Knowledge Hub
Risk 8 min read

Card Decline Codes Explained: Why Payments Fail and How to Fix Them

Every declined payment is a missed sale — and most merchants accept a higher decline rate than they need to. Understanding what decline codes actually mean, which ones are recoverable, and how to influence your authorisation rate is one of the most practical things a merchant can do.

David Sampson · Founder, IceTree

Payment consultant specialising in PSP matching, card acquiring, and high-risk merchant solutions ·

How Card Authorisation Works

A card authorisation is a request your payment gateway sends to the cardholder's issuing bank — the bank that issued the card — asking whether it will approve the transaction. The issuing bank responds with an authorisation code (approved) or a decline code (refused). The entire exchange completes in under two seconds.

The response contains a two-digit numeric code. If the code is "00," the transaction is approved. Any other code is a decline — and the specific code tells you, your acquirer, and your PSP exactly why the issuer refused.

Soft Declines vs Hard Declines

Every decline code is either a soft decline or a hard decline. The distinction determines whether a retry has any chance of succeeding.

  • Soft declines are temporary. The issuer is declining this specific transaction in this moment — not the card permanently. Soft declines include insufficient funds (51), issuer temporarily unavailable (91), and the generic Do Not Honour (05). These can often be resolved by the customer using a different payment method, waiting, or topping up their balance.
  • Hard declines are permanent. The card is blocked, expired, lost, stolen, or the card number is invalid. Retrying a hard-declined card will not succeed — and generates scheme penalty fees under Visa and Mastercard retry rules. When a hard decline is returned, ask the customer for a different payment method immediately.

The Most Common Decline Codes

The codes below account for the vast majority of declines most merchants encounter. Your PSP dashboard will typically translate these into readable labels, but knowing the underlying codes helps when escalating issues with your acquirer.

CodeMeaningTypeAction
05Do Not HonourSoftGeneric issuer refusal — the most common decline code. Retry once; repeated 05s on the same card suggest a permanent block for this merchant.
14Invalid Card NumberHardCard number does not correspond to any account. Likely a data-entry error. Do not retry.
41Lost CardHardCard reported lost by the cardholder. The issuer will not approve regardless of retry. Do not retry.
43Stolen CardHardCard reported stolen. May trigger a hold. Do not retry.
51Insufficient FundsSoftNot enough balance. Ask the customer to use a different payment method or add funds.
54Expired CardHardCard is past its expiry date. Prompt the customer to update their card. Do not retry.
57Transaction Not PermittedHardCard is not enabled for this transaction type (e.g. online payments blocked by the issuer). Do not retry.
61Exceeds Withdrawal LimitSoftCustomer has hit their daily spending limit. Retry after 24 hours or ask for a different payment method.
65Exceeds Frequency LimitSoftToo many transactions in the rolling window. Retry after the limit resets.
91Issuer UnavailableSoftIssuer's systems are temporarily offline. Retry after a few minutes — usually resolves itself.
96System ErrorSoftTechnical error on the network. Retry immediately — typically transient.

The 05 problem

Do Not Honour (code 05) is the most common decline code for most merchants — and also the least informative. Issuers use it as a catch-all when they decline for reasons they won't disclose. A merchant seeing a sustained spike in 05 declines should segment by issuing country and card type. A single large issuer changing their fraud scoring can affect thousands of transactions without showing any other signal.

Retry Rules: What You Can and Cannot Do

Visa and Mastercard publish explicit retry rules governing when a declined transaction may be resubmitted. Violating these rules generates per-transaction penalty fees charged to your acquirer — which are passed through to you.

  • Hard declines: never retry. Codes 41, 43, 54, and 57 indicate permanent refusals. Attempting to retry these generates a "decline reason 7" penalty under Visa's scheme rules. Do not retry under any circumstances.
  • Soft declines: up to 15 retries in 30 days. Visa allows a maximum of 15 retry attempts per transaction in a 30-day period. Mastercard has equivalent limits. After 15 attempts you must stop until the following calendar month.
  • Wait between retries. Rapid-fire retries on the same card are flagged as potential abuse. For subscription billing, a retry cadence of 1, 3, and 7 days after initial failure is the standard smart-retry pattern.

