Credit Card Authorization Response Codes

The Payment Service authorizes a credit card transaction and sends a response message. The message contains an authorization response code that indicates whether the transaction was approved, timed out, or declined.

Note: Availability of these response codes requires schema version 1.2.

Response Code

Description

Recommended Handling*

AcceptOrderWithException

Send the order to the order management system where the authorization response data will be processed by the fraud screening service.

The order can be accepted and released to the order management system, only if it passes fraud/risk service check and the order management system has the ability to retry and get valid authorization before releasing the shipment

APPROVED

The authorization was approved

The order should be accepted

AVS

The billing address could not be validated

Prompt the customer to correct address details. A maximum number of attempts can beconfigured. After that number of attempts has been reached, the order should be accepted. For digital wallet orders, accept the order without retrying or prompting for address change.

CSC

The card security code could not be validated

Prompt the customer to correct card security code details. A maximum number of attempts can be configured. After that number of attempts has been reached, the order should be accepted.** For digital wallet orders, accept the order without retrying or prompting for CSC correction.

AVSCSC

Both the billing address and the card security code could not be validated

Prompt the customer to correct address and card security code details. A maximum number of attempts can be configured. After that number of attempts has been reached, order should be accepted. For digital wallet orders, accept the order without retrying or prompting for address or CSC corrections.

DECL

The authorization was declined

Prompt the customer to complete the order using alternate card or tender. A maximum number of attempts can be configured. After that number of attempts has been reached the order should be accepted if the fraud screening service is capable of properly evaluating the order; otherwise, it should be rejected.

Authorization cancel requests should not be sent if this response code is received.

DECLF

The authorization was declined due to a lack of funds or credit

Prompt customer to complete the order using alternate card or tender. A maximum number of attempts can be configured. After that number of attempts has been reached the order should be accepted if the fraud screening service is capable of properly evaluating the order; otherwise, it should be rejected.

Authorization cancel requests should not be sent if this response code is received.

DECLR

The authorization was declined because the card has been reported lost or stolen

The customer should not be prompted for an alternate payment. The order should be accepted if the fraud screening service is capable of properly evaluating the order; otherwise, it should be rejected.

Authorization cancel requests should not be sent if this response code is received.

PaymentProcessorTimeout

The payment processor did not respond

A maximum number of retry attempts can be configured. Order can be accepted and released to order management system after all the retry attempts are exhausted, only if order management system have the ability to retry and get valid authorization before releasing the shipment.***

*Advice provided is only a recommendation. It must be ensured that proper checks are in place in the fraud and/or order management systems to appropriately determine if the order needs to be held, unless a proper authorization is on file. This is applicable for all cases except for when the response code is APPROVED.

**CSC Response Code should be treated as APPROVED when the transaction is of Digital Wallet type.

***In case a timeout is encountered while processing Digital Wallet transactions such as Apple Pay:

  1. Do not accept the order, as re-authorizations are not supported for this type of transaction
  2. Re-initiate the transaction from the customer's mobile wallet, to submit a new authorization request using a new generated blob
  3. If the transaction cannot be re-initiated from the mobile wallet, ask customer to complete the order providing alternate tender