Last Updated: 04 December 2024 | Change Log

Card payment testing


Test your integration with our Payments API using the magic values provided below. Send requests and see simulated responses.

Note

You can test specific scenarios by using the magic values in conjunction with each other. For example, a magic value used to simulate 'CVC not matched' response will not alone produce an 'Issuer refused' response. To simulate issuer responses, you need to use specific issuer response magic values.

On this page:

Test card numbers

For use in our try environment only.

With these cards, you can specify an expiry date up to seven years in the future. These cards do not have an issue number, a registered address or a card verification code (CVC).

Card typeTest card number
American Express343434343434343
Cartes Bancaires / Visa co-branded4150580996517927
Cartes Bancaires / Mastercard co-branded5131072454408923
Cartes Bancaires / Maestro co-branded5817020000000000
Discover / Diners6011000400000000
EFTPOS / Visa co-branded4434020000000006
EFTPOS / Mastercard co-branded5163150000000005
JCB3528000700000000
Maestro6759649826438453
MasterCard5555555555554444, 5454545454545454 and 2221000000000009
MasterCard Debit5163613613613613
Visa4444333322221111, 4911830000000 and 4917610000000000
Visa Debit4462030000000000 and 4917610000000000003
Visa Electron (UK only)4917300800000000

Issuer response test values

Input these magic values in your paymentInstrument.cardHolderName parameter.

Magic valueResult codeResult description
AUTHORISEDN/AAUTHORISED
ERRORN/AERROR
REFUSEDN/AREFUSED
REFUSED44HOLD CARD
REFUSED55REFUSED
REFUSED88APPROVE AFTER IDENTIFICATION
REFUSED1313INVALID AMOUNT
REFUSED1515INVALID CARD ISSUER
REFUSED1717ANNULATION BY CLIENT
REFUSED2828ACCESS DENIED
REFUSED2929IMPOSSIBLE REFERENCE NUMBER
REFUSED3333CARD EXPIRED
REFUSED3434FRAUD SUSPICION
REFUSED3838SECURITY CODE EXPIRED
REFUSED4141LOST CARD
REFUSED4343STOLEN CARD, PICK UP
REFUSED5151LIMIT EXCEEDED
REFUSED5555INVALID SECURITY CODE
REFUSED5656UNKNOWN CARD
REFUSED5757ILLEGAL TRANSACTION
REFUSED6262RESTRICTED CARD
REFUSED6363SECURITY RULES VIOLATED
REFUSED7575SECURITY CODE INVALID
REFUSED7676CARD BLOCKED
REFUSED8585REJECTED BY CARD ISSUER
SOFT_DECLINED65AUTHENTICATION REQUESTED

Raw response code test values

Input these magic values in your paymentInstrument.cardHolderName parameter to return the rawCode. Note that these responses are specific to card schemes, so your test cardNumber should match the card scheme.

Magic valuecoderawCodedescriptionCard schemeExample test cardNumber
REFUSEDRCN3RAW831N3Cash service not availableVisa4444333322221111
REFUSEDRC62RAW6262Restricted cardVisa, Mastercard, JCB4444333322221111 (Visa)
5555555555554444 (Mastercard)
343434343434343 (Amex)
REFUSEDRCG7RAW584G7The amount exceeds the limit for the day. Contact Issuer.Mastercard5555555555554444
REFUSEDRC20625RAW58320625The card is maxed out for the day. Contact Issuer.Mastercard5555555555554444

Refusal advice test values

Input these magic values in your paymentInstrument.cardHolderName parameter to get the refusalAdvice object in a Refused response.

Note

A Mastercard or Maestro test card number is also required to test these outcomes.

