Account Validation and Verification
Ensure payment to intended recipient.
- Look up key characteristics of the recipient card (e.g., country, card type, block status, etc.) and verify account (e.g., screen for lost, stolen or expired accounts).
- Require Card Verification Value (CVV2) and validate before proceeding
- Use $0 Account Verifications Requests to verify the account is open and in good standing.
|Response Code||Description||PAN Eligible for Retry||Best Practices|
|05 - Do Not Honor||Generic issuer response for a variety of conditions||Yes||• Report systemic issues/high percentage of declines for a BIN|
• Limit retries
|14 - Invalid Account Number||Invalid account number||No||• $0 Authorization|
• Mod-10 Check
• Account Verification
|41 - Pick up Card – Lost||Cardholder reported card lost||No||• Account Verification|
|43 - Pick up Card – Cardholder reported card stolen||Cardholder reported card stolen||No||• Account Verification|
|54 - Expired Card/No Expiry Date||Expired card or expiration date missing||No||• Account Verification|
|57 - Transaction Not Permitted– Restriction at BIN level to block specific transaction type||Restricted BIN||No||• Account Verification|
• Report systemic issues/high percentage of declines for a BIN
|61 - Over Activity Amount Limit||Exceeds velocity limits||Yes||• Avoid resubmitting transactions that may exceed issuer transaction and velocity thresholds that caused the initial decline|
|62 - Restricted Card||Restricted card||No||• Account Verification|
|65 - Over Activity Count Limit||Exceeds velocity limits||Yes||• Avoid resubmitting transactions that may exceed issuer transaction and velocity thresholds that caused the initial decline|
|91 - Issuer/Switch Inoperative||Issuer host system down for maintenance or connectivity to issuer is lost||Yes||• Retry when host or network connectivity is resolved|
Recipient card account holder address, card expiration date, and CVV2 are not required to be collected to initiate OCTs. Effective 1 April 2021, issuers must not decline OCTs solely due to the absence of expiration date or CVV2. If the expiration date is included, it must be accurate and not expired. From a risk management standpoint it is best practice to validate AVS and CVV2, and require that the cardholder provide an accurate expiration date.
What should I do?
Create Account API
- Please note that expiration date and CVV2 are both optional in the Create Account API. You can choose to add accounts with expiration date and CVV2.
Create Transaction API
- Please note that expiration date and CVV2 are both optional in the create transaction API.
- If you send an expiration date and/or CVV2 they will be passed downstream to the network.
- If you stored an account with us, and it contains expiration date, then the information will be passed down to the network in a domestic OCTs, but not in a cross border OCT.
- Please note that when the expiration date and CVV2 are provided, they must be accurate. You can use CardQuery AVS to check if the CVV2 is valid.
- For disbursements, if you are storing cards with Tabapay, we recommend that you enable Tabapay's account updater service. This will ensure that the CVV2 and expiration date stay up to date.
Updated about 2 months ago