If you do not already have an account with Merchant Warrior, first you will need to sign up for our services.
Once your account has been set up, navigate to Barracks and select Settings from the lefthand navigation menu. Near the top of this page there's a section labelled "Direct API" under "Merchant Settings". This contains three key pieces of information you will need to utilize Merchant Warrior services.
- Your Merchant UUID and API Key. These are two identifiers we use to check that a request is coming from you, and are included as parameters in most API requests.
- Your API Passphrase. This is the final primary aspect of identity verification and must be kept hidden from the public. If you believe your passphrase may have been compromised, we recommend that you change it as soon as possible.
API requests are submitted to Merchant Warrior API services using POST, and must be performed over HTTPS. These POST requests will be directed at https://api.merchantwarrior.com/[endpoint]/, where [endpoint] is detailed in the introduction to each API section. Requests made as part of sandbox testing, https://base.merchantwarrior.com/[endpoint]/ is used instead.
If you would prefer to submit JSON requests and receive JSON responses you will need to submit two additional headers with your requests:
- MW-API-VERSION: 2.0
- Content-Type: application/json
Verification hashes are used to prove to MW that the request(s) being sent have been generated by you, and not a malicious third party who may have discovered your merchantUUID and apiKey. Even if a malicious third party was to discover the request data you have sent, they would not be able to create requests without knowing your API Passphrase. Your API Passphrase can be modified in the MW administration interface.
Hash Generator
To generate a transaction type hash, concatenate the following fields:
md5(apiPassphrase) + merchantUUID + transactionAmount + transactionCurrency
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(apiPassphrase)123456789abcd10.00AUD
Step 2 (convert to lower):
md5(apiPassphrase)123456789abcd10.00aud
Step 3 (md5):
d941117d8774b12e218650542af6af56
To generate a recurring type hash, You should consider it for different types:
1, Add Recurring With a Plan
md5(apiPassphrase) + merchantUUID + recurringPlanUUID
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(passphrase)123456789abcdABCD**
Step 2 (convert to lower):
md5(passphrase)123456789abcdabcd**
Step 3 (md5):
d941117d8774b12e218650542af6af56
2, Add Recurring Without a Plan
md5(apiPassphrase) + merchantUUID + paymentAmount + paymentCurrency
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(passphrase)123456789abcd10.00 AUD
Step 2 (convert to lower):
md5(passphrase)123456789abcd10.00 aud
Step 3 (md5):
d941117d8774b12e218650542af6af56
3, Add Recurring Plan
md5(apiPassphrase) + merchantUUID + paymentAmount + paymentCurrency
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(passphrase)123456789abcd10.00 AUD
Step 2 (convert to lower):
md5(passphrase)123456789abcd10.00 aud
Step 3 (md5):
d941117d8774b12e218650542af6af56
4, Other Recurring Methods
md5(apiPassphrase) + merchantUUID + recurringUUID
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(passphrase)123456789abcd451232ABCD**
Step 2 (convert to lower):
md5(passphrase)123456789abcd451232abcd**
Step 3 (md5):
d941117d8774b12e218650542af6af56
5, Other Recurring Plan Methods
md5(apiPassphrase) + merchantUUID + recurringPlanUUID
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(passphrase)123456789abcd451232ABCDPLAN**
Step 2 (convert to lower):
md5(passphrase)123456789abcd451232abcdplan**
Step 3 (md5):
d941117d8774b12e218650542af6af56
To generate a void type hash, concatenate the following fields:
md5(apiPassphrase) + merchantUUID + transactionID
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(apiPassphrase)123456789abcd10.00 AUD
Step 2 (convert to lower):
md5(apiPassphrase)123456789abcd10.00 aud
Step 3 (md5):
d941117d8774b12e218650542af6af56
To generate a query type hash, concatenate the following fields:
md5(apiPassphrase) + merchantUUID + transactionID OR transactionReferenceID
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(apiPassphrase)123456789abcd1336-20be3569-b600-11e6-b9c3-005056e109e0
Step 2 (convert to lower):
md5(apiPassphrase)123456789abcd1336-20be3569-b600-11e6-b9c3-005056e109e0
Step 3 (md5):
d941117d8774b12e218650542af6af56
To generate the custom fields hash, concatenate, convert to lowercase & md5 the following fields:
md5(apiPassphrase) + custom1 + custom2 + custom3
Step 1 (concatenate):
md5(apiPassphrase)Custom 1Custom 2 Custom 3
Step 2 (convert to lower):
md5(apiPassphrase)custom 1custom 2 custom 3
Step 3 (md5):
d941117d8774b12e218650542af6af56
Be sure to decode the custom fields first - e.g. "Custom+Field+1" becomes "Custom Field 1".
To generate a ddNotify file hash, concatenate the following fields:
md5(apiPassphrase) + md5_file(zipFile)
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(apiPassphrase)md5_file(testFile.zip)
Step 2 (convert to lower):
md5(apiPassphrase)md5_file(testfile.zip)
Step 3 (md5):
d941117d8774b12e218650542af6af56
To generate a batch file hash, simply generate the md5 checksum of the batch file:
md5(batchFile)
As an example the md5 checksum of Batch.zip (containing your .csv) may be d41d8cd98f00b204e9800998ecf8427e
To generate a batch URL hash, concatenate the following fields:
md5(apiPassphrase) + merchantUUID + batchNotifyURL
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(apiPassphrase)123456789abcdhttps://www.mydomain.com/sample/notify.php
Step 2 (convert to lower):
md5(apiPassphrase)123456789abcdhttps://www.mydomain.com/sample/notify.php
Step 3 (md5):
d941117d8774b12e218650542af6af56
To generate a batch Response hash, concatenate the following fields:
md5(apiPassphrase) + merchantUUID + batchUUID
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(apiPassphrase)123456789abcd1336583d3a953ce2d
Step 2 (convert to lower):
md5(apiPassphrase)123456789abcd1336583d3a953ce2d
Step 3 (md5):
d941117d8774b12e218650542af6af56
To generate a Web URL hash, concatenate the following fields:
md5(apiPassphrase) + merchantUUID + returnURL + notifyURL
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(apiPassphrase)123456789abcdhttps://www.mydomain.com/return.phphttps://www.mydomain.com/notify.php
Step 2 (convert to lower):
md5(apiPassphrase)123456789abcdhttps://www.mydomain.com/return.phphttps://www.mydomain.com/notify.php
Step 3 (md5):
d941117d8774b12e218650542af6af56
Transactions
To generate a verification hash used for the 302 Redirect and POST notification, concatenate the following fields:
md5(apiPassphrase) + hashSalt + merchantUUID + status + transactionID OR cardID
