Guides and reports

Do Not Honor and other card refusals: What they mean and how to avoid them

Unravel “Do Not Honor,” “Insufficient Funds,” and “Suspected Fraud” declines and explore how to turn them into a successful payment.

June 5th, 2024
 ·  8 minutes
Business owner at cafe countertop analyzing Adyen financial dashboard on laptop with receipt and coffee cup.

Payment decline codes can be as ambiguous as they are ubiquitous. The 05 Do Not Honor credit card response can represent anything from 10% to 60% of your refused payments. But what does it actually mean? And what can you do about it? Unfortunately, there isn’t one easy answer. But years of experience analyzing authorization rates, partnering with card schemes, and building our own issuing bank has given us some ideas.

The anatomy of a card refusal

When you process a customer’s card payment, your acquirer sends the payment request via the card schemes (Visa/Mastercard) to your customer’s issuing bank. The bank then evaluates the data it’s received and makes a decision on whether or not to approve the transaction. 

In most cases, the transaction is approved and everyone can go about their day. However, there are several scenarios in which the issuer refuses the transaction. This refusal is conveyed via a two/three character response code, which is returned to you. In some cases, your payments service provider (PSP) will include an interpreted translation of this code to give you a better idea of what’s going on.

This entire process takes place while your customer is waiting for their purchase to be approved. It’s worth having a plan of action in place in the case of a decline. But what you do will depend on the code you receive.

05 Do Not Honor: The original decline response

05 Do Not Honor is a catch-all response code meaning the customer’s issuing bank refuses to authorize the transaction. 

In the past, issuing banks would resort to 05 Do Not Honor for every decline reason, from insufficient funds to suspected fraud, to canceled cards. As such, it could represent anywhere up to 60% of your refused payments. But in recent years, the card networks have cracked down, establishing programs to improve visibility into the reason for declines. This is good news; you get more information to manage reattempts, improve interactions with your customers, and ultimately increase your conversions.

As part of this initiative, Mastercard and Visa have set limits on the usage of the Do Not Honor response by issuers. So it’s likely you’ve seen a greater variety of responses.

51 Insufficient funds

As the name suggests, 51 Insufficient Funds, comes back when a customer doesn’t have enough funds in their account to complete the purchase. This is the most common decline response and can be particularly painful for card-on-file (subscription) businesses who can’t prompt the customer to try an alternative payment method.

Of course, you can’t do much if your customer doesn’t have enough money in their account. But you can stack the odds in your favor by strategically timing your retry.

Pay-day highs: Optimize your billing

If you’re a subscription business, it’s tempting to use the day of initial payment as your reference point for future billing. The problem with that is your billing might occur just before payday when accounts are more likely to be running on empty. This moment in the month varies from country to country. While in the UK people are usually paid at the end of the month, in the US they’re usually paid bi-weekly. By analyzing transaction success rates across individual markets, you can make data-driven decisions about optimal billing times.

Evaluate your checkout experience

For non-subscription payments, it’s worth evaluating the message your customer gets when they receive an insufficient funds decline. If done badly, you might lose them for good; if done well, you might save the sale. Best practice is to focus on the solution, for example suggesting they try an alternative payment method.

Use partial authorizations

Another solution is to use partial authorizations. This is a functionality provided by Mastercard and Visa, which allows you to collect the available balance on your customer’s bank account and then steer them towards presenting an alternate payment method. This is commonly used with in-person-payments, electric vehicle charging, and automated fuel dispenser (AFD) payments. It can also be used for ecommerce or subscription payments to reduce the incidences of insufficient funds.

Leverage network response information (Mastercard)

Acquirers sometimes receive additional information from Mastercard to suggest when you should attempt to retry a 51 Insufficient Funds decline. Your PSP should pass this on to you as part of the Mastercard Merchant Advice Codes, so you can optimize your retry strategy.

Recent customer activity

You’re probably not the only business with which your customer’s interacting. They might have just made a large purchase on a high-risk website, or been on a huge shopping spree at 3am. In this case, it doesn’t matter how you format your approval request. The issuer may decide to decline your payment request as a byproduct of your customer’s activity elsewhere.

In most cases, a decline attributed to recent customer activity can simply be retried at a different time. It helps to be transparent to your customer; explain the reason the payment failed and suggest follow-up action. This, of course, will depend on the decline code: 

  • Exceeds Withdrawal Amount Limit: Linked to a cumulative spend limit on your customer’s card, it usually means they’ve exceeded their pre-agreed spend limit that day.

  • Exceeds Withdrawal Frequency Limit: Your customer has exceeded their transaction limit for the day.

In both cases, the best approach is to let them know the issue and recommend they contact their card issuer. Don’t attempt a retry on the same day.

Data errors

Sometimes transactions fail because of an issue with the data that’s sent to the issuer. For example, an address verification service (AVS) or card verification value (CVV) mismatch. Or the lack of 3DS2 authentication performed on a transaction in scope of PSD2. The key with these is to find the data point that’s triggering the decline and then retry the transaction with the correct information.

