Soft Declines

On this page:

Overview

During the request for an authorisation, when the card issuer does not agree with the SCA exemption, they may return a Soft Decline.

A Soft Decline response can be returned for any Opayo Direct payment request and irrelevant of an SCA exemption being requested. Most cases where a Soft Decline is returned are for SCA Exemptions.

Important: A Soft Decline response can also be returned for subsequent Credential on File payments. In the future, we expect they could be returned when 3DSv1 is phased out.  It is important that you can handle this decline code regardless of whether you intend to use SCA exemptions or not.

How a Soft Decline Works

A soft decline is not an outright refusal of an authorisation request. It advises that the card issuer wants the cardholder to perform 3D-Secure authentication. To prove that they are the cardholder, the cardholder must perform SCA (a challenge authentication).

In most cases, we will automatically manage the Soft Decline for you and perform a challenge authentication request during an authorisation flow:

  1. We return the 3D-Secure authentication data in response to your Direct Payment request.
  2. You re-direct the cardholder to their card issuers challenge page.

Following a Soft Decline message, if we are unable to perform 3D-Secure authentication for you, then it will return a Soft Decline response to your system. The value of the DeclineCode will either be 65 (Mastercard) or 1A (Visa, Diners, Discover).

Manage a Soft Decline

If you receive a Soft Decline response, then you should:

  1. Re-submit your Direct payment request with a new VendorTxCode value
  2. Request for a challenge authentication to be performed by providing the Apply3DSecure=1 field and value.

We advise you remove the ThreeDSExemptionIndicator field and value.

Example soft decline response

Status=NOTAUTHED 
ExpiryDate=1221
DeclineCode=65   
CV2Result=NOTPROVIDED
PostCodeResult=NOTPROVIDED
AddressResult=NOTPROVIDED
AVSCV2=DATA NOT CHECKED
VPSTxId={796EEDDA-9599-E125-67C2-59A23210FCBE}
VPSProtocol=4.00
3DSecureStatus=NOTCHECKED
SecurityKey=GCVFTDAD2M
StatusDetail=2022 : The Authorisation was Declined by the bank. SCA required.   

Example request after receiving a soft decline response

Amount=32.00
ApplyAVSCV2=1
BillingAddress1=23
BillingAddress2=BillAddress+Line+2
BillingCity=London
BillingCountry=GB
BillingFirstnames=John
BillingPhone=+447700900077
BillingPostcode=10
BillingSurname=Doe
BrowserAcceptHeader=text/html,application/xhtml+xml,application/xml
BrowserColorDepth=24
BrowserJavaEnabled=1
BrowserJavascriptEnabled=1
BrowserLanguage=en-GB
BrowserScreenHeight=1080
BrowserScreenWidth=1920
BrowserTZ=%2B300
BrowserUserAgent=Mozilla
CV2=101
CardHolder=John+Doe
CardNumber=412xxxxxxx2xx71
CardType=Visa
ChallengeWindowSize=01
ClientIPAddress=10.10.10.10
Currency=GBP CustomerEMail=john.doe@opayo.com
DeliveryAddress1=88
DeliveryAddress2=DelAddress+Line+2
DeliveryCity=London
DeliveryCountry=GB
DeliveryFirstnames=John
DeliveryPhone=+447700900077
DeliveryPostcode=EC1X1XX
DeliverySurname=Doe
Description=vendor-transaction-description
ExpiryDate=1220
ThreeDSNotificationURL=http%3A//vendor.com/threeDSnotify
TransType=01
TxType=PAYMENT
VPSProtocol=4.00
Vendor=vendor-Name
VendorTXCode=vendor-transaction-671295
Apply3DSecure=1