The status and transactionID (or cardID) fields are both contained in the Redirect URL. Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(apiPassphrase)3x4mpl3s4lt123456789abcdApproved1336-20be3569-b600-11e6-b9c3-005056b209e0
Step 2 (convert to lower):
md5(apiPassphrase)3x4mpl3s4lt123456789abcdapproved1336-20be3569-b600-11e6-b9c3-005056b209e0
Step 3 (md5):
d941117d8774b12e218650542af6af56
Direct Debit Authorizatoins
To generate a verification hash used for the 302 Redirect and POST notification, concatenate the following fields:
md5(apiPassphrase) + merchantUUID + hashSalt + fingerprint
Step 1 (concatenate):
md5(apiPassphrase)123456789abcd3x4mpl3s4lt f0ab06f8d69d3dafa06a5abd45460ace
Step 2 (convert to lower):
md5(apiPassphrase)123456789abcd3x4mpl3s4lt f0ab06f8d69d3dafa06a5abd45460ace
Step 3 (md5):
d941117d8774b12e218650542af6af56
To generate a BIN hash, concatenate the following fields:
md5(apiPassphrase) + merchantUUID + bin
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(apiPassphrase)123456789abcd512346
Step 2 (convert to lower):
md5(apiPassphrase)123456789abcd512346
Step 3 (md5):
d941117d8774b12e218650542af6af56
To generate a Settlement hash, concatenate the following fields:
md5(apiPassphrase) + merchantUUID + settlementFrom + settlementTo
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(apiPassphrase)123456789abcd2017-05-01 2017-05-02
Step 2 (convert to lower):
md5(apiPassphrase)123456789abcd2017-05-01 2017-05-02
Step 3 (md5):
d941117d8774b12e218650542af6af56
To generate a PAY Link response hash, concatenate the following fields:
md5(apiPassphrase) + merchantUUID + status + transactionID
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(apiPassphrase)123456789abcdApproved 1336-20be3569-b600-11e6-b9c3-005056b209e0
Step 2 (convert to lower):
md5(apiPassphrase)123456789abcdapproved 1336-20be3569-b600-11e6-b9c3-005056b209e0
Step 3 (md5):
d941117d8774b12e218650542af6af56
To generate a partner type hash, concatenate the following fields:
md5(apiPassphrase) + partnerUUID + merchantCompanyLegalName + merchantCompanyRegNumber
Once concatenated, convert everything to lowercase, and then md5 the string:
Step 1 (concatenate):
md5(apiPassphrase)123456789abcdTest.com ABC123456
Step 2 (convert to lower):
md5(apiPassphrase)123456789abcdtest.com abc123456
Step 3 (md5):
d941117d8774b12e218650542af6af56
To generate a MW-MESSAGEHASH, Assuming the original request form is as follows:
array ('method' => 'verifyCard','merchantUUID' => '4f9d2b4321cd5','apiKey' => 'sxtsmdbi','transactionCurrency' => 'AUD','transactionProduct' => 'Test Product','paymentCardNumber' => '2223000000000007','paymentCardExpiry' => '0139','paymentCardName' => 'Bob Jones','custom1' => '565ixijray','custom2' => 'vb3smz3aja','custom3' => '54t8ggw56j','transactionReferenceID' => 'pqqwmu3yfw','customerState'=>'');
To generate a MW-MESSAGEHASH, make sure you have removed all the empty fields in your request
array ('method' => 'verifyCard','merchantUUID' => '4f9d2b4321cd5','apiKey' => 'sxtsmdbi','transactionCurrency' => 'AUD','transactionProduct' => 'Test Product','paymentCardNumber' => '2223000000000007','paymentCardExpiry' => '0139','paymentCardName' => 'Bob Jones','custom1' => '565ixijray','custom2' => 'vb3smz3aja','custom3' => '54t8ggw56j','transactionReferenceID' => 'pqqwmu3yfw');
Step 1 Sort the request array in alphabetical order:
array ('apiKey' => 'sxtsmdbi','custom1' => '565ixijray','custom2' => 'vb3smz3aja','custom3' => '54t8ggw56j','merchantUUID' => '4f9d2b4321cd5','method' => 'verifyCard','paymentCardExpiry' => '0139','paymentCardName' => 'Bob Jones','paymentCardNumber' => '2223000000000007','transactionCurrency' => 'AUD','transactionProduct' => 'Test Product','transactionReferenceID' => 'pqqwmu3yfw');
Step 2 Build the http query strings (Do not URL encode the query string):
apiKey=sxtsmdbi&custom1=565ixijray&custom2=vb3smz3aja&custom3=54t8ggw56j&merchantUUID=4f9d2b4321cd5&method=verifyCard&paymentCardExpiry=0139&paymentCardName=Bob Jones&paymentCardNumber=2223000000000007&transactionCurrency=AUD&transactionProduct=Test Product&transactionReferenceID=pqqwmu3yfw
Step 3 hmac("sha256",the whole string,passphrase) and convert to lower case:
9ae6750528916c7a6acc249b605f5a54a2c03afd63e436a1d2818440d56540fc
To generate a MW-MESSAGEHASH, simply calculate hmac("sha256", the entire json body (unaltered), passphrase) and convert to lower case:
9ae6750528916c7a6acc249b605f5a54a2c03afd63e436a1d2818440d56540fc
Note: The JSON body used in the hash must be exactly the same as you submit to the API endpoint. For example, all spaces, line breaks and brackets must be preserved.
To generate a MW-MESSAGEHASH for GET requests, simply calculate hmac("sha256", URL path (excluding domain), passphrase) and convert to lower case:
Step1: hmac("sha256", "/payout/f1de2e42-4340-439f-87ae-76758b04ff0e/status", passphrase)
9ae6750528916c7a6acc249b605f5a54a2c03afd63e436a1d2818440d56540fc
This is used to verify the file came from Merchant Warrior.
sha256(sha256(passphrase) + uuid + signature)
901227365aef1e2a3b57c712ab017555706037a10bd47360bfc331be3c3c9d33
Assuming the original request is as follows:
array( 'method' => 'addBlacklistedCard', 'merchantUUID' => '4a6709137ff78', 'apiKey' => 'mtd7ge7s', 'cardName' => 'Bob Jones', 'cardNumber' => '5123456789012346', 'cardExpiryYear' => '21', 'cardExpiryMonth' => '05', 'otherParameter' => '', );
To generate a secure hash, make sure you have removed all the empty fields in your request and the secureHash itself:
array( 'method' => 'addBlacklistedCard', 'merchantUUID' => '4a6709137ff78', 'apiKey' => 'mtd7ge7s', 'cardName' => 'Bob Jones', 'cardNumber' => '5123456789012346', 'cardExpiryYear' => '21', 'cardExpiryMonth' => '05', );
Step 1 Sort the request array in alphabetical order:
array(
'apiKey' => 'mtd7ge7s',
'cardExpiryMonth' => '05',
'cardExpiryYear' => '21',
'cardName' => 'Bob Jones',
'cardNumber' => '5123456789012346',
'merchantUUID' => '4a6709137ff78',
'method' => 'addBlacklistedCard',
);
Step 2 Build the http query strings (Do not URL encode the query string):
apiKey=mtd7gedt&cardExpiryMonth=05&cardExpiryYear=21&cardName=Bob Jones&cardNumber=5123456789012346&merchantUUID=4a6709137ff78&method=addBlacklistedCard
Step 3 Concatenate the SHA256 value of your API passphrase to the end of the query string:
apiKey=mtd7gedt&cardExpiryMonth=05&cardExpiryYear=21&cardName=Bob Jones&cardNumber=5123456789012346&merchantUUID=4a6709137ff78&method=addBlacklistedCard&apiPassphrase=SHA256(apiPassphrase)
Step 4 (SHA256 the whole string):
93f756204a8b185630f13eebc9c3fc538831a2e788c91d50c9a3240509fee34d
Responses will be received in XML or JSON formatting (depending on if the JSON headers have been sent)
<?xml version="1.0" encoding="UTF-8"?>
<mwResponse>
<responseCode>0</responseCode>
<responseMessage>...</responseMessage>
...