For subscription merchants, your payment platform should manage retry logic automatically. Platforms like Stripe, Chargebee, and Recurly implement scheme-compliant smart retry schedules — confirm with your provider that retry logic is enabled and correctly configured.

How to Improve Your Authorisation Rate

For most merchants, there is recoverable authorisation rate buried in their decline data. The highest-impact changes:

  • Improve 3DS2 data quality. The more context your gateway sends during authentication — device fingerprint, shipping address, browser data — the more likely the issuer's fraud model approves frictionlessly. Missing fields increase the likelihood of a Do Not Honour response.
  • Verify your MCC. Your Merchant Category Code tells the issuer what type of business you are. An incorrect MCC can trip fraud filters for certain card types. Confirm with your acquirer that your MCC accurately reflects your primary business activity.
  • Fix your billing descriptor. Unfamiliar billing descriptors generate "I don't recognise this charge" disputes, which eventually degrade your issuer trust score. Your descriptor should match your trading name, ideally with a URL or phone number appended.
  • Segment declines by issuing country and card type. Non-EEA cards (US, Australian, Canadian) have different risk profiles and may decline more frequently with UK acquirers who lack strong relationships with those issuing banks. A second acquirer or a global PSP may perform better for those card corridors.
  • Consider multi-acquirer routing. For high-volume merchants, routing specific card types to acquirers with stronger relationships in those networks can lift authorisation rates by 1–3 percentage points — a material improvement at scale.

Benchmarking your rate

UK e-commerce merchants with primarily UK consumer card volume should target above 95% authorisation rate. Rates below 90% consistently indicate a solvable problem. Ask your PSP for a decline breakdown by response code and issuing country — this breakdown will tell you immediately whether the issue is specific to a card type, geography, or your own integration.

FAQ

Common questions answered.

A soft decline is a temporary refusal — the issuer is saying 'not right now' rather than 'never.' Common soft declines include code 91 (issuer unavailable) and 51 (insufficient funds). A hard decline is a permanent refusal — the card is blocked, lost, stolen, expired, or invalid. Retrying a hard-declined transaction is pointless and can trigger fraud flags or scheme penalty fees. The rule: soft declines can be retried with the same card; hard declines require a different payment method.

Do Not Honour is the issuing bank's catch-all decline code. It doesn't reveal a specific reason — the bank is simply refusing without explanation. It accounts for a large share of all declines. Common underlying causes include: the card's fraud model flagged the transaction as unusual, the bank had a momentary system issue, or the customer exceeded a soft threshold. It is technically a soft decline and can be retried once. Repeated 05s on the same card from the same merchant suggest the issuer has applied a more permanent block.

For subscription and recurring payments, yes — but only under specific rules. Visa's retry guidelines prohibit retrying a hard-declined transaction at all, and limit soft-decline retries to a maximum of 15 attempts in 30 days. Mastercard has equivalent rules. Unauthorised retries generate per-transaction penalty fees and can result in acquirer fines. Your payment provider should handle retry logic automatically for MIT (merchant-initiated) transactions — check that they do and that the retry schedule follows scheme guidelines.

For UK e-commerce accepting predominantly UK-issued consumer cards, an authorisation rate above 95% is achievable. Rates below 90% typically indicate a solvable problem — poor 3DS2 data quality, incorrect MCC classification, or an acquirer with weak issuer relationships. High-risk verticals (gaming, crypto, adult content) have lower baseline rates due to issuer-level category blocks. If your rate drops without a change in customer base or transaction profile, investigate immediately — it is often an early signal of fraud pattern detection by a major issuer.

Your PSP dashboard will show the authorisation response code returned by the issuing bank. Most modern dashboards translate these into readable labels. For soft declines the code is usually actionable — a 91 means retry later, a 51 means the customer needs funds. For a 05 without further context, ask your acquirer for the full authorisation response detail. Some acquirers have access to additional sub-codes from the issuer that narrow down the cause further.

Higher-than-expected decline rate?

Decline codes tell you what went wrong — but improving your authorisation rate requires understanding why. Our payment stack review identifies whether your 3DS2 configuration, acquirer relationship, or retry logic is costing you revenue.

Payment Stack HealthcheckSpeak to a Consultant

We use cookies to analyse site performance and measure the effectiveness of our outreach. Privacy policy