Account Validation and Verification

Ensure payment to intended recipient.

📘

Authorization

  • Look up key characteristics of the recipient card (e.g., country, card type, block status, etc.) and verify account (e.g., screen for lost, stolen or expired accounts).
  • Require Card Verification Value (CVV2) and validate before proceeding
  • Use $0 Account Verifications Requests to verify the account is open and in good standing.
Response CodeDescriptionPAN Eligible for RetryBest Practices
05 - Do Not HonorGeneric issuer response for a variety of conditionsYes• Report systemic issues/high percentage of declines for a BIN
• Limit retries
14 - Invalid Account NumberInvalid account numberNo• $0 Authorization
• Mod-10 Check
• Account Verification
41 - Pick up Card – LostCardholder reported card lostNo• Account Verification
43 - Pick up Card – Cardholder reported card stolenCardholder reported card stolenNo• Account Verification
54 - Expired Card/No Expiry DateExpired card or expiration date missingNo• Account Verification
57 - Transaction Not Permitted– Restriction at BIN level to block specific transaction typeRestricted BINNo• Account Verification
• Report systemic issues/high percentage of declines for a BIN
61 - Over Activity Amount LimitExceeds velocity limitsYes• Avoid resubmitting transactions that may exceed issuer transaction and velocity thresholds that caused the initial decline
62 - Restricted CardRestricted cardNo• Account Verification
65 - Over Activity Count LimitExceeds velocity limitsYes• Avoid resubmitting transactions that may exceed issuer transaction and velocity thresholds that caused the initial decline
91 - Issuer/Switch InoperativeIssuer host system down for maintenance or connectivity to issuer is lostYes• Retry when host or network connectivity is resolved

👍

Best Practice

Recipient card account holder address, card expiration date, and CVV2 are not required to be collected to initiate OCTs. Effective 1 April 2021, issuers must not decline OCTs solely due to the absence of expiration date or CVV2. If the expiration date is included, it must be accurate and not expired. From a risk management standpoint it is best practice to validate AVS and CVV2, and require that the cardholder provide an accurate expiration date.

What should I do?

Create Account API

  1. Please note that expiration date and CVV2 are both optional in the Create Account API. You can choose to add accounts with expiration date and CVV2.

Create Transaction API

  1. Please note that expiration date and CVV2 are both optional in the create transaction API.
  2. If you send an expiration date and/or CVV2 they will be passed downstream to the network.
  3. If you stored an account with us, and it contains expiration date, then the information will be passed down to the network in a domestic OCTs, but not in a cross border OCT.
  4. Please note that when the expiration date and CVV2 are provided, they must be accurate. You can use CardQuery AVS to check if the CVV2 is valid.
  5. For disbursements, if you are storing cards with Tabapay, we recommend that you enable Tabapay's account updater service. This will ensure that the CVV2 and expiration date stay up to date.