</mwResponse>{
"responseCode":0,
"responseMessage":"...",
...
}Details about the specific contents of each response can be found with the corresponding method in this documentation.
Response Codes
There are three possible types of responseCode.
If the responseCode is >= 0, the responseMessage field will either contain a preset error or, if applicable, the direct error response given by the provider or MW Vault.
| responseCode | Meaning |
|---|---|
| < 0 | MW validation error |
| = 0 | Transaction/Operation was successful |
| > 0 | Transaction/Operation was declined or delayed by the provider or service |
Response Messages
All MW validation errors will contain a three-digit code prefix at the beginning of the responseMessage. This code will allow you to determine what specifically caused the MWE validation error to be returned, and allow you to deal with it accordingly.
| responseCode | Prefix | Description |
|---|---|---|
| -3 | 001 | Required field missing |
| -2 | 002 | Invalid amount |
| -2 | 003 | Invalid currency |
| -2 | 004 | Invalid email |
| -2 | 005 | Invalid name |
| -2 | 006 | Invalid expiry |
| -2 | 007 | Invalid card number |
| -1 | 008 | Invalid auth details |
| -1 | 009 | Invalid merchantUUID |
| -1 | 010 | Invalid passphrase |
| -2 | 011 | Invalid transactionID |
| -2 | 012 | Invalid transaction |
| -2 | 013 | Currency mismatch |
| -2 | 014 | Invalid refund amount |
| -2 | 015 | Refund exceeds transaction amount |
| -2 | 016 | Transaction already reversed |
| -2 | 017 | Invalid verification hash |
View Responses
Sandbox testing requests are made to https://base.merchantwarrior.com/[endpoint]/, where [endpoint] is described in the introduction to each API section.
The test cards below are the only valid card numbers that can be used for testing with CBA, ANZ, NAB, Bendigo & BankWest
| Card Number | Card Security Code | Brand |
|---|---|---|
| 5456789012345670 | 123 | MasterCard |
| 2223000000000007 | 123 | MasterCard Series 2 |
| 4123456789012349 | 123 | Visa |
| 371449635311038 | 1234 | American Express |
| 30123400000000 | 123 | Diners Club |
| 3528000000000007 | N/A | JCB |
Changing the expiry date in your request will change the transaction response. Below are a list of expiries with their response descriptions.
| Expiry Date | Description |
|---|---|
| 10/24 | Transaction approved |
| 01/24 | Refer Card Issuer |
| 04/24 | Pick Up Card |
| 05/24 | Do Not Honour |
| 02/25 | Invalid Transaction |
| 04/25 | Invalid Card Number |
| 05/25 | No Such Issuer |
| 05/27 | Card Acceptor Contact Acquirer |
| 01/28 | Lost Card |
| 02/28 | No Universal Account/Closed Account |
| 03/28 | Stolen Card |
| 01/29 | Insufficient Funds |
| 04/29 | Invalid Expiry Date |
| 02/30 | Restricted Card |
| 08/30 | Transaction Timed Out/Response Received Too Late |
| 01/33 | Card Issuer Unavailable |
| 02/33 | Transaction Cannot Be Completed |
Any other expiry used will result in an Approved transaction response.
The test cards below are only valid card numbers that can be used for testing with Westpac, St. George & Bank of Melbourne .
| Card Number | Expiry Date | CVN | Description |
|---|---|---|---|
| 4564710000000004 | 02/29 | 847 | Visa Approved |
| 5163200000000008 | 08/30 | 070 | MC Approved |
| 4564710000000012 | 02/25 | 963 | Visa Expired |
| 4564710000000020 | 05/30 | 234 | Visa Low Funds ($10 credit limit) |
| 5163200000000016 | 12/29 | 728 | MC Stolen |
| 4564720000000037 | 09/29 | 030 | Visa Invalid CVV2 |
| 376000000000006 | 06/30 | 2349 | Amex |
| 343400000000016 | 01/29 | 9023 | Amex Restricted |
| 36430000000007 | 06/32 | 348 | Diners |
| 36430000000015 | 08/31 | 988 | Diners Stolen |
| All Others | N/A | N/A | All unknown cards are rejected with 42 - No Universal Account |
Merchant Warrior has developed a simulation engine to enable your testing to be as comprehensive as possible. Please use these cards if you have been told that you are connected to the MW Simulator. The cards listed here will only work in the sandbox environment, and will not function in production.
These cards will all give the specified response. Any card name, expiry and CVN can be used with these cards, as long as they are valid for the card. eg. Amex cards must have a 4 digit CVN, all other cards must have 3 digits, and the expiry needs to be in the future.
