Visa recognized that the existing decline code system for transaction authorizations was sorely out of date for today’s standards. So they set out to overhaul the system. After taking a deep dive into the main causes of most transaction declines, Visa drafted an entirely updated rule set.
Visa is introducing new rules for fraud prevention, data transparency, and decline rates in CNP payments. While some changes took effect in 2020, most became effective in April 2021, and some will continue to hit effective dates through 2023.
The rules are intended to reduce fraudulent payment activity as well as help merchants understand the transaction process better. But they will also have a major effect on your payment processes as well as your merchant account rates.
Often, when a transaction authorization is declined, the associate will attempt to process the transaction again to see if it goes through. This can result in extra fees for the business owner.
Visa’s new rules define when merchants are allowed to retry a transaction. They also define how many times they are allowed to reattempt the transaction within a specific time period. And they disclose the fees associated with the additional authorization reattempts.
For all categories, merchant fees for reattempts go into effect beginning April 1, 2021. (See category breakdown below)
For category 1, any attempt to retry a declined transaction will result in additional fees for the merchant.
For each of the remaining categories, merchants are allowed up to 15 retries within 30 days without extra fees. Any attempt beyond 15 will result in additional fees. The one major exception is Decline code 14 (Cat 3) Invalid Account Number. Visa does not permit merchants to reattempt authorization for decline code 14. If you do, it will result in a non-compliance fee.
Beginning April 1, 2021, Visa will charge $0.10 per transaction for domestic transactions reattempts beyond 15. Beginning October 1, 2021, Visa will charge $0.15 for international transactions beyond the initial 15 tries.
Merchants who offer memberships and subscriptions will need to pay close attention to these new rules. The very nature of recurring transactions means there are commonly more authorization attempts. Recurring billing relies on card-on-file data. But this data often changes with time. Cards can be lost or stolen, or they simply expire. Customers often forget to update their card-on-file data, resulting in automatic declines.
Today, we’re going to summarize the new rules in each category for merchants to help make them easier to understand. We will also cover strategies merchants can use to avoid new Payment Processing fees associated with the new rules and how we can help.
There is a clear lack of consistency in decline reason code application. This unfortunately has fueled authorization denial rates over the years. There are over 5000 card issuers in the U.S. As you can imagine, without a universal code list, there are a lot of discrepancies between companies and the codes they commonly use. In addition, many issuers tend to default all declines to the most common category, whether it applies or not.
In order to create more clarity in the payment process for merchants, decline codes will now fall into one of 4 categories. This allows card issuers to provide accurate reasons, so there is less confusion for merchants when a transaction is declined.
Category 1 - Issuer will not approve
Category 2 - Issuer cannot approve at this time
Category 3 - Data quality issues
Category 4- Generic response codes
Within each category exists several sub reasons for the decline. This is to further clarify the specific reason the card issuer is declining the authorization. For example, if you run a stolen card, you will receive a category 1 decline with a sub decline code of 43 - stolen card. We will list the decline codes that fall in each category below.
Let's break down the specifics of each decline code category.
This category is for transactions that the card issuer will never approve. This category indicates that the card has been blocked for use, or possibly never existed.
Beginning October 1, 2021, merchants will be charged a non-compliance assessment for any attempt to reauthorize any category 1 decline.
03 Invalid Merchant
04 Pickup Card
07 Pickup card (special condition)
12 Invalid Transaction
15 No such issuer
41 Pickup card (lost card)
43 Pickup card (stolen card)
57 Transaction not permitted to cardholder
62 Restricted card
78 No Account
93 Transaction cannot be completed
R0 Stop payment order
R1 Revocation of authorization order
R3 Revocation of all authorization
Declines that fall into this category are ones that normally could be approved, but there is an issue at the moment. These types of declines are of a temporary nature. Because the information is correct, but circumstances are there that could change or improve. It means the issuer could approve the authorization if reattempted at a later time. This can be anything from a system issue to insufficient funds availability.
Visa will allow up to 15 reattempts per card within a 30-day period. Any attempt to reauthorize the transaction beyond 15 results in additional fees.
