Issuer Decline Response Codes -- Preparing for Network Changes to Effectively Retry and Improve Authorization Processes
Today, the world of declines is cloudyNo one likes declined card transactions -- not online merchants, not consumers, and certainly not issuing banks. There are situations where a decline is a good thing: a compromised card or a customer without available funds, but otherwise declines do not need to happen. To make matters worse, issuers often do not reveal the reason for the decline. When you look globally across geographies and networks, you will find close to 50% of decline responses are a nebulous "Do Not Honor" reason code. The situation is even worse in the U.S. where Do Not Honor declines can exceed 60% and some banks send more than 90% of their decline responses as Do Not Honor.
This creates a conundrum for the merchant and their gateway or Payment Service Provider (PSP): Should I retry? When and how? How can I improve the initial authorization? Should I offer an alternative payment method? Could this be fraud? The lack of clarity means lost sales for merchants, frustration for consumers, and lost volume for issuers then and into the future. A bad first experience may mean the consumer never returns to that merchant at all.
Visa, and other Networks, want to part the cloudsVisa has put forth what they believe will be a remedy to the cloudiness in decline response codes and Mastercard is following suit. These changes bring expectations for issuing banks and merchants alike. Let's use the proposed construct from Visa for consideration (you can read yourself here).
Declines from issuing banks now need to fall into one of four buckets:
1. Issuer will not approve -- Merchant cannot retry
2. Issuer cannot approve at this time -- Merchant can retry
3. Issuer cannot approve with these details -- Merchant can retry
4. Generic response codes -- Merchant can retry
The first thing an astute reader will notice is there is still a "generic" response code bucket. Do not despair, Visa has made it clear this should be a lightly used category. This new construct has been communicated for the past six months or more, but the rules enforcing them will not take effect until 2021, meaning your Do Not Honor problem likely will not go away entirely until later as Mastercard's changes likely will not be live until late 2021 or early 2022. For merchants and PSPs, one of the biggest things to note is there should be no retry attempts on the first bucket.
What we learned from our issuer partners is some changes are already in flight and you may start to see the ripples affecting your decline response code reporting if your PSP is providing you the right level of information. If you start to see shifts or trend changes in your decline response codes, make sure you are including a view by issuer and BIN (Bank Identification Number) as some of these changes are happening in waves across product types with the top U.S. issuers.
How to prepare for and take advantage of the coming clarityEach of the above categories have a proposed set of network decline response codes associated with them. There is no underlying requirement on the granularity or specificity of the decline reasons being used within these buckets. Decline responses in buckets two and three -- where merchants can arguably retry -- can still be broadly applied and, of course, there is still bucket four with the generic response codes that can be used by banks.
We do not yet know if the additional clarity will lead to more accurate retries and up-front improvements to processing thanks to better feedback data. The best course of action for a merchant right now is to study, plan, and test. We know there are going to be limitations on transaction retries in the new response code world that is coming, and it will be up to the merchant, the PSP, and the acquirers to make the changes necessary to excel in that new environment.
First, you must determine if your payments partner can support you in the new environment with a flexible retry strategy. Or, be sure your payments partner is giving you access to the raw network decline response codes to take action yourself, perhaps via API, versus reporting, for easier integration and more flexibility. If you use processor response codes, ensure they are granular enough across raw network response codes to allow you to be as effective in the new world. Generally, be sure your PSP has plans in place to accommodate these changes.
Second, as stated above, there is currently better data coming in from some issuers who have already made changes this year. By observing the differences in decline response codes between now and earlier this year, you can pinpoint which issuers are already providing clearer data to calibrate retry strategies and forecast the fully scaled lift in 2021. For instance, you can locate the newly illuminated Insufficient Funds (NSF) declines and think about retries on Fridays, or the 1st, 15th, and 30th. Or find Do Not Honor that are now coming through as Invalid Account and make sure you are using Account Updater services and Network Tokens.
Third, and finally, start planning for ways this data can make your future processing even more efficient to avoid declines entirely. The new enhanced visibility may expose a lot of NSF declines. If that is the case, consider elevating payment methods that perform better for NSF in your checkout flow. For example, payments like PayPal Wallet tend to help with NSF declines because many wallets have multiple funding sources available. If you find a lot of security or fraud declines, consider working with your PSP on a Trusted MID or some version of data sharing with issuers. A good payments partner should be able to guide and coach on these topics and help find the right solutions for your needs.
There are no related Events
There are no related Presentations
There are no related Surveys
There are no related Webinars
At SEON Technologies we have released new information on the collection countries that are most and least at risk of cyberattacks. We have also taken a close look at the most common types of cybercrime occurring in the US.
Dubbed the Global Cybercrime Report, the report explains how several countries are the safest in the world from fraud and other cybercrime. and why others are not. Our methodology for this research was based on how companies and public infrastructure are all being fairly well protected through both legislation and technology at their disposal.