Understand authentication failures
Last updated: April 12, 2023
If an authentication fails, you’ll want to understand why so you can prevent it happening again. In EMV 3-D Secure (EMV 3DS) 2.1 and later, the issuer’s authentication service returns a numeric value to indicate why the authentication failed.
Checkout.com returns this value in either the authentication_status_reason field (for integrated authentication) or the response_status_reason field (for standalone authentication).
Use the following table to find out what caused an authentication failure.
| Value | Reason for failure |
|---|---|
| Card authentication failed |
| Unknown device |
| Unsupported device |
| Exceeds authentication frequency limit |
| Expired card |
| Invalid card number |
| Invalid transaction |
| No card record |
| Security failure |
| Stolen card |
| Suspected fraud |
| Transaction not permitted to cardholder |
| Cardholder not enrolled in service |
| Transaction timed out at the Access Control Server (ACS) |
| Low confidence |
| Medium confidence |
| High confidence |
| Very high confidence |
| Exceeds ACS maximum challenges |
| Non-payment transaction not supported |
| Merchant-initiated transaction (3RI) not supported |
| ACS technical issue |
| Decoupled authentication required by ACS, but not requested by 3DS requestor |
| 3DS requestor decoupled max expiry time exceeded |
| Decoupled authentication was provided insufficient time to authenticate cardholder. ACS will not make attempt |
| Authentication attempted, but not performed by the cardholder |
There are also scheme-specific values, explained in the following sections.
Use the following table to find out what caused a Visa authentication failure.
| Value | Reason for failure |
|---|---|
| Error connecting to ACS |
| ACS timed out |
| Invalid response from ACS |
| System error response from ACS |
| Internal error while generating Cardholder Authentication Verification Value (CAVV) |
| Visa Merchant ID (VMID) not eligible for requested program |
| Protocol version not supported by ACS |
| Transaction is excluded from attempts processing — includes non-reloadable prepaid card and Non-Payments (NPA) |
| Requested program not supported by ACS |
| CAVV is included in response |
| Issuer Strong Customer Authentication (SCA) required |
Use the following table to find out what caused a Mastercard authentication failure.
| Value | Reason for failure | Additional information |
|---|---|---|
| Transactions processed as Identity Check Insights | Indicates authentication processed through Identity Check Insights |
| Acquirer exemption accepted | Value used by the ACS for protocol version 2.1 to indicate acceptance of an acquirer exemption transaction |
| Challenge mandate requested, but could not be performed by Smart Authentication Stand-In | None |
| Directory Server (DS) dropped reason code received from ACS | Value used by the Mastercard DS when it drops the reason code received from the ACS. This happens when the value sent by the ACS conflicts with the transaction status, whether that's |
| Challenge cancelation indicator populated, therefore did not route to Smart Authentication Stand-In | Transaction not processed due to challenge cancelation |