Transaction Integrity - Network Fees

To avoid negative impacts to cardholders and the processing systems caused by erroneous authorizations that are not authorized, reversed or cleared according to their requirements, card networks Visa and MasterCard run integrity programs to promote good behavior.

You may be familiar with Visa's Processing Integrity Fee program and MasterCard's Transaction Processing Excellence. In a concerted effort to promote and maintain these good authorization practices prescribed by the networks, TabaPay insists all integrating clients are aware of these integrity programs, adhere to them, and understand the implications with avoidance of these programs.

❗️

Applies to PULL transactions only

The network fee only applies to PULL transactions. They do not apply for PUSH transactions.

When Visa and MasterCard impose Processing integrity fees when processing integrity requirements are not met, TabaPay will pass these fees to integrating clients.

👍

Think before you Create Transaction API for "Pull"

In order to avoid network fees on transactions for integrity reasons, here are some tips:

  • Keep bad actors out
  • Have checks in place to prevent re-use of PANs when they are used by "suspicious" accountholders
  • Do not re-try transactions that have been errored out by the network esp those involving lost or stolen cards

Visa Excessive Retry Fees

Visa excessive retry fees applies to:

  • any reattempted transaction after receiving a Category 1 decline response.
  • The 16th consecutive and subsequent reattempted transactions after receiving a Category 2 – 4 decline response within a 30-day period.
  • Transactions where the merchant and the card issuer or cardholder are located within the U.S.

Category

Network Response Codes

Conditions

Category 1 - Issuer Will Never Re-approve Attempts

Category 1 decline response codes indicate the card is blocked for use or never existed and means there is no circumstance in which the Issuer will grant an approval. TabaPay clients must not reattempt a transaction declined with a Category 1 decline response code; any reattempt to authorize will be assessed a fee.

Response codes that indicate the account never existed or is permanently blocked including lost or stolen account numbers. This category also includes decline codes that indicate the transaction is not permitted due to permanent product/regulatory restrictions or transaction error.

Decline Response Codes:
04 (Pickup card)
07 (Pickup card, special conditions)
12 (Invalid transaction)
14 (Invalid account number)
15 (No such issuer)
41 (Pickup card, lost card)
43 (Pickup card, stolen card)
46 (Closed account)
57 (Transaction not permitted to cardholder)
R0 (Stop payment order)
R1 (Revocation of authorization order)
R3 (Revocation of all authorizations).

Re-attempt not allowed

Category 2 - Excessive Decline Re-attempts

The Visa Rules allow no more than 15 reattempts in a 30-day period. When a TabaPay client resubmits an authorization following an initial decline in excess of this limit, a fee will be assessed to the 16th and each subsequent reattempt.

Response codes that indicate the Issuer cannot approve due to temporary decline condition such as insufficient funds, Issuer velocity controls or other temporary account restrictions. These temporary decline decisions made by Issuers that may change over time and the Issuer may approve a future authorization attempt. In some cases, cardholder action is required to remove the restriction before an approval can be obtained.

Decline Response Codes:
03 (Invalid merchant)
19 (Re-enter transaction)
51 (Insufficient funds)
59 (Suspected fraud)
61 (Exceeds withdrawal amount limits)
62 (Restricted card)
65 (Exceeds withdrawal frequency)
75 (Allowable number of PIN-entry tries exceeded)
86 (Cannot verify PIN)
91 (Issuer or switch is inoperative)
93 (Transaction cannot be completed, violation of law)
96 (System malfunction)
N3 (Cash service not available)
N4 (Cash request exceeds issuer limit).

Re-attempt permitted up to 15 times in 30 days

Category 3 - Data Quality

TabaPay clients must implement controls to ensure good data quality in authorization requests. When a data quality response code is received, they should revalidate data prior to reattempting the authorization. Pre-validation of payment information, and merchant velocity controls can help to protect against account testing (also known as brute force / enumeration attacks) where fraudsters attempt to determine a valid card, expiration date and CVV2 data.

Response codes that indicate data quality issues where invalid payment or authentication data has been provided and the Issuer may approve if valid information is provided. High occurrences of response codes in these categories may indicate insufficient Merchant risk protection controls such as velocity checks and pre-validation of basic account information (e.g. Mod-10 or expiry date).

Decline Response Codes:
54 (Expired card)
55 (Incorrect PIN)
82 (Negative online CAM, dCVV, iCVV, or CVV results)
N7 (Decline for CVV2 failure).

Re-attempt permitted up to 15 times in 30 days

Category 4 - Generic Response Codes

A majority of decline conditions have descriptive response codes in Category 1, 2 & 3 to indicate the decline reason. However, there may be circumstances where there is not response code value for a specific decline condition. Category 4 includes all other decline response codes, many of which provide little to no value to TabaPay clients as part of their reattempt strategy.

This category includes all other decline response codes, many of which provide little to no value to Acquirers or Merchants in determining their reattempt strategy. Issuer usage should remain minimal.

Decline Response Codes:
Any decline response code not listed in Category 1 – 3.

Re-attempt permitted up to 15 times in 30 days

MasterCard Transaction Processing Excellence

Integrity Fee

Details

Pre Authorization

When pre-authorizations are not fully reversed or cleared within 30 calendar days
of the authorization date.

Undefined Authorization

When undefined authorizations that are not fully reversed or cleared within 7 calendar days of the authorization date

Final Authorization

When final authorizations are not fully reversed or cleared within 7 calendar days of the authorization date or when the final authorization amount does not equal the clearing amount or when the final authorization currency code does not match the clearing currency code

Excessive Authorizations

When authorization attempts after 20 previous issuer declined attempts are made on the same account number within a 24-hour period.

Nominal Authorizations

For approved nominal amount authorization with a subsequent reversal for transactions under 1 full unit of currency or the equivalent of USD 1, for card-not-present transactions (CNP)

Merchant Advice Codes

When Card-Not-Present (CNP) authorization which is ultimately declined with a merchant advice code (MAC) value of 03 (closed account or fraudulent) or 21 (cardholder cancelled agreement), where in the past 30 days a transaction on the same card, at the same merchant, and with the same transaction amount, was declined with MAC code value of 03 or 21

Detail Reporting

For any authorization that generates a transaction processing excellence fee for pre-authorizations, final authorizations, undefined authorizations, excessive authorizations, nominal authorizations, or merchant advice code.

📘

Best Practices | How to avoid these fees?

  • Avoid repeated authorizations when you encounter a failure. Retrying multiple angles through which the transaction can go through may result in integrity fees.
  • Widen fraud mitigation programs Fraudsters are notorious for triggering repeated transactions when they are in possession of a lost or stolen card. TabaPay strongly recommends implementing our fraud programs: (1) AVS/CVV2 Check (2) EMV 3DS (3) Duplicate Card Check (4) Anti-money Laundering controls
  • Implement front-end mitigation programs especially those that are programmatic in nature and ensure repeat authorizations regardless of failure. Anti-spam programs like CAPTCHA on your user experience flows can help avoid a robotic attack, for instance.
  • Understand your customers; guide them through their user experience as they interact with your application. Avoiding clicking on Submit button for instance could stop triggering an additional transaction.
  • Get consumer consent: For consumer transactions, it is important to get consumer consent before placing a transaction request.
  • Send notifications: Try notifying the verified customer phone number or email on your file prior to initiating transactions.

Did this page help you?