00 - Approved
| Card Type | Card Number |
|---|---|
| Visa Debit | 4111111111111111 |
| Visa | 4815647610000007 |
| Mastercard Debit | 5204740000001002 |
| Mastercard | 5553697900000004 |
| Mastercard | 2223000000000007 |
| Amex | 377852136856480 |
| Diners | 3027285593502909 |
| Discover | 6011868764043133 |
| JCB | 3530111333300000 |
06 - Error
| Card Type | Card Number |
|---|---|
| Visa | 4293189100000008 |
| Mastercard | 5163200000000008 |
| Amex | 377852884860965 |
| Diners | 3811683979228075 |
| JCB | 3562350000000003 |
| Discover | 6452418944930969 |
01 - Refer Card Issuer
| Card Type | Card Number |
|---|---|
| Visa | 4123456789012349 |
| Mastercard | 5200000009915957 |
| Amex | 379936619672205 |
| Diners | 3001211836236774 |
| JCB | 6444744652558994 |
| Discover | 6444744652558994 |
04 - Pick Up Card
| Card Type | Card Number |
|---|---|
| Visa | 4564710000000012 |
| Mastercard | 5531934095646789 |
| Amex | 377850264429575 |
| Diners | 3032297652537935 |
| JCB | 3566000020000410 |
| Discover | 6557364173679717 |
05 - Do Not Honour
| Card Type | Card Number |
|---|---|
| Visa | 4564710000000020 |
| Mastercard | 5188680400000008 |
| Amex | 377852393955355 |
| Diners | 3627647201762817 |
| JCB | 3566303999942285 |
| Discover | 6557343573058797 |
12 - Invalid Transaction
| Card Type | Card Number |
|---|---|
| Visa | 4564720000000037 |
| Mastercard | 5100000000404390 |
| Amex | 377851937065671 |
| Diners | 3009589978161401 |
| JCB | 3566023559743341 |
| Discover | 6557343771747332 |
14 - Invalid Card Number
| Card Type | Card Number |
|---|---|
| Visa | 4631728544548139 |
| Mastercard | 5553016800092435 |
| Amex | 377851167501973 |
| Diners | 3028680198362072 |
| JCB | 3562107819932234 |
| Discover | 6557325784863321 |
15 - No Such Issuer
| Card Type | Card Number |
|---|---|
| Visa | 4564726349130286 |
| Mastercard | 5163200000000792 |
| Amex | 377851530450205 |
| Diners | 3010814190687935 |
| JCB | 3562108735707197 |
| Discover | 6557343662761160 |
35 - Card Acceptor Contact Acquirer
| Card Type | Card Number |
|---|---|
| Visa | 4511776015533390 |
| Mastercard | 5500000000101893 |
| Amex | 377852274416022 |
| Diners | 3606005251011335 |
| JCB | 3562106573776829 |
| Discover | 6557351187743191 |
41 - Lost Card
| Card Type | Card Number |
|---|---|
| Visa | 4631712173502799 |
| Mastercard | 5400000000501994 |
| Amex | 377850859783295 |
| Diners | 3876426173392665 |
| JCB | 3562106567430433 |
| Discover | 6557354512703609 |
03 - No Universal Account/Closed Account
| Card Type | Card Number |
|---|---|
| Visa | 4631745132973214 |
| Mastercard | 5551656096578803 |
| Amex | 377852653186006 |
| Diners | 3025114366410748 |
| JCB | 3562103970090060 |
| Discover | 6557338997283245 |
43 - Stolen Card
| Card Type | Card Number |
|---|---|
| Visa | 4631713277495963 |
| Mastercard | 5100000000432896 |
| Amex | 377852612490622 |
| Diners | 3815552602426388 |
| JCB | 3562105197145221 |
| Discover | 6557331328168284 |
51 - Insufficient Funds
| Card Type | Card Number |
|---|---|
| Visa | 4617579107297798 |
| Mastercard | 5197657993376796 |
| Amex | 377852831176358 |
| Diners | 3005770347113984 |
| JCB | 3562108930783977 |
| Discover | 6557366309352739 |
54 - Invalid Expiry Date
| Card Type | Card Number |
|---|---|
| Visa | 4715729787853300 |
| Mastercard | 5200000000022498 |
| Amex | 379936953734488 |
| Diners | 3009979651398133 |
| JCB | 3562103635164805 |
| Discover | 6504427542576114 |
36 - Restricted Card
| Card Type | Card Number |
|---|---|
| Visa | 4631749139175633 |
| Mastercard | 5200000000830999 |
| Amex | 377851312622278 |
| Diners | 3812984506458717 |
| JCB | 3562104173493747 |
| Discover | 6509809571378535 |
91 - Transaction Timed Out / Response Received Too Late
| Card Type | Card Number |
|---|---|
| Visa | 4631713707981210 |
| Mastercard | 5446471538337571 |
| Amex | 377852643992851 |
| Diners | 3684930560973740 |
| JCB | 3562107291467733 |
| Discover | 6504515951405112 |
15 - Card Issuer Unavailable
| Card Type | Card Number |
|---|---|
| Visa | 4631756502801653 |
| Mastercard | 5446376540532533 |
| Amex | 379936492885940 |
| Diners | 3867263432361418 |
| JCB | 3562109655469016 |
| Discover | 6504486020047600 |
Specific Authorization Code Testing
If you need to simulate a specific issuer response code that is not covered by the above scenarios, use the following cards. You can include the exact issuer response code you want to receive by including it in the Card Name field, eg "08Bob Jones" will produce an "08 - Honour with identification" response.
| Card Type | Card Number |
|---|---|
| Visa | 4661686268763776 |
| Mastercard | 5149024938880250 |
| Mastercard | 2222222222222224 |
| Amex | 348559568792267 |
| Diners | 3017559548368539 |
| JCB | 3562424339608339 |
| Discover | 6556356600257761 |
The simulator also supports the following cards for 3DS 2.0 testing. Choose which card to use to simulate the 3DS action you want to test. These cards also act like the cards above, so you can include the desired issuer response code in the card name to simulate a specific response.
Manual Challenge
| Card Type | Card Number |
|---|---|
| Visa | 4631716043860311 |
| Mastercard | 5167473595100592 |
| Amex | 377851826358070 |
| Diners | 3001192225137726 |
| JCB | 3584145695882770 |
| Discover | 6504498873552834 |
Successful Authentication (Automatic Challenge Pass)
| Card Type | Card Number |
|---|---|
| Visa | 4511774324799679 |
| Mastercard | 5161691610858193 |
| Amex | 377851498541607 |
| Diners | 3685416315533889 |
| JCB | 3584142032882258 |
| Discover | 6542477066608532 |
Failed Authentication (Automatic Challenge Fail)
| Card Type | Card Number |
|---|---|
| Visa | 4293172753194849 |
| Mastercard | 5166674851597758 |
| Amex | 377851342111698 |
| Diners | 3835441249560369 |
| JCB | 3584142299672590 |
| Discover | 6573244951172699 |
Attempts / Non-Participating (Frictionless (Attempts) with no 3DS Method (Non-Participating))
| Card Type | Card Number |
|---|---|
| Visa | 4525114332086104 |
| Mastercard | 5446476148092268 |
| Amex | 377850113449337 |
| Diners | 3014090285308564 |
| JCB | 3562105106083182 |
| Discover | 6509825415100836 |
Timeout (DS Timeout)
| Card Type | Card Number |
|---|---|
| Visa | 4444333322221111 |
| Mastercard | 5166679383949633 |
| Amex | 376087778726102 |
| Diners | 3038387605159954 |
| JCB | 3584141042559740 |
| Discover | 6570176244095787 |
Timeout (3DS Method Timeout)
| Card Type | Card Number |
|---|---|
| Visa | 4444333322221111 |
| Mastercard | 5166679383949633 |
| Amex | 376087778726102 |
| Diners | 3038387605159954 |
| JCB | 3584141042559740 |
| Discover | 6570176244095787 |
Not Enrolled
| Card Type | Card Number |
|---|---|
| Visa | 4111111111111111 |
| Mastercard | 5204740000001002 |
| Amex | 377852136856480 |
| Diners | 3027285593502909 |
| JCB | 3530111333300000 |
| Discover | 6011868764043133 |
Unavailable (Frictionless No 3DS Method)
| Card Type | Card Number |
