How Credit Card Response Codes Work
In its most basic form, a credit card response code is an alphanumeric code that tells a merchant whether the bank approves a transaction. If it were simply a matter of returning a “Yes” or “No” answer, understanding the process would be relatively simple. As you’ve probably guessed, it’s not really that cut-and-dry.
In this post, we’ll address some of the complexities of credit card response codes. Before we start, however, let’s take a look at few terms you’ll need to be familiar with.
The process of obtaining approval or denial of a credit card transaction from the issuing bank.
(also known as Issuer’s Response Code or Authorization Response Code) A two- to six-digit alphanumeric code provided by the issuer that indicates the authorization response.
The response to the authorization request that tells the merchant whether the transaction should be accepted or denied, the reason for that decision, and (in some cases) what the merchant should do.
The communication that happens between the issuer and processor, encompassing the authorization code and authorization response.
As you can see, even the terminology may be confusing, especially when people use the terms interchangeably. Essentially, the authorization message contains the authorization code, which is shorthand for the actual authorization response.
What Happens in the Authorization Process
“Authorization approval code.” The very name sounds strong, secure, and final. If you’re familiar with how they function, however, you probably know it’s a false sense of security. Merchants need to be aware of the nuances in both approval codes and decline codes. So, let’s start at the beginning of the cycle: the sales transaction.
When a cardholder attempts to make a credit card transaction, the merchant makes a digital “phone call” to the customer’s bank (the issuer), requesting authorization for the transaction. The bank receives the data—including the card information and purchase amount—and compares it against their account information.
The bank tries to ensure the information matches its own records, as well as verify that the account has sufficient funds to cover the transaction. The bank then decides to either issue an approval code or a decline code, and then returns that data to the merchant.
Authorizations codes can identify fraud, but preventing it requires a multi-tiered strategy. Ask us why.
This is all done digitally; within seconds, the merchant has an authorization response in the form of a credit card response code. Based on the code, the merchant knows whether to complete or decline the transaction, or to take other actions.
It’s important to note that an authorization request temporarily reduce the cardholder’s available credit. However, the funds aren’t charged to the card until the merchant settles the daily batch of transactions.
Interpreting the Authorization Response
The authorization response is the actual information represented by the authorization response code. The response details the issuer’s desired—or required—way to proceed with the transaction.
Codes are used both because they can speed up the digital transmission, and because there’s a limited amount of visual message space available on the terminal. Utilizing codes means issuers and processors can craft their own messages—as long or as short as they like—without worrying about limitations of the equipment. Every issuer and processor has its own set of specifics, but authorization responses will include either an approval code or a decline code...even though restrictions may apply.
Authorization approval codes tend to be straightforward. They’re issued when all of the following conditions apply:
- The card has not been reported lost or stolen.
- The account is in good standing.
- The account has sufficient funds to cover the transaction expense.
A decline code, on the other hand, means one of the above conditions isn’t there:
- The card has been reported lost or stolen.
- The account is not in good standing.
- The account does not have sufficient funds to cover the transaction expense.
An approval code means everything’s okay across the board. A decline code, however, not only tells the merchant that something is amiss, it can also point out the specific problem, and in some cases tell the merchant what to do next. This is where things can get a little complicated.
Yes, No ... Maybe?
The merchant may receive an authorization code indicating a flat denial. Typical reasons for this include:
- There are not enough funds in the account (for a debit card transaction) or the within the credit limit (for credit cards) to complete the transaction.
- The credit card has expired. This is most commonly associated with recurring payments, where the merchant has a card on file for the customer.
- There is a problem with the network or equipment, and the terminal is unable to connect with the bank.
In some situations, however, the code might mean an action is required on the part of the merchant. For example:
|Pick up card||The issuer wants the merchant to keep the card, thereby removing it from circulation. This is usually in response to a lost or stolen card report.|
|Invalid account number||The credit card account number provided doesn’t match any on file with the issuer. Again, the bank wants the merchant to keep the card; the card might have been stolen but not yet reported. For whatever reason, the bank has no record of it.|
|Incorrect PIN||The Personal Identification Number entered by the cardholder doesn’t match what the bank has on file. The merchant should retry the transaction.|
|Chip Card Removed||The customer removed the card before the process was completed. Again, retry the transaction.|
|Duplicate Transaction||The same transaction amount—including card account and invoice number—has been attempted within the last 10 minutes. Try changing the invoice number, or simply wait 10 minutes before reattempting.|
|Call||The issuing bank is requesting direct contact with the merchant before processing the transaction.|
|Invalid Amount||Since authorization can only be conducted for the exact sales amount, seeking an authorization for a different amount will cause the transaction to be declined. The merchant must delete the incorrect authorization and re-authorize for the correct amount.|
Obviously, the reasons can get very granular depending on the bank or processor. For example, a processor may lump all merchant “Exceeded Limits” errors together under one or two codes. They might also create a host of different codes that indicate more specifically whether the merchant is exceeding a daily limit, a monthly limit, or the limit for an individual transaction.
Other Parts of the Authorization Message
In addition to providing the authorization response and the authorization code, the authorization message can also include the Address Verification Service code. Some processors might report the card security code authorization here as well.
Here is an example of what an authorization approval code might look like:
Here is an example of a declined transaction. Note, the AVS code will probably not be included in these situations.
The Role of Authorization Codes in the Chargeback Process
Requesting an authorization code means the merchant will be alerted to fraudulent transactions placed on any cards reported lost or stolen. It’s a good fraud prevention technique for that reason alone.
But there’s more: certain chargeback reason codes can be evoked if the merchant doesn’t seek authorization (or proceeds after receiving a declined authorization response). Obtaining authorization and/or terminating declined transactions will prevent these chargebacks.
While an easily-implemented form of fraud mitigation, requesting an authorization code offers nothing else in the way of chargeback prevention or representment assistance. An authorization approval code doesn’t successfully contest chargebacks filed as unauthorized transactions. An approval code simply verifies the account has sufficient funds, not that the transaction is actually sanctioned by the cardholder.
Successful chargeback management is a systematic multi-tiered process that involves myriad intricate details. If you’re looking for a strategy that has been proven successful across companies and industries, let us know. We’ll show you how successful your prevention and representment efforts can actually be, backed by the industry’s only performance-based ROI guarantee.