Understanding Merchant Advice Codes
Merchant advice codes are codes returned by credit card issuers and payment service providers (PSPs) to indicate the reason for declining a payment transaction. The code also includes information on how a merchant should proceed, i.e. whether and when the merchant should re-submit the transaction request. Merchants should pay close attention to these codes, as failing to adhere to the information supplied (e.g. try again in 10 days) can result in fines.
Why Transactions are Declined
When attempting to charge a credit card, the first step in the process is to send an authorization request to the issuer, i.e. the bank that has issued the card. The bank analyzes the transaction request and decides whether to approve or decline the transaction. Transactions can be declined for various reasons, including:
- Incorrect payment information, such as the wrong credit card number or CVV, or the billing information not matching the address of the cardholder
- Insufficient funds to cover the payment, e.g. because the cardholder has reached their credit limit or because of insufficient funds in their account
- The payment exceeds the maximum amount allowed for a single charge to that credit card
- Suspicions of fraud, which are particularly common for transactions where the seller and buyer are located in different countries
- The credit card has expired or been blocked by the owner due to loss/theft
Receiving Merchant Advice Codes
When sending a decline response, this response includes a merchant advice code indicating the reason for the decline. Depending on the reason, merchants may be able to retry the same transaction later; for example, if the card’s credit limit has been reached, the transaction may be successful at a later date.
Merchant advice codes thus provide merchants with information on both the reason for declining the transaction and whether and when to retry the transaction. In some cases - such as where the card has been reported as stolen - subsequent attempts to authorize the transaction will never succeed. Merchants should avoid re-submitting the same transaction if this is the case.
Type of Merchant Advice Codes
The actual codes returned by issuers and any intermediary PSPs differ, but they can be broadly divided into 3 categories:
- The transaction can be retried, but the merchant should submit additional information in the request, e.g. Strong Customer Authentication (SCA) data. These are referred to as soft declines.
- The transaction should be retried at a later date, e.g. because the cardholder has reached their credit limit for the month.
- The transaction should never be retried, as it will never succeed, e.g. because the card has been reported as lost or stolen.
The following table lists the codes used by Mastercard.
| Code | Message |
|---|---|
| 01 | Updated information needed |
| 02 | Cannot be approved now, try again later |
| 03 | Do not try again |
| 04 | Token requirements not fulfilled for this token type |
| 21 | Payment canceled |
| 24 | Retry after 1 hour |
| 25 | Retry after 24 hours |
| 26 | Retry after 2 days |
| 27 | Retry after 4 days |
| 28 | Retry after 6 days |
| 29 | Retry after 8 days |
| 30 | Retry after 10 days |
Mastercard Merchant Advice Codes
Handling Merchant Advice Codes
Merchants should ensure that they respond appropriately to the merchant advice codes as not doing so can incur fines. Depending on the PSP and the card scheme, additional information may be available on why the transaction was declined and when to retry the transaction.
If the merchant advice code indicates that the transaction should not be retried, merchants should avoid submitting the transaction again. This includes not submitting the same card details via an alternative provider, as the transaction will never be successful.
If the transaction can be retried with supplemental data, the merchant should check if the code includes information on what data is missing (e.g. SCA required, CVV missing, wrong expiry date). In some cases, the merchant may need to ask the cardholder to supply this additional information, such as the CVV or card expiry date. In other cases, such as missing SCA, the merchant may be able to automatically retry the transaction using 3DS.
If the transaction can be retried at a later date, the merchant should check if additional information is available on when to resubmit the transaction, e.g. retry after 1 hour, or retry after 10 days. If no time period is indicated, merchants should avoid re-submitting the same transaction repeatedly over a short period of time, as doing so can result in fines from the acquirer or card schemes.
Merchant Advice Codes in IXOPAY
IXOPAY receives and handles merchant advice codes using various standards, including both codes sent by the card schemes as well as proprietary codes sent by various PSPs. These codes are not uniform. The raw merchant advice codes are stored in the returnData.merchantAdviceCode field in IXOPAY and can be reviewed by merchants. As well as storing the merchant advice code, IXOPAY has its own error codes for payment errors, and merchant advice codes are mapped to these error codes.
If the transaction does not receive a hard decline, IXOPAY automatically retries the transaction with the fallback PSP configured in IXOPAY’s Routing Engine. If the code indicates a soft decline due to missing Strong Customer Authentication (SCA) and the integration supports IXOPAY’s own 3DS (3-Domain Secure) solution, merchants can also opt to automatically retry transactions with 3DS enabled.
If merchants frequently see transactions declined with this error code, it can make sense to revise their 3DS strategy. IXOPAY allows merchants to enable 3DS for all transactions or exempt recurring transactions and transactions below a certain threshold from 3DS.
If the merchant advice code indicates that a transaction should be resubmitted later or requires additional information, the transaction is added to a list for manual review. In cases where the cardholder needs to supply additional information (e.g. CVV or expiry date), merchants will need to inform the cardholder and ask them to supply the missing information. IXOPAY’s card updater can also help prevent transactions from being declined due to outdated card information. This can be particularly useful for subscription service, and ensures that customer card data is always up-to-date..
If the merchant advice code received by IXOPAY indicates that a transaction should never be retried, the doNotResubmit flag in the error response is also set to true. This flag is used to ensure that merchants do not resubmit the transaction and thus avoid any fines.
Benefits to Merchants
Merchant advice codes provide merchants with additional information on why a transaction has been declined, and help them fine tune their retry strategy. If a transaction can be retried, merchants can recover a proportion of transactions that would otherwise be lost, which is beneficial to their bottom line. Merchant advice codes also help merchants avoid incurring fines for retrying transactions that will never succeed.
About IXOPAY
IXOPAY is a best-of-breed payment orchestration platform offering flexible and independent global payment processing options. Fully PCI-DSS Level 1 certified and highly scalable, IXOPAY caters to the needs of enterprise merchants and white label clients, including payment service providers (PSPs), acquirers and independent sales organizations (ISOs). Built upon modern, easily extendable architecture, IXOPAY provides smart transaction routing with cascading, state-of-the-art risk and fraud management, fully automated reconciliation and settlements processing, comprehensive reporting and access to hundreds of acquirers, payment service providers and alternative payment methods.
IXOPAY is trusted by national and international enterprises and has offices in Austria and the USA. The owner-led and financed company has grown from 2 to nearly 100 employees by delivering innovative eCommerce solutions.
For more information, visit: https://www.ixopay.com