|---|---|
| Visa | 4525114332086104 |
| Mastercard | 5446476148092268 |
| Amex | 377850113449337 |
| Diners | 3014090285308564 |
| JCB | 3562105106083182 |
| Discover | 6509825415100836 |
Authentication Unavailable (Card Not Enrolled)
| Card Type | Card Number |
|---|---|
| Visa | 4111111111111111 |
| Mastercard | 5204740000001002 |
| Amex | 377852136856480 |
| Diners | 3027285593502909 |
| JCB | 3530111333300000 |
| Discover | 6011868764043133 |
Bypass Authentication (Frictionless N)
| Card Type | Card Number |
|---|---|
| Visa | 4631773642610977 |
| Mastercard | 5459157606991464 |
| Amex | 379936352094765 |
| Diners | 3027687467474208 |
| JCB | 3584145656262608 |
| Discover | 6558428449903117 |
Successful Frictionless Authentication (Frictionless 3DS Method)
| Card Type | Card Number |
|---|---|
| Visa | 4574357336019197 |
| Mastercard | 5446373276171776 |
| Amex | 377852201339230 |
| Diners | 3006205140196422 |
| JCB | 3562102804837241 |
| Discover | 6573661911483462 |
Failed Frictionless Authentication (Frictionless N)
| Card Type | Card Number |
|---|---|
| Visa | 4631773642610977 |
| Mastercard | 5459157606991464 |
| Amex | 379936352094765 |
| Diners | 3027687467474208 |
| JCB | 3584145656262608 |
| Discover | 6558428449903117 |
Attempts Stand-In Frictionless Authentication (Frictionless A)
| Card Type | Card Number |
|---|---|
| Visa | 4344161869960986 |
| Mastercard | 5162795916646654 |
| Amex | 377850212785789 |
| Diners | 3831877772683397 |
| JCB | 3584144622475303 |
| Discover | 6542194754719071 |
Unavailable Frictionless Authentication from the Issuer (Frictionless U)
| Card Type | Card Number |
|---|---|
| Visa | 4715722496185288 |
| Mastercard | 5162279415160368 |
| Amex | 377850367873398 |
| Diners | 3677041135713873 |
| JCB | 3584147698530646 |
| Discover | 6558436501058241 |
Rejected Frictionless Authentication by the Issuer (Frictionless R)
| Card Type | Card Number |
|---|---|
| Visa | 4631758482194299 |
| Mastercard | 5163295523861761 |
| Amex | 377850912829739 |
| Diners | 3015554046656503 |
| JCB | 3584147537400761 |
| Discover | 6542263476960345 |
Successful Step Up Authentication (Automatic Challenge Pass)
| Card Type | Card Number |
|---|---|
| Visa | 4511774324799679 |
| Mastercard | 5161691610858193 |
| Amex | 377851498541607 |
| Diners | 3685416315533889 |
| JCB | 3584142032882258 |
| Discover | 6542477066608532 |
Failed Step Up Authentication (Automatic Challenge Fail)
| Card Type | Card Number |
|---|---|
| Visa | 4293172753194849 |
| Mastercard | 5166674851597758 |
| Amex | 377851342111698 |
| Diners | 3835441249560369 |
| JCB | 3584142299672590 |
| Discover | 6573244951172699 |
Step Up Authentication is Unavailable (Frictionless U)
| Card Type | Card Number |
|---|---|
| Visa | 4715722496185288 |
| Mastercard | 5162279415160368 |
| Amex | 377850367873398 |
| Diners | 3677041135713873 |
| JCB | 3584147698530646 |
| Discover | 6558436501058241 |
Error on Authentication (DS Timeout)
| Card Type | Card Number |
|---|---|
| Visa | 4444333322221111 |
| Mastercard | 5166679383949633 |
| Amex | 376087778726102 |
| Diners | 3038387605159954 |
| JCB | 3584141042559740 |
| Discover | 6570176244095787 |
Bypassed Authentication (Frictionless N)
| Card Type | Card Number |
|---|---|
| Visa | 4631773642610977 |
| Mastercard | 5459157606991464 |
| Amex | 379936352094765 |
| Diners | 3027687467474208 |
| JCB | 3584145656262608 |
| Discover | 6558428449903117 |
Refunds via Clearing
The following cards can be used to simulate a failed refund that will be automatically re-tried via clearing. This feature will need to be enabled on your account. The fields adviceRefundTransactionID and adviceRefundTransactionCode will be returned in your API response when these cards are used.
| Card Type | Card Number |
|---|---|
| Visa | 4929108431067579 |
| Mastercard | 5232487798161145 |
| Amex | 373851048098250 |
| Diners | 30297289257699 |
| JCB | 3549124971547153 |
| Discover | 6011866139800328 |
Consumer / Business
The following cards can be used to simulate a Consumer or Business card.
| Card Type | Platform | Source | Card Number |
|---|---|---|---|
| Visa | Business | Debit | 4639250000000002 |
| Visa | Business | Credit | 4336870000000003 |
| Visa | Consumer | Debit | 4809410000000006 |
| Visa | Consumer | Credit | 4265340000000002 |
| Mastercard | Business | Debit | 5119390000000002 |
| Mastercard | Business | Credit | 2235780000000000 |
| Mastercard | Consumer | Debit | 5163610000000008 |
| Mastercard | Consumer | Credit | 5108370000000007 |
MAC Codes
The following card can be used to simulate a MAC code response. It allows you to specify which MAC code to receive in the response by specifying the code in the Card Name field. For example, to receive MAC 03 - Do not try again response, use this card and set the Card Name field to 03Tony Stark.
| Card Type | Card Number |
|---|---|
| Mastercard | 5586228308308749 |
The following table lists the Authorization Response Codes that are returned by an issuer and/or acquiring switch when processing credit/debit card transactions. These values are also returned in the authResponseCode value in a transaction response. American Express Direct Link and Discover Direct Link response codes are available below this table.
| Authorization Code | Description |
|---|---|
| 00 | Approved |
| 01 | Refer to Card Issuer |
| 02 | Refer to Issuer's special conditions |
| 03 | Invalid Merchant |
| 04 | Pick Up Card |
| 05 | Do Not Honor |
| 06 | Error |
| 07 | Pick Up Card, Special Conditions |
| 08 | Honor with identification |
| 09 | Request in Progress |
| 10 | Partial Amount Approved |
| 11 | VIP Approval |
| 12 | Invalid Transaction |
| 13 | Invalid Amount |
| 14 | Invalid Card Number |
| 15 | No Such Issuer |
| 16 | Approved, update track 3 |
| 17 | Customer Cancellation |
| 18 | Customer Dispute |
| 19 | Re-enter Transaction |
| 20 | Invalid Response |
| 21 | No Action Taken (no match) |
| 22 | Suspected Malfunction |
| 23 | Unacceptable Transaction Fee |
| 24 | File Update not Supported by Receiver |
| 25 | Unable to Locate Record on File |
| 26 | Duplicate File Update Record |
| 27 | File Update Field Edit Error |
| 28 | File Update File Locked Out |
| 29 | File Update not Successful |
| 30 | Format Error |
| 31 | Bank not Supported by Switch |
| 32 | Completed Partially |
| 33 | Expired Card - Pick Up |
| 34 | Suspected Fraud - Pick Up |
| 35 | Contact Acquirer - Pick Up |
| 36 | Restricted Card - Pick Up |
| 37 | Call Acquirer Security - Pick Up |
| 38 | Allowable PIN Tries Exceeded |
| 39 | No CREDIT Account |
| 40 | Requested Function not Supported |
| 41 | Lost Card - Pick Up |
| 42 | No Universal Amount |
| 43 | Stolen Card - Pick Up |
| 44 | No Investment Account |
| 45 | Account Closed |
| 46 | Identification Required |
| 47 | Identification Cross-Check Required |
| 48 | No Customer Record |
| 49 | Reserved For Future Realtime Use |
| 50 | Reserved For Future Realtime Use |
