

In these situations, it's highly recommended to establish a clear reattempt strategy that respects the card scheme's reattempt limitations.

Example of an error response for an authorization that has been temporarily blocked

<Exception xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <Error xsi:type="BBSException">
    <Message>Unable to sale</Message>
      <Result>

The most common Visa response codes for declined authorizations that can be reattempted

Code	Meaning	Recommended action
03	Invalid merchant	Reattempt permitted up to 15 attempts in 30 days
19	Re-enter transaction	Reattempt permitted up to 15 attempts in 30 days
51	Insufficient funds
54	Expired card or expiration date missing	Reattempt permitted up to 15 attempts in 30 days
55	PIN incorrect or missing	Reattempt permitted up to 15 attempts in 30 days
59	Suspected fraud	Reattempt permitted up to 15 attempts in 30 days
61	Exceeds approval amount limit	Reattempt permitted up to 15 attempts in 30 days
62	Restricted card (card invalid in region or country)	Reattempt permitted up to 15 attempts in 30 days
65	Exceeds withdrawal frequency limit	Reattempt permitted up to 15 attempts in 30 days
70	PIN data required	Reattempt permitted up to 15 attempts in 30 days
75	Allowable number of pin-entry tries exceeded	Reattempt permitted up to 15 attempts in 30 days
78	Blocked, first used or special condition (account is temporarily blocked)	Reattempt permitted up to 15 attempts in 30 days
82	Negative online CAM, dcVV, iCVV, or CVV results	Reattempt permitted up to 15 attempts in 30 days
86	Cannot verify pin	Reattempt permitted up to 15 attempts in 30 days
91	Issuer or switch inoperative	Reattempt permitted up to 15 attempts in 30 days
93	Transaction cannot be completed - violation of law	Reattempt permitted up to 15 attempts in 30 days
96	System malfunction	Reattempt permitted up to 15 attempts in 30 days
N3	Cash service not available	Reattempt permitted up to 15 attempts in 30 days
N4	Cash request exceeds issuer or approved limit	Reattempt permitted up to 15 attempts in 30 days
N7	Decline for CVV2 failure	Reattempt permitted up to 15 attempts in 30 days
6P	Verification failed (Card holder identification does not match issuer records)	Reattempt permitted up to 15 attempts in 30 days

The most common Mastercard response codes for declined authorizations that can be reattempted

Code	Meaning	Recommended action
05	Do not honor	Reattempt permitted up to 9 attempts in 24 hours.
51	Insufficient funds	Reattempt permitted up to 9 attempts in 24 hours.
79	Life cycle	Reattempt permitted up to 9 attempts in 24 hours.
82	Policy	Reattempt permitted up to 9 attempts in 24 hours.
83	Fraud/Security	Reattempt permitted up to 9 attempts in 24 hours.

These codes belong to both the Do not try again and Try again later categories.

If Netaxept responds with the PB response code (permanent block), it is important not to make any further reattempts.

Updating your recurring agreement for a new card transaction

If a transaction is rejected with a Do not try again error code, which prohibits authorization reattempts, update your recurring/subscription agreement with a new card before trying the transaction again.

For detailed instructions on adding a new card, please visit the Tokenization page.

Testing Instructions

We have specific test cards that will trigger the new PB and TB response codes. With these cards, you can test how your integration manages responses from Netaxept by forcing specific response codes and reviewing the functionality of your implemented reattempt logic.

By adjusting the transaction amount, you can define the specific response code that Netaxept will generate. To achieve the desired response code, use amounts ranging from 0.01–0.99 and 1.01–1.99. For example, if you set the amount to 1.41 EUR and perform a Process call (Auth or Sale), the resulting response code will be 41, which, if retried, will trigger the PB response code.

In cases where the response code falls under the Do not try again category, Netaxept will respond with the code PB for subsequent reattempts.
If the code falls under the Try again later category, you will receive a TB response once the number of reattempts exceeds the limits specified by Visa/Mastercard.

In the Test environment, you will find dedicated test cards that are available for testing excessive authorization responses.

Q&A

1. What should I do as a merchant?

To ensure compliance with authorization reattempts and to align with Visa and Mastercard expectations, we recommend the following actions:

Familiarize yourself with the provided guidance and ensure you follow it.
Understand how Netaxept will respond to excessive authorization reattempts.
Adapt your reattempt logic in accordance with the new requirements.

2. Where to get the response code?

There are various options for obtaining the decline reason (response code):

From the BBSException result in the response of the Process call.
Within the Error object of the Query response.
By checking the Netaxept Admin portal (Transaction details – History - Errors).

Authorization reattempts

3. How do I identify when a transaction is being blocked by Netaxept?

Netaxept will produce a BBSException accompanied by a response code PB or TB for every blocked authorization. This occurs when the card issuer had previously returned a response code indicating non-approval of the transaction (PB), or when the maximum reattempt limit has been exceeded (TB). A descriptive message will be included to offer additional clarification.

4. Do I need a separate reattempt logic for Visa and Mastercard?

We suggest applying a consistent logic for both Visa and Mastercard transactions, enforcing the same limit of 15 reattempts within a 30-day timeframe. However, we suggest implementing it so that the number of reattempted authorizations does not exceed 9 reattempts within a 24-hour period.

5. Do I need to consider these new requirements?

There might be an impact if you process Visa and Mastercard payments in your webshop and/or call centre service and reattempt an authorization that meets the specified criteria after a previously declined attempt.

If your business provides services involving stored cards (card-on-file), including recurring payments, subscriptions, one-click payments, or any recurring payment without a fixed schedule (merchant-initiated transactions, MIT), it's probable that it could have an impact. It's important to assess your current reattempt logic and ensure it is in line with the requirements for compliance.

6. Can I test excessive authorization responses in the Test environment? If so, how can I do that?

It is possible to test how Netaxept responds to excessive authorization reattempts in the Test environment. While we offer generic test cards suitable for most testing scenarios, for this specific requirement, we offer dedicated card numbers available on the Test environment page.

Considerations for testing excessive authorization scenarios:

To accurately simulate real payment scenarios, please use the dedicated test cards provided in the Test cards section.
By editing the amount, you can create test transactions with a specific error code to trigger a PB or TB error response.
Standard test cards are not suitable for testing excessive authorization reattempt scenarios as they do not trigger the relevant response codes (PB & TB).