Payment Decline Codes Explained: What They Mean and How to Fix Them
What Are Payment Decline Codes?
When a card payment is declined, the issuing bank returns a two-digit response code that tells the payment processor — and ultimately the merchant — why the transaction was rejected. These codes follow standards set by card networks (Visa, Mastercard, Amex) and are consistent across most payment processors, though the exact descriptions vary slightly by acquirer.
Understanding decline codes matters for two reasons: they help you identify whether a decline is recoverable (retry logic) or hard (do not retry), and they surface patterns in your authorization data that point to systematic issues you can fix.
The Two Types of Declines
Before diving into specific codes, the most important distinction is between hard declines and soft declines.
Hard declines mean the transaction cannot be retried with the same card. The card is stolen, blocked, or invalid. Retrying will only generate more declines and risk flagging your merchant account for unusual activity.
Soft declines are temporary. Insufficient funds, a bank system timeout, velocity limits — these may succeed if retried at a different time, through a different processor, or with updated card credentials.
The Most Common Payment Decline Codes
Code 05 — Do Not Honor
The most common decline code. The issuing bank has declined the transaction without specifying a reason. This is a catch-all soft decline — the bank’s fraud model has flagged something about the transaction, but they won’t say what.
What it means in practice: This often fires when the transaction looks unusual relative to the cardholder’s history — wrong geography, unusual amount, new merchant category. It is not necessarily fraud.
What to do: Retry once with updated billing address data if available. Consider routing to a different acquirer. Implement network tokenization — transactions with network tokens have lower Do Not Honor rates because banks trust them more.
Code 14 — Invalid Card Number
The card number fails the Luhn check or does not match any record at the issuer. Usually a typo at checkout or an expired card that has been re-issued with a new number.
What to do: Prompt the customer to re-enter card details. If this code appears at high rates in your data, check your checkout form validation — a broken card number field can silently corrupt input.
Code 51 — Insufficient Funds / Exceeds Credit Limit
The cardholder’s account does not have sufficient funds or the transaction would exceed their credit limit. A soft decline.
What to do: Do not retry immediately — the funds situation has not changed. For subscription merchants, retry on a schedule (typically 3, 5, or 7 days later). Offer the customer alternative payment methods at the point of failure.
Code 54 — Expired Card
The card’s expiry date has passed. One of the most preventable declines.
What to do: Implement Account Updater or Real-Time Account Updates (RTAU) via Visa/Mastercard. These services automatically push new card credentials to merchants when a card is re-issued. For subscription businesses, this alone can recover 1–2% of revenue. Network tokenization provides the same benefit — tokens automatically update when the underlying card changes.
Code 41 — Lost Card / Code 43 — Stolen Card
Hard declines. The cardholder has reported the card lost or stolen. Do not retry.
What to do: Cancel any pending orders associated with this payment. Flag the customer account for review if there are other recent transactions. Do not attempt any further charges.
Code 61 — Exceeds Withdrawal Limit
The transaction exceeds a velocity or daily limit set by the issuing bank. Soft decline.
What to do: Retry later in the billing cycle. For large transactions, consider offering installment payment options (BNPL) as an alternative.
Code 65 — Exceeds Withdrawal Frequency
Too many transactions in a given time window. The issuer has hit a velocity threshold. Soft decline.
What to do: Common in subscription and autoship models where multiple retries are attempted in rapid succession. Space out retries — a 24-hour gap between attempts is the minimum. Batch retries can actually compound this problem.
Code 91 — Issuer Unavailable
The issuing bank’s system was offline or unreachable at the time of the transaction. A soft decline caused by technical failure on the bank’s side.
What to do: Retry after a short interval (30–60 minutes). Route through a different acquirer — some processors have direct connections to major issuers that provide better availability. This is where payment orchestration with failover adds real value.
Code 96 — System Malfunction
A generic technical error. Could be the acquiring bank, the card network, or the issuing bank. Almost always a soft decline.
What to do: Retry once. If it persists, route through a backup processor.
Code R0 / R1 / R3 — Recurring Payment Stop
The cardholder has instructed their bank to stop recurring charges from this merchant. This is common in subscription businesses.
What to do: Stop retrying immediately. Send the customer a communication about their subscription status. Do not interpret this as a temporary failure — it is an explicit instruction from the cardholder’s bank.
Decline Codes by Recovery Strategy
Retry immediately (different processor): 91, 96
Retry later (same processor): 51, 61, 65
Retry with updated credentials: 14, 54 — use Account Updater or network tokenization
Do not retry: 41, 43, R0, R1, R3
Retry once with additional data: 05 — consider adding 3DS authentication or routing to an acquirer with a strong relationship to that issuer
How to Use Decline Codes to Improve Authorization Rates
Decline code analysis is one of the most underutilized levers in payments product management. Most teams track overall authorization rate, but few drill into the composition of their decline mix.
If code 54 (expired card) represents a disproportionate share of your declines, you have a card updater gap. If code 05 (Do Not Honor) is elevated, your transaction signals may be triggering bank fraud models — transaction labeling improvements or network tokenization can help. If code 65 (velocity) is high, your retry logic is too aggressive.
Build a dashboard that tracks decline codes as a percentage of total attempted transactions, and monitor trends weekly. A shift in the mix often signals a change upstream — a processor configuration change, a new card type in your customer base, or a fraud model update at a major issuer.
Frequently Asked Questions
What is the most common payment decline code? Code 05 (Do Not Honor) is the most common. It is a soft decline from the issuing bank that does not specify the reason for refusal.
What is the difference between a hard and soft decline? A hard decline (e.g. stolen card) cannot be retried — the card is blocked. A soft decline (e.g. insufficient funds, technical timeout) may succeed if retried at the right time or through a different processor.
Can network tokenization reduce declines? Yes. Network tokens are tied to the card account rather than the physical card number, so they automatically update when a card is re-issued. This eliminates most code 54 (expired card) declines and reduces code 05 (Do Not Honor) rates because issuers trust tokenized transactions more.