| 51 | Insufficient Funds |
| 52 | No Cheque Account |
| 53 | No Savings Account |
| 54 | Expired Card |
| 55 | Incorrect PIN |
| 56 | No Card Record |
| 57 | Trans. not Permitted to Cardholder |
| 58 | Transaction not Permitted to Terminal |
| 59 | Suspected Fraud |
| 60 | Card Acceptor Contact Acquirer |
| 61 | Exceeds Withdrawal Amount Limits |
| 62 | Restricted Card |
| 63 | Security Violation |
| 64 | Original Amount Incorrect |
| 65 | Exceeds Withdrawal Frequency Limit |
| 66 | Card Acceptor Call Acquirer Security |
| 67 | Hard Capture - Pick Up Card at ATM |
| 68 | Response Received Too Late |
| 75 | Allowable PIN Tries Exceeded |
| 76 | Previous message not found |
| 77 | Data does not match original message |
| 80 | Invalid Date |
| 81 | Cryptographic failure |
| 82 | Incorrect CVV |
| 83 | Unable to verify PIN |
| 84 | Invalid authorization life cycle |
| 85 | No reason to decline |
| 86 | ATM Malfunction |
| 87 | No Envelope Inserted |
| 88 | Unable to Dispense |
| 89 | Administration Error |
| 90 | Cut-off in Progress |
| 91 | Issuer or Switch is Inoperative |
| 92 | Financial Institution Not Found |
| 93 | Trans Cannot be Completed |
| 94 | Duplicate Transmission |
| 95 | Reconcile Error |
| 96 | System Malfunction |
| 97 | Reconciliation Totals Reset |
| 98 | MAC Error |
| 99 | Reserved for National Use |
| N0 | Force STIP (VISA) |
| N3 | Cash Service Not Available (VISA) |
| N4 | Cash request exceeds issuer limit (VISA) |
| N7 | Decline for CVV2 failure (VISA) |
| P2 | Invalid biller information (VISA) |
| P5 | PIN Change Unblock Declined (VISA) |
| P6 | Unsafe PIN (VISA) |
| XA | Forward to issuer |
| XD | Forward to issuer |
| XX | Unknown Code |
| 5C | Transaction not supported/blocked by issuer |
| 9G | Blocked by cardholder/contact cardholder |
The table below lists the Authorization Response Codes that are returned if your American Express transactions are being processed via the American Express Direct Link.
| Authorization Code | Description |
|---|---|
| 000 | Approved |
| 001 | Approve with ID |
| 002 | Partial Approval (Prepaid Cards only) |
| 100 | Deny |
| 101 | Expired Card / Invalid Expiration Date |
| 106 | Exceeded PIN attempts |
| 109 | Invalid merchant |
| 110 | Invalid amount |
| 111 | Invalid account / Invalid MICR (Travelers Cheque) |
| 115 | Requested function not supported |
| 117 | Invalid PIN |
| 119 | Cardmember not enrolled / not permitted |
| 122 | Invalid card security code (a.k.a., CID, 4DBC, 4CSC) |
| 125 | Invalid effective date |
| 130 | Additional customer identification required |
| 181 | Format error |
| 183 | Invalid currency code |
| 187 | Deny - New card issued |
| 189 | Deny - Canceled or Closed Merchant/SE |
| 200 | Deny - Pick up card |
| 400 | Reversal Accepted |
| 900 | Accepted - ATC Synchronization |
| 909 | System Malfunction (Cryptographic Error) |
| 912 | Issuer not available |
The table below lists the Authorization Response Codes that are returned if your Discover transactions are being processed via the Discover Direct Link.
| Authorizatoin Code | Description |
|---|---|
| 000 | pin change successful |
| 001 | honor with identification |
| 081 | approved by Issuer |
| 082 | approved by Xpress |
| 083 | approved by Acquirer |
| 084 | offline approved |
| 085 | offline approved, Unable to go online |
| 086 | card verification successful |
| 100 | do not honor |
| 101 | expired card |
| 102 | suspected fraud |
| 104 | restricted card |
| 106 | allowable PIN tries exceeded |
| 109 | invalid merchant |
| 110 | invalid amount |
| 111 | invalid card number |
| 115 | requested function not supported |
| 117 | incorrect PIN |
| 118 | cycle range suspended |
| 119 | Transaction not permitted to cardholder |
| 122 | card validity period exceeded |
| 124 | violation of law |
| 125 | card not effective |
| 129 | suspected counterfeit card |
| 140 | offline declined, Merchant Forced Acceptance |
| 141 | unable to go online, offline declined, Merchant Forced Acceptance |
| 163 | security violations |
| 181 | decline given by POS participant |
| 182 | decline given by Issuer |
| 183 | Domain Restriction Control Failure |
| 184 | decline given by Xpress, no communication with Issuer |
| 185 | decline given by Xpress, card is local use only |
| 188 | Xpress unable to forward request to Issuer X |
| 192 | Restricted Merchant |
| 194 | PIN change or unblock failed |
| 195 | new PIN not accepted |
| 196 | chip information advice |
| 197 | card verification failure |
| 198 | TVR or CVR validation failed |
| 200 | do not honor |
| 201 | expired card |
| 202 | suspected fraud |
| 203 | card acceptor contact Acquirer |
| 204 | restricted card |
| 205 | card acceptor call Acquirers security department |
| 206 | allowable PIN tries exceeded |
| 207 | special conditions |
| 208 | lost card |
| 209 | stolen card |
| 210 | suspected counterfeit card |
| 280 | temporary status lost card |
| 281 | temporary status stolen card |
| 300 | successful |
| 301 | not supporte by reciever |
| 302 | unable to locate record on file |
| 303 | duplicate record, old record replaced |
| 304 | data element edit error |
| 305 | file locked out |
| 306 | not successful |
| 307 | format error |
| 308 | duplicate, new record rejected |
| 309 | unknown file |
| 380 | not successful, cross reference exists |
| 382 | continutation data in next record |
| 397 | card on Positive File |
| 399 | VIP card with limits |
| 400 | accepted |
| 480 | function code not allowed |
| 481 | account number invalid |
| 482 | account number does not mod10 |
| 483 | no matching cycle range exists for this account |
| 484 | invalid amount |
| 680 | Forward to destination Participant |
| 600 | accepted |
| 800 | accepted |
| 909 | destination not known |
| 910 | destination not in service |
The following table lists the Visa chargeback reason codes and their descriptions.
| Reason Code | Description |
|---|---|
| 10.1 | EMV Liability Shift |
| 10.2 | EMV Liability Shift Non-counterfeit Fraud |
| 10.3 | Card-Present Environment |
| 10.4 | Card-Absent Environment |
| 10.5 | Visa Fraud Monitoring Program |
| 11.1 | Card Recovery Bulletin |
| 11.2 | Declined Authorisation |
| 11.3 | No Authorisation |
| 12.1 | Late Presentment |
| 12.2 | Incorrect Transaction Code |
| 12.3 | Incorrect Currency |
| 12.4 | Incorrect Account Number |
| 12.5 | Incorrect Amount |
| 12.6 | Duplicate Processing/Paid by Other Means |
| 12.7 | Invalid Data |
| 13.1 | Merchandise/Services Not Received |
| 13.2 | Cancelled Recurring Transaction |
| 13.3 | Not as Described or Defective Merchandise/Service |
| 13.4 | Counterfeit Merchandise |
| 13.5 | Misrepresentation |
| 13.6 | Credit Not Processed |
| 13.7 | Cancelled Merchandise/Services |
| 13.8 | Original Credit Transaction Not Accepted |
| 13.9 | Non-Receipt of Cash or Load Transaction Value |
The following table lists the MasterCard chargeback reason codes and their descriptions.