CVV failure

The CVV2 or CVC2 is the three digit code on your customer’s card. If the code doesn’t match the one the issuer has on file, the transaction will be declined. It can even occur with in-person payments if the terminal has issues reading the CVV code embedded into the chip. 

In many cases this is still returned as a 05 Do Not Honor but Visa uses a dedicated N7 Decline for CVV2 failure.

Keep a close eye on the codes in combination with the CVV results provided by your PSP.  If these indicate a CVV failure, prompt your customer to enter their card details again or re-initiate the payment at the terminal.


Address verification service (AVS) mismatch 

AVS compares the address data provided at checkout to the one on the card issuer’s database and is especially common in the UK and the US.

AVS mismatches usually have an accompanying AVS response code indicating if the issue was with the post or zip code, street address, or both.

In the event of an AVS mismatch decline, prompt the customer to re-enter their address details.


Authentication required (soft decline)

1A Authentication Required and 65 Authentication Required decline codes occur when a transaction is rejected due to the lack of authentication. This is referred to as a ‘soft decline’ and is usually returned by issuers that are bound to enforce strong customer authentication (SCA), for example in the EEA due to PSD2.

The retry strategy for a soft decline is to authenticate the customer and retry the transaction.

In the cases when your customer is not in-session (such as a subscription), you’ll need to bring your cardholder back to authenticate again. 

Tools such as Pay By Link, sent via email, are handy in these scenarios.


Expired and closed card accounts

This occurs when a card has expired or been canceled. These can be painful, especially if you process subscription payments and your customer isn’t in-session.

The way to recover these transactions is to retry with the customer’s up-to-date card details. Account Updater and network tokenization services can help reduce these types of declines by ensuring you always have the right card details on file in the first place.


Format errors

12 Invalid Transaction and 30 Format Error indicate there’s something wrong with the transaction data received by the issuer. 

Don’t retry this transaction. Instead, ask the customer to provide an alternative payment method.


Restrictions on card usage

57 Transaction Not Permitted and 62 Restricted Card decline codes occur when that specific card can’t be used. This can happen if the card is restricted by geography or channel (i.e. only in the US or in-person payments only). 

Inform the customer of the restriction and recommend they contact their bank to have it removed. Only when this has been done, should you retry the transaction.


Technical outages

Sometimes a payment fails because of a temporary outage in the system. In this case, a 96 System malfunction or 91 Issuer Unavailable or 05 Do Not Honor code might be issued.

In this instance, payments can be retried automatically. But this comes with a health warning: 

Repeatedly retrying failed transactions can lead to issues with the card networks. You may make incremental gains by retrying over long periods of time, but the success rate inevitably decreases. The best approach is to see what you can save while staying compliant with the card networks.

Suspected Fraud

All issuers will have fraud detection systems to identify suspicious activity and they naturally tend to err on the side of caution. Unfortunately, they also have no way of communicating to you why they refused the transaction beyond issuing a Suspected Fraud decline code.

In addition to declining the transaction, the issuer is also likely to put a (usually temporary) block on the card. In that case, the best approach is to ask the customer to contact their bank. These days, this can be as simple as clicking on a button in their banking app. We don’t recommend retrying until the bank has been contacted and the card unblocked.

Policy/Lifecycle declines

If you take a look at the decline response codes you’ve received over the last few years, you might see the numbers of 82 Policy, 79 Lifecycle, and 83 Fraud/Security now exceed 05 Do Not Honor. These codes are specific to Mastercard and can be explained by the Mastercard Merchant Advice Code (MAC), which should be shared by your PSP.

  • MAC = 01 is generally associated with a 83 Fraud/Security decline and means that new account information is available (i.e. because the card has expired or been canceled). Again, Account Updater or network tokens can help mitigate this before needing to contact the customer for a different card.

  • MAC = 02 is generally associated with a 82 Policy and indicates there’s issue is due to customer activity. Wait 72 hours before retrying to allow for counters/limits on the card to be resolved.

MAC = 03 is generally associated with a 79 Lifecycle decline and means the transaction can’t be retried. In this case, contact your customer and request an alternative payment method.

Combat Do Not Honor (and other card refusals) with Adyen

Processing payments for the likes of Uber and Spotify has taught us a lot about optimization. And, since all payments across all channels and regions are processed on the same platform, we have a wealth of data, which we feed into our machine learning algorithms. The result is a suite of smart tools, which work in the background to determine the best way to achieve an approval, while blocking fraud. Learn more about our payment optimization suite RevenueAccelerate or click below to get in touch.

Get in touch to learn more

We’d love the opportunity to explore how we can maximize your card approvals. Click here to get started.

Fresh insights, straight to your inbox

By submitting your information you confirm that you have read Adyen's Privacy Policy and agree to the use of your data in all Adyen communications.