Refusal Advice CodeMagic valueResult codeExample ScenariosRetry Advised?
01REFUSEDRC79MAC0179Card expired: updated account information availableYes: with updated account information or authentication
01REFUSEDRC82MAC0182Card expired: updated account information availableYes: with updated account information or authentication
01REFUSEDRC83MAC0183Card expired: updated account information availableYes: with updated account information or authentication
02REFUSEDRC79MAC0279Insufficient funds at presentYes: try later (after 72 hours)
02REFUSEDRC82MAC0282Insufficient funds at presentYes: try later (after 72 hours)
02REFUSEDRC83MAC0283Insufficient funds at presentYes: try later (after 72 hours)
03REFUSEDRC79MAC0379Invalid Account NumberNo: do not retry (scheme fees may apply)
03REFUSEDRC82MAC0382Invalid TransactionNo: do not retry (scheme fees may apply)
03REFUSEDRC83MAC0383Lost/Stolen CardNo: do not retry (scheme fees may apply)
04REFUSEDRC79MAC0479Problem with network token authentication valueYes: review network token authentication value
04REFUSEDRC82MAC0482Problem with network token authentication valueYes: review network token authentication value
04REFUSEDRC83MAC0483Problem with network token authentication valueYes: review network token authentication value
21REFUSEDRC79MAC2179Cardholder requested that recurring or installment payment be stoppedNo: do not retry (scheme fees may apply)
21REFUSEDRC82MAC2182Cardholder requested that recurring or installment payment be stoppedNo: do not retry (scheme fees may apply)
21REFUSEDRC83MAC2183Cardholder requested that recurring or installment payment be stoppedNo: do not retry (scheme fees may apply)
22REFUSEDRC79MAC2279Merchant not enrolled in Mastercard instalment programNo: do not retry
22REFUSEDRC82MAC2282Merchant not enrolled in Mastercard instalment programNo: do not retry
22REFUSEDRC83MAC2283Merchant not enrolled in Mastercard instalment programNo: do not retry
24REFUSEDRC51MAC2451Insufficient funds at presentYes: Try later (after 1 hour)
25REFUSEDRC51MAC2551Insufficient funds at presentYes: Try later (after 24 hours)
26REFUSEDRC51MAC2651Insufficient funds at presentYes: Try later (after 2 days)
27REFUSEDRC51MAC2751Insufficient funds at presentYes: Try later (after 4 days)
28REFUSEDRC51MAC2851Insufficient funds at presentYes: Try later (after 6 days)
29REFUSEDRC51MAC2951Insufficient funds at presentYes: Try later (after 8 days)
30REFUSEDRC51MAC3051Insufficient funds at presentYes: Try later (after 10 days)

The results are returned in this format:

{
    "outcome": "refused",
    "refusalCode": "83",
    "refusalDescription": "Fraud/Security related reasons",
    "riskFactors": [
        {
            "type": "riskProfile",
            "risk": "verificationFailed"
        },
        {
            "type": "cvc",
            "risk": "notMatched"
        },
        {
            "type": "avs",
            "risk": "notMatched",
            "detail": "address"
        },
        {
            "type": "avs",
            "risk": "notChecked",
            "detail": "postcode"
        }
    ]
}

CVC test values

Use these values to test CVC responses.

Testing CVC

Use these magic values in the cvc parameter in your request. Your response in contained in the riskFactors object.

Note

A response is returned only if the check produces a conflict.

Magic valueCVC result codeCVC result description
[Left blank]riskFactors.risk : not_supplied
riskFactors.type : cvc
NOT SUPPLIED BY SHOPPER
111riskFactors.risk : not_checked
riskFactors.type : cvc
NOT SENT TO ACQUIRER
222riskFactors.risk : not_checked
riskFactors.type : cvc
NO RESPONSE FROM ACQUIRER
333riskFactors.risk : not_checked
riskFactors.type : cvc
NOT CHECKED BY ACQUIRER
444riskFactors.risk : not_matched
riskFactors.type : cvc
FAILED
555No riskFactors returnedAPPROVED

Testing CVC (American Express)

Use these magic values in the cvc parameter in your request. Your response in contained in the riskFactors object.

Note

A response is returned only if the check produces a conflict.

Magic valueCVC result codeCVC result description
[Left blank]riskFactors.risk : not_supplied
riskFactors.type : cvc
NOT SUPPLIED BY SHOPPER
1111riskFactors.risk : not_checked
riskFactors.type : cvc
NOT SENT TO ACQUIRER
2222riskFactors.risk : not_checked
riskFactors.type : cvc
NO RESPONSE FROM ACQUIRER
3333riskFactors.risk : not_checked
riskFactors.type : cvc
NOT CHECKED BY ACQUIRER
4444riskFactors.risk : not_matched
riskFactors.type : cvc
FAILED
5555riskFactors.risk : not_checked
riskFactors.type : cvc
UNKNOWN
6666No riskFactors returnedAPPROVED

AVS test values

Use these values to test AVS responses.

Testing AVS

Use these magic values in the postalCode attribute in your request. You'll get responses for postcode checks and for address checks in the riskFactors object.

Note

A response is returned only if the check produces a conflict.