| Reason Code | Description |
|---|---|
| 4837 | No Cardholder Authorization |
| 4840 | Fraudulent Processing of Transactions |
| 4847 | Exceeds Floor Limit, Not Authorised |
| 4849 | Questionable Merchant Activity |
| 4862 | Counterfeit Transaction / Magnetic Stripe POS Fraud |
| 4863 | Cardholder Does Not Recognize |
| 4870 | Chip Liability Shift |
| 4871 | Chip/PIN Liability Shift |
| 4807 | Warning Bulletin File |
| 4808 | Requested/Required Authorisation Not Obtained |
| 4812 | Account Number Not On File |
| 4831 | Transaction Amount Differs |
| 4834 | Duplicate Processing / POS Error |
| 4835 | Card Not Valid or Expired |
| 4842 | Late Presentment |
| 4846 | Correct Transaction Currency Code Not Provided |
| 4850 | Installment Billing Dispute |
| 4902 | Required Information Illegible or Missing |
| 4999 | Domestic Chargeback Dispute (Europe Region Only) |
| 4841 | Canceled Recurring or Digital Goods Transactions |
| 4853 | Cardholder Dispute |
| 4854 | Cardholder Dispute (U.S. Region Only) |
| 4855 | Goods or Services Not Provided |
| 4857 | Card-Activated Telephone Transaction |
| 4859 | Addendum, No-show, or ATM Dispute |
| 4860 | Credit Not Processed |
The following table lists the American Express chargeback reason codes and their descriptions.
| Reason Code | Description |
|---|---|
| 4507 | Incorrect Transaction Amount or Account Number Presented |
| 4512 | Multiple Processing |
| 4513 | Credit Not Presented |
| 4515 | Paid through Other Means |
| 4516 | Request for Support Not Fulfilled |
| 4517 | Request for Support Illegible/Incomplete |
| 4521 | Invalid Authorization |
| 4523 | Unassigned C/M Account Number |
| 4526 | Missing Signature |
| 4527 | Missing Imprint |
| 4530 | Currency Discrepancy |
| 4534 | Multiple ROCs |
| 4536 | Late Presentment |
| 4540 | Card Not Present |
| 4544 | Cancellation of Recurring Goods/Services Services |
| 4553 | Not as Described or defective merchandise |
| 4554 | Goods and Services Not Received |
| 4750 | Car Rental Charge in Dispute |
| 4752 | Credit/Debit Presentment Error |
| 4754 | Local Regulatory/Legal Dispute |
| 4755 | No Valid Authorization |
| 4758 | Expired/Not Yet valid card |
| 4763 | Fraud Full Recourse |
| 4798 | Fraud Liability Shift - Counterfeit |
| 4799 | Fraud Liability Shift - Lost/Stolen |
Merchant Advice Codes (MACs) are short codes returned by card networks and issuing banks when a transaction is declined or flagged. They provide guidance on what action a merchant should take next, such as retrying the transaction, requesting updated card details, or stopping further attempts.
MACs are especially common with:
- Recurring payments
- Subscription billing
- Stored card / card-on-file transactions
When a transaction is declined, the issuer may return:
- A decline reason
- A Merchant Advice Code
The decline reason explains why the transaction failed whilst the MAC explains what you should do next.
The following table lists the Merchant Advice Codes (MAC) and their descriptions. If a MAC code is returned to you in our response, its instructions must be followed. Failure to do so many incur a penalty fee.
| MAC Code | Description |
|---|---|
| 1 | Updated information needed |
| 2 | Try again later |
| 3 | Do not try again |
| 4 | Transaction not supported |
| 21 | Stop recurring payment requests |
| 24 | Retry after 1 hour |
| 25 | Retry after 24 hours |
| 26 | Retry after 2 days |
| 27 | Retry after 4 days |
| 28 | Retry after 6 days |
| 29 | Retry after 8 days |
| 30 | Retry after 10 days |
| 40 | Consumer non-reloadable prepaid card |
| 41 | Consumer single-use virtual card number |
| 43 | Consumer multi-use virtual card number |
By default, when a transaction receives a Merchant Advice Code (MAC), Merchant Warrior will block any subsequent attempts on the same card according to the issuing bank’s retry instructions as provided in the table above. This helps prevent unnecessary declines that incur penalty fees and ensures compliance with card network rules.
For example, if an issuing bank returns a MAC of 25, any attempts to charge the same card within the next 24 hours will be automatically Blocked. Once the 24-hour period has passed, the card can be tried again and the transaction will be processed normally. This behaviour ensures that retry attempts are handled correctly without requiring any additional configuration from your systems.
The following table lists the direct debit response codes, for both Australia and New Zealand.
Australia
| Response Code | Description |
|---|---|
| 1 | Invalid BSB number |
| 2 | Payment stopped |
| 3 | Account closed |
| 4 | Customer deceased |
| 5 | No account or incorrect account number |
| 6 | Refer to customer |
| 8 | Invalid User ID Number |
| 9 | Technically invalid |
New Zealand
| Response Code | Description |
|---|---|
| DISHONOUR-01 | Unauthorised. Your direct debit authority hasn’t been loaded at the payer’s bank. |
| DISHONOUR-02 | No Account. The account you’re trying to collect a payment from doesn’t exist. |
| DISHONOUR-03 | Insufficient funds. There’s not enough money in the payer’s account to collect the payment. |
| DISHONOUR-04 | Payment stopped. Contact the payer to find out why. |
| DISHONOUR-05 | Authority cancelled. The payer has cancelled your direct debit authority. |
| DISHONOUR-06 | Account closed. The account you’re trying to collect a payment from has been closed. |
| DISHONOUR-07 | Account transferred. The account you’re trying to collect a payment from has been moved (for example, if two companies merge and the customer number of the account has changed). |
| DISHONOUR-08 | Payment limit exceeded. You’re trying to collect more money than the payer has allowed for your direct debit authority. |
A CVV Response Code is a value returned by the card-issuing bank during a card transaction to indicate whether the CVV provided by the cardholder matches the value on file with the issuer.
Please note, not all providers support this feature.
The following codes list the CVV Response codes you may get in your response.
| Response Code | Meaning | Description |
|---|---|---|
| M | Match | The CVV provided matches the one on file. |
| N | No Match | The CVV does not match. |
| P | Not Processed | CVV data was not processed. |
| S | CVV Should Be on Card, but is Missing | Issuer indicates the card should have a CVV but it wasn’t provided. |
| U | Issuer Does Not Support CVV | The issuer doesn't support CVV validation. |
The following reason codes are defined under the New Payments Platform (NPP) framework and are applicable to NPP-related services such as PayTo, Payouts and PayID refunds.
