Skip to content

    Managing authorization reattempts

    This section provides an overview of managing Visa and Mastercard authorization reattempts and maintaining compliance.

    Please note that the new response codes and Netaxept’s transaction blocking mechanism presented on this page are currently active only in the Netaxept Test environment for merchant testing. The deployment to production will be on the 25th of January 2024.

    Efficient and compliant retry logic on card payments

    In card payments, it's possible for a card issuer to decline an authorization request for various reasons. These reasons can include insufficient funds, an expired card, an incorrect CVC, and more.

    To enhance the visibility of transaction declines and to reduce unsuccessful authorization reattempts, Visa and Mastercard have introduced detailed reason codes. These codes aim to guide you through appropriate actions.

    These actions are based on the reason codes, and they can be summarised as follows:

    • Do not try again - you should not reattempt authorization since the card issuer will never approve.

    • Try again later - you may retry, with certain limitations, as reattempts often lead to successful outcomes at a later point.

    It is important to note that some transaction declines permit reattempts, while others do not. Retrying an authorization could result in fines from Visa or Mastercard.

    Netaxept provides response codes for each unsuccessful authorization reattempt, allowing you to make informed decisions. To support compliance, Netaxept automatically blocks further reattempts based on the response code's indication of a low authorization likelihood.

    New response codes have been introduced for these specific purposes:

    • PB - permanent block

    • TB - temporary block

    To stay compliant, you should take appropriate actions when a transaction is declined with any of the two mentioned response codes.

    To learn more about how to manage these scenarios, please refer to the following sections on Never reattempt and Reattempts allowed with limitations scenarios and their related codes.

    Declined authorizations you should never reattempt

    You should never reattempt authorizations that the card issuer has declined with a Do not try again response code. These transactions will never be approved if reattempted.

    To assist you in complying with card scheme rules, Netaxept has implemented a permanent transaction-blocking mechanism for transactions that result in a response code indicating that authorization cannot be reattempted.

    Once this rule becomes active, Netaxept will automatically block subsequent reattempts and return a BBSException within the Process call. This exception will contain the decline reason (response code) along with a descriptive message:

    • ResponseCode: PB

    • ResponseText: Transaction permanently blocked as per card scheme authorization reattempt rules. Do not try again.

    • ResponseSource: Netaxept

    To optimize transaction handling and align with industry best practices, it is crucial not to process reattempts for transactions flagged with a response code categorized as Do not try again. Avoiding the PB response code, signaling the triggering of a block, is essential for maintaining a streamlined transaction flow. In the event of receiving the PB response, it is recommended to enhance your retry logic to achieve more efficient outcomes.

    Example of an error response for an authorization that has been permanently blocked

    <Exception xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
      <Error xsi:type="BBSException">
        <Message>Unable to sale</Message>
          <Result>

    The response codes from Visa and Mastercard for declined authorizations that should never be reattempted

    CodeMeaningRecommended actionCard
    04Pick up card (no fraud)Do not reattempt. The issuer will never approve.Visa/Mastercard
    07Pick up card, special condition (fraud account)Do not reattempt. The issuer will never approve.Visa only
    12Invalid transactionDo not reattempt. The issuer will never approve.Visa only
    14Invalid account numberDo not reattempt. The issuer will never approve.Visa/Mastercard
    15No such issuerDo not reattempt. The issuer will never approve.Visa only
    41Lost card, pick upDo not reattempt. The issuer will never approve.Visa/Mastercard
    43Stolen card, pick upDo not reattempt. The issuer will never approve.Visa/Mastercard
    46Closed accountDo not reattempt. The issuer will never approve.Visa only
    54Expired cardDo not reattempt. The issuer will never approve.Mastercard only

    Mastercard response codes that belong both the "Do not try again" and "Try again later" groups

    CodeMeaningResponse code: Recommended action
    05Do not honorPB: Do not reattempt / TB: Try again later
    51Insufficient fundsPB: Do not reattempt / TB: Try again later
    79Life cyclePB: Do not reattempt / TB: Try again later
    82PolicyPB: Do not reattempt / TB: Try again later
    83Fraud/SecurityPB: Do not reattempt / TB: Try again later

    If Netaxept responds with the PB response code (permanent block), you should not reattempt the authorization again.

    Reattempts allowed with limitations

    Visa and Mastercard have established reattempt limits for declined authorizations that receive the Try again later response code.

    • Visa allows 15 attempts within a 30-day period.

    • Mastercard allows 9 attempts within a 24-hour period.

    For the Try again later category response codes and all others, we recommend a consistent approach for retry logic across Visa and Mastercard transactions. Set a common limit of 15 reattempts within a 30-day period. However, configure the implementation to restrict the number of reattempted authorizations to no more than 9 within a 24-hour timeframe.

    To assist you in complying with these new rules, Netaxept has implemented a temporary blocking mechanism for transactions with limited reattempts:

    • Visa: a temporary block is applied to reattempted authorizations that exceed 15 reattempts within a rolling 30-day period.

    • Mastercard: a temporary block is applied to reattempted authorizations that exceed 9 reattempts within a 24-hour duration.

    • The reattempt counter is reset after receiving an approval response.

    Once this rule becomes active, Netaxept will automatically block subsequent reattempts and return a BBSException within the Process call. This exception will contain the decline reason (response code) and a descriptive message:

    • ResponseCode: TB

    • ResponseText: Transaction temporarily blocked as per card scheme authorization reattempt rules. Try again later.

