Understand authentication failures
Last updated: April 12, 2023
If an authentication fails, you’ll want to understand why so you can prevent it happening again. In EMV 3-D Secure (EMV 3DS) 2.1 and later, the issuer’s authentication service returns a numeric value to indicate why the authentication failed.
Checkout.com returns this value in either the
authentication_status_reason field (for integrated authentication) or the
response_status_reason field (for standalone authentication).
Use the following table to find out what caused an authentication failure.
|Value||Reason for failure|
Card authentication failed
Exceeds authentication frequency limit
Invalid card number
No card record
Transaction not permitted to cardholder
Cardholder not enrolled in service
Transaction timed out at the Access Control Server (ACS)
Very high confidence
Exceeds ACS maximum challenges
Non-payment transaction not supported
Merchant-initiated transaction (3RI) not supported
ACS technical issue
Decoupled authentication required by ACS, but not requested by 3DS requestor
3DS requestor decoupled max expiry time exceeded
Decoupled authentication was provided insufficient time to authenticate cardholder. ACS will not make attempt
Authentication attempted, but not performed by the cardholder
There are also scheme-specific values, explained in the following sections.
Use the following table to find out what caused a Visa authentication failure.
|Value||Reason for failure|
Error connecting to ACS
ACS timed out
Invalid response from ACS
System error response from ACS
Internal error while generating Cardholder Authentication Verification Value (CAVV)
Visa Merchant ID (VMID) not eligible for requested program
Protocol version not supported by ACS
Transaction is excluded from attempts processing — includes non-reloadable prepaid card and Non-Payments (NPA)
Requested program not supported by ACS
CAVV is included in response
Issuer Strong Customer Authentication (SCA) required
Use the following table to find out what caused a Mastercard authentication failure.
|Value||Reason for failure||Additional information|
Transactions processed as Identity Check Insights
Indicates authentication processed through Identity Check Insights
Acquirer exemption accepted
Value used by the ACS for protocol version 2.1 to indicate acceptance of an acquirer exemption transaction
Challenge mandate requested, but could not be performed by Smart Authentication Stand-In
Directory Server (DS) dropped reason code received from ACS
Value used by the Mastercard DS when it drops the reason code received from the ACS. This happens when the value sent by the ACS conflicts with the transaction status, whether that's
Challenge cancelation indicator populated, therefore did not route to Smart Authentication Stand-In
Transaction not processed due to challenge cancelation