AVS responses

Magic valueriskFactors ResponseMeaning
AAAANo riskFactors returnedPostcode and address matched
BBBBriskFactors.risk : not_checked
riskFactors.detail : address
riskFactors.type : avs
Postcode matched; address not checked
CCCCriskFactors.risk : not_matched
riskFactors.detail : address
riskFactors.type : avs
Postcode matched; address not matched
DDDDriskFactors.risk : not_checked
riskFactors.detail : postcode
riskFactors.type : avs
Address matched; postcode not checked
EEEEriskFactors.risk : not_checked
riskFactors.detail : postcode
riskFactors.type : avs

riskFactors.risk : not_checked
riskFactors.detail : address
riskFactors.type : avs
Postcode and address not checked
FFFFriskFactors.risk : not_matched
riskFactors.detail : postcode
riskFactors.type : avs
Address matched; postcode not matched
GGGGriskFactors.risk : not_checked
riskFactors.detail : postcode
riskFactors.type : avs

riskFactors.risk : not_matched
riskFactors.detail : address
riskFactors.type : avs
Postcode not checked; address not matched
HHHHriskFactors.risk : not_supplied
riskFactors.detail : postcode
riskFactors.type : avs

riskFactors.risk : not_supplied
riskFactors.detail : address
riskFactors.type : avs
Postcode and address not supplied by customer/merchant
IIIIriskFactors.risk : not_checked
riskFactors.detail : address
riskFactors.type : avs

riskFactors.risk : not_matched
riskFactors.detail : postcode
riskFactors.type : avs
Address not checked; postcode not matched
JJJJriskFactors.risk : not_matched
riskFactors.detail : postcode
riskFactors.type : avs

riskFactors.risk : not_matched
riskFactors.detail : address
riskFactors.type : avs
Postcode and address not matched
[Left blank]riskFactors.risk : not_supplied
riskFactors.detail : postcode
riskFactors.type : avs

riskFactors.risk : not_supplied
riskFactors.detail : address
riskFactors.type : avs
Postcode and address not supplied by customer/merchant
KKKKriskFactors.risk : not_checked
riskFactors.detail : postcode
riskFactors.type : avs

riskFactors.risk : not_checked
riskFactors.detail : address
riskFactors.type : avs
Postcode and address not checked
LLLLriskFactors.risk : not_checked
riskFactors.detail : postcode
riskFactors.type : avs

riskFactors.risk : not_checked
riskFactors.detail : address
riskFactors.type : avs
Postcode and address not checked
MMMMriskFactors.risk : not_checked
riskFactors.detail : postcode
riskFactors.type : avs

riskFactors.risk : not_checked
riskFactors.detail : address
riskFactors.type : avs
Postcode and address not checked

Exemption test values

Submit the values from the magic value column in the cardHolderName to test the different issuer responses when applying an exemption.

Warning

The test values for requesting an exemption using Access FraudSight/Exemptions and the test values for the issuers response to applying the exemption in the payment are different.

The three possible exemption result outcomes are covered by the test values below but not all the reason values.

Magic ValueResponseDescription
EE.HON_ISSUER_HONOURED.AUTHRDAuthorized
  • result: honored
  • reason: issuerHonored
The issuer honoured the exemption and authorised the payment.
EE.REJ_ISSUER_REJECTED.SDRefused (soft Decline)
  • result: rejected
  • reason: issuerRejected
The issuer refused (soft declined) the payment.
EE.REJ_NOT_SUBSCRIBED.AUTHRDAuthorized
  • result: rejected
  • reason: notSubscribed
Exemptions not enabled (contact support), authorized by issuer anyway.
EE.REJ_NOT_SUBSCRIBED.SDRefused (soft Decline)
  • result: rejected
  • reason: notSubscribed
Exemptions not enabled (contact support), soft decline by issuer (refused).
EE.REJ_UNSUPPTD_SCHEME.AUTHRDAuthorized
  • result: rejected
  • reason: unsupportedScheme
The gateway rejected the exemption, because of unsupported scheme, but the issuer authorized the payment.
EE.REJ_UNSUPPTD_SCHEME.SDRefused (soft Decline)
  • result: rejected
  • reason: unsupportedScheme
The gateway rejected the exemption, because of unsupported scheme and the issuer refused (soft declined) the payment.
EE.OOS_OLO.SDRefused (soft Decline)
  • result: outOfScope
  • reason: oneLegOut
The gateway excludes the exemption, because it was identified as One-Leg-Out and the issuer refused (soft declined) the payment.

Online refund test values

Submit the values from the magic value column in the value.amount field in a partial refund request to test different scenarios related to online refunds. The response to your partial refund request is a standard http status 202 response, but the refund outcome will come via an Events webhook.

Magic ValueResponseDescription
220Refund failed
  • eventDetails.type: refundFailed
  • eventDetails.refund.refusal.code: 5
  • eventDetails.refund.refusal.description: Do not honor
Online refund failed.
330Offline refund
  • eventDetails.type: sentForRefund
Offline refund sent.
No refund object within eventDetails
Any other amountAuthorized
  • eventDetails.type: sentForRefund
  • eventDetails.refund.onlineRefundAuthorization: 987654
Online refund approved. Note the authorization code within the refund object.