Understanding Strong Customer Authentication & PSD2
This article was updated in March 2020.
If you take a look at your payment data, you’ll probably see a bunch of unsuccessful payments with the reason code: "05: Do Not Honor".
But what does it actually mean? And what can you do about it? Should you ask the shopper for a new card? Should you retry it with the same card? If so, do you do this immediately or how long should you wait?
Unfortunately, there isn’t one easy answer. But, based on our experience analyzing authorization rates and working with card schemes, here are some plausible explanations.
In about half the cases, “Do Not Honor” is just another way of saying “Insufficient Funds”. This is because some issuers (or processors) aren’t very good at returning the correct refusal reason. This is partly due to the issuers’ legacy systems, and partly to the lack of mandates or monitoring by the schemes. So, for lack of a better reason, issuers will often default to “Do Not Honor” as the catch-all for all denials.
Looking at the data from various banks, you can see that “Do Not Honor” and “Insufficient Funds” are used interchangeably. The below graph is an analysis of the top 5 UK and US banks. In most cases, there's a disproportionately high level of “Do Not Honor” and a low level of “Insufficient Funds.” Given that Insufficient Funds is one of the most common refusal reasons, it suggests that one is masquerading as the other.
Sometimes transactions fail because of an AVS or CVC mismatch. But, since there’s no refusal reason for AVS mismatch, and only Visa has a response code for CVC mismatches, issuers tend to default to “Do Not Honor”. It’s worth checking other data points in the payment response, like CVC response, card expiry date, and AVS response, to learn more.
The most appropriate use of “Do Not Honor” is because of suspicious activity on the card. It’s up to the issuer to decide what constitutes suspicious activity. So, even though a card hasn’t been reported lost or stolen, a combination of factors might prompt the issuer to err on the side of caution (such as a high-value transaction made cross-border at 3am without any additional authentication). Even if issuers can identify why they refused the transaction, they have no way of communicating this to you. Instead, they must pick a response from the available responses codes defined in the ISO 8583 standard.
If you’re really up to speed on your payments, you might point out that issuers should be able to use “59: Suspected fraud” in these cases. This is correct. But what you probably don’t know is that VisaNet remaps all “59: Suspected fraud” refusals to “05: Do Not Honor”. The likely reason for this is legacy. It avoids uncomfortable situations in-store when the shopper is standing in front of the sales associate.
You’re probably not the only business that the shopper is interacting with at any one time. They might have just made a large purchase on a high-risk website or been on a huge shopping spree before coming to you. In that case, it doesn’t matter how clean your traffic is, the issuer may decide on a “Do Not Honor” as a byproduct of a shopper’s recent activity. In these cases, having the right billing and retry strategy can help you minimize your “Do Not Honors”.
While the words “Do Not Honor” don’t tell us anything, there’s a lot to be learned by looking at aggregated data. Adyen has a feature called the Inferred Refusal Reason, which provides insight into the likely cause of the refusal. It uses platform-wide data to identify the issuer level patterns that result in the “Do Not Honor” refusal code. This Inferred Refusal Reason is returned in the API response, and can be enabled via API and Response settings.
By submitting this form, you acknowledge that you have reviewed the terms of our Privacy Statement and consent to the use of data in accordance therewith.