Handling Soft Declines

Issuers within the EEA and the UK will be required to request that any transaction submitted without SCA or without a correct out of scope or exemption indicator is responded to with a request to resubmit with SCA or the transaction will be declined. The UK currently plans to enforce equivalent requirements to SCA for e-commerce in the UK from 14 September 2021 - please click here for more information.


After the regulatory enforcement date, Issuers should be expected to decline transactions that are in scope of SCA submitted without SCA and without a correct indicator. In some markets Issuers will start progressively introducing these so called “soft declines” ahead under national managed implementation plans agreed between financial services and retailer associations and NCAs. Merchants should check the status of such plans in their local markets

During an authorisation request, the card issuer may return a what's known as a “Soft Decline”. Unlike a Hard Decline for insufficient funds for example, a Soft Decline is not an outright refusal of an authorisation.

A Soft Decline happens when a card issuer responds to an authorisation request with a specific response code advising that SCA is required, and the cardholder must be authenticated before the transaction can be approved.

For more information on the background of 3-D Secure v2, please see here.

How to identify a Soft Decline

Soft Declines can be identified when we return an authorisation response back to you where the response_code is 565 and it's accompanied by a response_message is SCA: Required.

    "timestamp": "20210620101532",
    "response_code": "565",
    "response_message": "SCA:Required",
    "company_id": "133",
    "mid": "1025",
    "transaction_id": "6784323",
    "response_hash": "835956a9fe56d65416....."

How to handle a Soft Decline

When receiving a soft decline response which is represented by response_code 565 as mentioned above, you must authenticate the cardholder using SCA before resubmitting your authorisation request.

If you are using our Card API you will have to obtain a new server_trans_ref using the Check 3DS Version request. Once obtained you can simply resubmit your authorisation request whilst ensuring you set the preference parameter value within the tds object to 2 = Request Challenge.

    "tds": {
    "action": "SCA",
    "source": "1",
    "type": "2",
    "preference": "2",
    "method_url_complete": "1",
    "server_trans_id": "d1eb55be-1095-4dc8-a65d-1d14a230ddac",
    "browser_data": {
        "accept_header": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
        "ip": "",
        "color_depth": "TWENTY_FOUR_BITS",
        "java_enabled": "true",
        "javascript_enabled": "true",
        "language": "en-US",
        "screen_height": "1080",
        "screen_width": "1920",
        "challenge_window_size": "WINDOWED_600X400",
        "timezone": "0",
        "user_agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
    "merchant": {
        "contact_url": "https://yourdomain.com/contactus",
        "challenge_url": "https://yourdomain.com/challenge_url"
Just so you know, our Hosted Payment Page solution will handle Soft Declines for you..
For more infomration on cardhodler authentication please see Version 1 or Version 2.