Payment Decline Codes
If a reason code is classified as a soft decline, the transaction may be attempted again.
| Reason Code | Description | Soft Decline |
|---|---|---|
| AB01 | Aborted Clearing Timeout | Yes |
| AB02 | Aborted Clearing Fatal Error | Yes |
| AB03 | Aborted Settlement Timeout | Yes |
| AB04 | Aborted Settlement Fatal Error | Yes |
| AB08 | Offline Creditor Agent | Yes |
| AC02 | The Debtor Account Number is invalid or missing | No |
| AC03 | The Payee is unable to accept a Clearing Request because the account to be credited does not exist | No |
| AC05 | The original debtor account number is closed and a Payment Return (Unsolicited) cannot be made | No |
| AC06 | The Account is blocked and cannot accept credits (e.g. suspected fraud, sanctions, or account type restrictions such as mortgage/term deposit) | Yes |
| AC07 | The account to be credited is closed | No |
| AC13 | The account to be debited cannot debit funds within its type | No |
| AC14 | Account exists but cannot accept funds (unreachable via NPP) | No |
| AC15 | Payer account was changed to a different account | No |
| AG01 | Account exists but does not support credits | No |
| AG03 | The account to be credited is open, but cannot accept NPP credit for the NPP service | No |
| AG07 | Unsuccessful Direct Debit | Yes |
| AGNT | The account does not belong to the account servicer (incorrect agent/reference data or clearing/settlement agency relationship) | No |
| AM01 | The service prohibits the use of zero dollar Payments | No |
| AM02 | The transaction is greater than the maximum NPP limit ($99,999,999,999) or exceeds service rules | No |
| AM03 | Currency cannot be applied to the specified account (Interbank settlement currency not AUD) | No |
| AM04 | Insufficient Funds | Yes |
| AM06 | Specified transaction amount is less than agreed minimum | Yes |
| AM09 | Amount received is not the amount agreed or expected | Yes |
| AM12 | Clearing or Settlement Request amount is missing, invalid, or mismatched | Yes |
| AM13 | Transaction amount exceeds limits set by clearing system | No |
| AM18 | Number of transactions is invalid | No |
| AM19 | The number of transactions does not equal to ‘1’ | No |
| AM21 | Limit Exceeded | Yes |
| AM22 | Unable to apply zero amount to designated account | No |
| BE05 | Creditor is unknown to Debtor | No |
| BE06 | End customer specified is not known at associated Sort/National Bank Code or no longer exists in records | No |
| BE08 | Debtor name is missing | No |
| BE18 | Contact details missing or invalid | No |
| BE22 | Creditor Name is required but not provided | No |
| CH17 | Element is not allowed | No |
| CH20 | Number of decimal points not compatible with the currency | No |
| CH21 | Mandatory element is missing | No |
| CURR | The currency included in the Clearing Request is incorrect (value other than AUD) | No |
| CUST | Cancellation requested by the Debtor | Yes |
| DT01 | Invalid date (e.g. wrong or missing settlement date) | No |
| DT02 | GroupHeader CreationDateTime not in required format or outside acceptable timeframe | No |
| DT04 | Future dated NPP Payment Initiation Requests not supported | No |
| E991 | Validate Mandate Service Unavailable Retry again after sometime | Yes |
| E992 | Alias Resolution Service Unavailable Retry again after sometime | Yes |
| E999 | Unexpected System Error | No |
| ED05 | Settlement of the transaction has failed | Yes |
| ED06 | NPPA direction to reject requests due to FSS being unavailable | Yes |
| FF01 | File format incomplete or invalid | No |
| FF04 | Service Level code invalid or not as per message type/membership format | No |
| FF08 | End-to-End ID missing or invalid | Yes |
| FF10 | Unable to process due to back office issues or outage | Yes |
| FF11 | Clearing Request rejected as it was subject to a previous abort operation | Yes |
| FRAD | Cancellation requested following a transaction that was originated fraudulently | No |
| G005 | Payment has been delivered to creditor agent with service level | No |
| G006 | Payment has been delivered to creditor agent without service level | No |
| M001 | Invalid or not applicable character set | No |
| M308 | Creditor Reference must be equal to End to End Id of payment instruction | Yes |
| M901 | Validate Mandate API Error Retry again after sometime | Yes |
| M902 | Responding Participant is Unavailable Retry again after sometime | Yes |
| M903 | Payer Participant is Unavailable Retry again after sometime | Yes |
| M904 | Payee Participant is Unavailable Retry again after sometime | Yes |
| M905 | Debtor PayId is Invalid | No |
| M906 | Creditor PayId is Invalid | No |
| M907 | Debtor BSB is not NPP reachable | No |
| M908 | Creditor BSB is not NPP reachable | No |
| M909 | Business Service Code Invalid | No |
| M910 | Business Service Code not present in Mandate | No |
| M911 | Payer Participant is not NPP reachable | No |
| M912 | Payee Participant is not NPP reachable | No |
| M913 | Payee Account Details are missing | Yes |
| M914 | Payee Participant in Mandate and Creditor Alias Servicer are not matching | No |
| M915 | Payer Participant in Mandate and Debtor Alias Servicer are not matching | No |
| M916 | Creditor Account Details present in Mandate and Input Request are not matching | Yes |
| M917 | Creditor Alias details present in Request and Mandate are not matching | Yes |
| M918 | Creditor details not present in Request and Mandate | Yes |
| M919 | Unable to locate Payment Instruction record | No |
| M920 | Invalid Mandate | No |
| M921 | Creditor account scheme present in request and Mandate are not matching | Yes |
| M922 | Previous Instruction Status is invalid for Business retry | No |
| MD01 | The NPP Payment Initiation Request did not contain a MandateId | No |
| MD02 | The Mandate Cryptogram contained in a Mandate NPP Payment Initiation Request did not verify | No |
| MD20 | The Mandate Cryptogram contained in a Mandate NPP Payment Initiation Request was older than the allowed timeframe (24hrs) | Yes |
| MS02 | Reason has not been specified by end customer | Yes |
| NARR | Narrative | Yes |
| RC05 | The BIC identifier is invalid or missing | No |
| RR04 | Regulatory Reason | No |
| RR05 | Regulatory or Central Bank Reporting information missing, incomplete, or invalid | No |
| RR07 | Remittance information structure does not comply with rules for payment type | No |
| SL01 | Specific Service offered by Debtor Agent | No |
| SL11 | The Creditor did not appear on the Debtor’s whitelist | No |
| SL12 | The Creditor appeared on the Debtor’s blacklist | No |
| SL13 | Maximum number of Direct Debit Transactions exceeded | Yes |
| SL14 | Maximum Direct Debit Transaction Amount exceeded | Yes |
| TD03 | The file format is incomplete or invalid | Yes |
| TM01 | Invalid Cut Off Time | Yes |
Participant Reason Codes
These reason codes are issued by NPP participants to report the status of their connectivity. They are commonly observed during maintenance windows, system recovery, or outages.
| Reason Code | Description |
|---|---|
| PA01 | Participant Available |
| PA02 | Participant Flooded |
| PA03 | Participant Recovering |
| PA04 | Participant Not Available |
| PA05 | Participant Under Stress |