19 Re-enter transaction
51 Insufficient funds
59 Suspected fraud
61 Exceeds withdrawal amount limits
65 Exceeds withdrawal frequency
75 Allowed number of PIN entry tries exceeded
86 ATM malfunction
91 Issuer or switch is inoperative
96 System malfunction
N4 Cash request exceeds issuer limit
N3 Cash service not available
Declines will fall into this category when the card issuer cannot approve the transaction based on the data submitted. In other works, one piece of the transaction data is either incorrect or invalid. This can happen when the CVV code is entered incorrectly or the expiration date is incorrect or expired.
Merchants are allowed to reattempt the transaction up to 15 times within a 30-day period for most Category 3 declines. However, merchants are not permitted to reattempt decline code 14- Invalid account number.
14 Invalid account number
54 Expired card
55 Incorrect PIN
82 Negative online CAM, dCVV, iCVV, or CVV results
N7 Decline for CVV2 failure [Visa]
In the Europe region: 1A (Additional customer authentication required)
In the Europe region: 70 (PIN data required)
This category is for authorization declines where no other code applies. While the majority of decline responses fall into one of the other categories, there will be some that won’t apply. Most of the time, it will be due to the decline being for technical reasons. Or the reason may simply not apply to merchants or acquirers.
For this reason, they have reserved a category to place declines that don't fit in any other category.
Issuers may use Category 4 codes for special circumstances, however they must only do so if necessary. To curb use, Visa has put a limit on category 4 code use for issuers. Category 4 codes can only account for 10 percent of their total declines.
It has become common practice by some merchants to amend data fields in an attempt to get approval after the initial decline. However, Visa knows that manipulating data fields such as MCC, merchant country, and AVS only serve to waste resources and time for everyone.
To combat this practice, Visa will charge a Non-Compliance Fee for every reauthorization attempt with altered data fields. Even if the data change is the result of accidentally mis-keyed data or a fraud attempt, merchants will be charged the fee. Unfortunately this is a case where everyone will pay for the bad acts of the few.
First party fraud, also called friendly fraud, is becoming a significant problem for merchants. This type of fraud occurs when a customer uses the chargeback filing process to recover the costs of a legitimate purchase.
The cardholder dispute system, created by card issuers, is meant to protect customers against fraud and unscrupulous merchants.
However, abuse of the system is becoming all too common among normally good customers. And it costs both merchants and card issuers a lot of money.
In fact, recent fraud statistics are staggering:
This is a problem that must be addressed both locally and through consumer education.
MonerePay, together with our banking partner, works diligently to ensure accurate card holder data and maximize transaction approvals. In addition, we work tirelessly to create and provide tools to help merchants combat fraud.
However, merchants might be surprised to learn that most declines are not due to fraud control. In fact, most declines are attributed to insufficient credit, invalid data submission, or card status.
There are several ways your Merchant Service Provider can support you in meeting the new Visa rules. Contact your merchant account provider to make sure your services are set up properly to reduce reattempts and/or inaccurate data.
We can help you create a balanced authorization retry strategy. We will review your current practices and create accurate decline code mapping. Then we compare incremental revenue against repeated declines. A balanced strategy will include validating compliance with Visa submission rules to avoid fees and assessments.
And we will want to make sure you employ preventative measures, such as fraud mitigation software, to reduce your attack exposure.
Account Updater is an automated service that automatically updates a customer's “card-on-file” when there is a new expiration date or the bank issues a new account number. This will help reduce declines for expired cards, as well as the following reattempts for recurring billing.
Our experienced, ETA-Certified advisors can also review your MCC (merchant category code) for accuracy. Some MCCs have higher risk ratings. There are also occasional MCC status changes that could apply to your business. Making sure your MCC is the most accurate can help maximize transaction authorization rates.
You can also program your system to not produce a retry action based on specific decline response. For instance, in the case of a Category 1 or code 43 declines, where reauthorization attempts are prohibited.
Merchants, issuers, and processors must work closely together to develop strategies to reduce decline rates. Only by working together will we be able to address challenges in data transparency along with risk analysis.
If you're interested in customized merchant services that leverage innovative financial technology, MonerePay is for you. Your dedicated account advisor will craft a customized merchant account solution specifically for your needs.
Call us today, it's time you see how MonerePay powers business.