    • ResponseSource: Netaxept

    In these situations, it's highly recommended to establish a clear reattempt strategy that respects the card scheme's reattempt limitations.

    Example of an error response for an authorization that has been temporarily blocked

    <Exception xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
      <Error xsi:type="BBSException">
        <Message>Unable to sale</Message>
          <Result>

    The most common Visa response codes for declined authorizations that can be reattempted

    CodeMeaningRecommended action
    03Invalid merchantReattempt permitted up to 15 attempts in 30 days
    19Re-enter transactionReattempt permitted up to 15 attempts in 30 days
    54Expired card or expiration date missingReattempt permitted up to 15 attempts in 30 days
    55PIN incorrect or missingReattempt permitted up to 15 attempts in 30 days
    59Suspected fraudReattempt permitted up to 15 attempts in 30 days
    61Exceeds approval amount limitReattempt permitted up to 15 attempts in 30 days
    62Restricted card (card invalid in region or country)Reattempt permitted up to 15 attempts in 30 days
    65Exceeds withdrawal frequency limitReattempt permitted up to 15 attempts in 30 days
    70PIN data requiredReattempt permitted up to 15 attempts in 30 days

    The most common Mastercard response codes for declined authorizations that can be reattempted

    CodeMeaningRecommended action
    05Do not honorReattempt permitted up to 9 attempts in 24 hours.
    51Insufficient fundsReattempt permitted up to 9 attempts in 24 hours.
    79Life cycleReattempt permitted up to 9 attempts in 24 hours.
    82PolicyReattempt permitted up to 9 attempts in 24 hours.
    83Fraud/SecurityReattempt permitted up to 9 attempts in 24 hours.

    These codes belong to both the Do not try again and Try again later categories.

    If Netaxept responds with the PB response code (permanent block), it is important not to make any further reattempts.

    Updating your recurring agreement for a new card transaction

    If a transaction is rejected with a Do not try again error code, which prohibits authorization reattempts, update your recurring/subscription agreement with a new card before trying the transaction again.

    For detailed instructions on adding a new card, please visit the Tokenization page.

    Testing Instructions

    We have specific test cards that will trigger the new PB and TB response codes. With these cards, you can test how your integration manages responses from Netaxept by forcing specific response codes and reviewing the functionality of your implemented reattempt logic.

    By adjusting the transaction amount, you can define the specific response code that Netaxept will generate. To achieve the desired response code, use amounts ranging from 0.01–0.99 and 1.01–1.99. For example, if you set the amount to 1.41 EUR and perform a Process call (Auth or Sale), the resulting response code will be 41, which, if retried, will trigger the PB response code.

    • In cases where the response code falls under the Do not try again category, Netaxept will respond with the code PB for subsequent reattempts.

    • If the code falls under the Try again later category, you will receive a TB response once the number of reattempts exceeds the limits specified by Visa/Mastercard.

    In the Test environment, you will find dedicated test cards that are available for testing excessive authorization responses.

    Q&A

    1. What should I do as a merchant?

    To ensure compliance with authorization reattempts and to align with Visa and Mastercard expectations, we recommend the following actions:

    • Familiarize yourself with the provided guidance and ensure you follow it.
    • Understand how Netaxept will respond to excessive authorization reattempts.
    • Adapt your reattempt logic in accordance with the new requirements.

    2. Where to get the response code?

    There are various options for obtaining the decline reason (response code):

    • From the BBSException result in the response of the Process call.
    • Within the Error object of the Query response.
    • By checking the Netaxept Admin portal (Transaction details – History - Errors).

    Authorization reattempts

    3. How do I identify when a transaction is being blocked by Netaxept?

    Netaxept will produce a BBSException accompanied by a response code PB or TB for every blocked authorization. This occurs when the card issuer had previously returned a response code indicating non-approval of the transaction (PB), or when the maximum reattempt limit has been exceeded (TB). A descriptive message will be included to offer additional clarification.

    4. Do I need a separate reattempt logic for Visa and Mastercard?

    We suggest applying a consistent logic for both Visa and Mastercard transactions, enforcing the same limit of 15 reattempts within a 30-day timeframe. However, we suggest implementing it so that the number of reattempted authorizations does not exceed 9 reattempts within a 24-hour period.

    5. Do I need to consider these new requirements?

    There might be an impact if you process Visa and Mastercard payments in your webshop and/or call centre service and reattempt an authorization that meets the specified criteria after a previously declined attempt.

    If your business provides services involving stored cards (card-on-file), including recurring payments, subscriptions, one-click payments, or any recurring payment without a fixed schedule (merchant-initiated transactions, MIT), it's probable that it could have an impact. It's important to assess your current reattempt logic and ensure it is in line with the requirements for compliance.

    6. Can I test excessive authorization responses in the Test environment? If so, how can I do that?

    It is possible to test how Netaxept responds to excessive authorization reattempts in the Test environment. While we offer generic test cards suitable for most testing scenarios, for this specific requirement, we offer dedicated card numbers available on the Test environment page.

    Considerations for testing excessive authorization scenarios:

    • To accurately simulate real payment scenarios, please use the dedicated test cards provided in the Test cards section.
    • By editing the amount, you can create test transactions with a specific error code to trigger a PB or TB error response.
    • Standard test cards are not suitable for testing excessive authorization reattempt scenarios as they do not trigger the relevant response codes (PB & TB).

    Was this helpful?

    What was your feeling about it?