New API Version | Last Updated: 30 September 2024 | Change Log |
Card payment testing
Test your integration with our Payments API using the magic values provided below. Send requests and see simulated responses.
You can test specific scenarios by using the magic values in conjunction with each other. For example, a magic value used to simulate 'CVC not matched' response will not alone produce an 'Issuer refused' response. To simulate issuer responses, you need to use specific issuer response magic values.
On this page:
Test card numbers
For use in our try environment only.
With these cards, you can specify an expiry date up to seven years in the future. These cards do not have an issue number, a registered address or a card verification code (CVC).
Card type | Test card number |
---|---|
American Express | 343434343434343 |
Cartes Bancaires | 4562686000117661 |
Discover / Diners | 6011000400000000 |
EFTPOS / Visa co-branded | 4434020000000006 |
EFTPOS / Mastercard co-branded | 5163150000000005 |
JCB | 3528000700000000 |
Maestro | 6759649826438453 |
MasterCard | 5555555555554444, 5454545454545454 and 2221000000000009 |
MasterCard Debit | 5163613613613613 |
Visa | 4444333322221111, 4911830000000 and 4917610000000000 |
Visa Debit | 4462030000000000 and 4917610000000000003 |
Visa Electron (UK only) | 4917300800000000 |
Issuer response test values
Input these magic values in your paymentInstrument.cardHolderName
parameter.
Magic value | Result code | Result description |
---|---|---|
AUTHORISED | N/A | AUTHORISED |
ERROR | N/A | ERROR |
REFUSED | N/A | REFUSED |
REFUSED4 | 4 | HOLD CARD |
REFUSED5 | 5 | REFUSED |
REFUSED8 | 8 | APPROVE AFTER IDENTIFICATION |
REFUSED13 | 13 | INVALID AMOUNT |
REFUSED15 | 15 | INVALID CARD ISSUER |
REFUSED17 | 17 | ANNULATION BY CLIENT |
REFUSED28 | 28 | ACCESS DENIED |
REFUSED29 | 29 | IMPOSSIBLE REFERENCE NUMBER |
REFUSED33 | 33 | CARD EXPIRED |
REFUSED34 | 34 | FRAUD SUSPICION |
REFUSED38 | 38 | SECURITY CODE EXPIRED |
REFUSED41 | 41 | LOST CARD |
REFUSED43 | 43 | STOLEN CARD, PICK UP |
REFUSED51 | 51 | LIMIT EXCEEDED |
REFUSED55 | 55 | INVALID SECURITY CODE |
REFUSED56 | 56 | UNKNOWN CARD |
REFUSED57 | 57 | ILLEGAL TRANSACTION |
REFUSED62 | 62 | RESTRICTED CARD |
REFUSED63 | 63 | SECURITY RULES VIOLATED |
REFUSED75 | 75 | SECURITY CODE INVALID |
REFUSED76 | 76 | CARD BLOCKED |
REFUSED85 | 85 | REJECTED BY CARD ISSUER |
SOFT_DECLINED | 65 | AUTHENTICATION REQUESTED |
Raw response code test values
Input these magic values in your paymentInstrument.cardHolderName
parameter to return the rawCode
. Note that these responses are specific to card schemes, so your test cardNumber
should match the card scheme.
Magic value | code | rawCode | description | Card scheme | Example test cardNumber |
---|---|---|---|---|---|
REFUSEDRCN3RAW | 831 | N3 | Cash service not available | Visa | 4444333322221111 |
REFUSEDRC62RAW | 62 | 62 | Restricted card | Visa, Mastercard, JCB | 4444333322221111 (Visa) 5555555555554444 (Mastercard) 343434343434343 (Amex) |
REFUSEDRCG7RAW | 584 | G7 | The amount exceeds the limit for the day. Contact Issuer. | Mastercard | 5555555555554444 |
REFUSEDRC20625RAW | 583 | 20625 | The card is maxed out for the day. Contact Issuer. | Mastercard | 5555555555554444 |
Refusal advice test values
Input these magic values in your paymentInstrument.cardHolderName
parameter to get the refusalAdvice
object in a Refused response.
A Mastercard or Maestro test card number is also required to test these outcomes.
Refusal Advice Code | Magic value | Result code | Example Scenarios | Retry Advised? |
---|---|---|---|---|
01 | REFUSEDRC79MAC01 | 79 | Card expired: updated account information available | Yes: with updated account information or authentication |
01 | REFUSEDRC82MAC01 | 82 | Card expired: updated account information available | Yes: with updated account information or authentication |
01 | REFUSEDRC83MAC01 | 83 | Card expired: updated account information available | Yes: with updated account information or authentication |
02 | REFUSEDRC79MAC02 | 79 | Insufficient funds at present | Yes: try later (after 72 hours) |
02 | REFUSEDRC82MAC02 | 82 | Insufficient funds at present | Yes: try later (after 72 hours) |
02 | REFUSEDRC83MAC02 | 83 | Insufficient funds at present | Yes: try later (after 72 hours) |
03 | REFUSEDRC79MAC03 | 79 | Invalid Account Number | No: do not retry (scheme fees may apply) |
03 | REFUSEDRC82MAC03 | 82 | Invalid Transaction | No: do not retry (scheme fees may apply) |
03 | REFUSEDRC83MAC03 | 83 | Lost/Stolen Card | No: do not retry (scheme fees may apply) |
04 | REFUSEDRC79MAC04 | 79 | Problem with network token authentication value | Yes: review network token authentication value |
04 | REFUSEDRC82MAC04 | 82 | Problem with network token authentication value | Yes: review network token authentication value |
04 | REFUSEDRC83MAC04 | 83 | Problem with network token authentication value | Yes: review network token authentication value |
21 | REFUSEDRC79MAC21 | 79 | Cardholder requested that recurring or installment payment be stopped | No: do not retry (scheme fees may apply) |
21 | REFUSEDRC82MAC21 | 82 | Cardholder requested that recurring or installment payment be stopped | No: do not retry (scheme fees may apply) |
21 | REFUSEDRC83MAC21 | 83 | Cardholder requested that recurring or installment payment be stopped | No: do not retry (scheme fees may apply) |
22 | REFUSEDRC79MAC22 | 79 | Merchant not enrolled in Mastercard instalment program | No: do not retry |
22 | REFUSEDRC82MAC22 | 82 | Merchant not enrolled in Mastercard instalment program | No: do not retry |
22 | REFUSEDRC83MAC22 | 83 | Merchant not enrolled in Mastercard instalment program | No: do not retry |
24 | REFUSEDRC51MAC24 | 51 | Insufficient funds at present | Yes: Try later (after 1 hour) |
25 | REFUSEDRC51MAC25 | 51 | Insufficient funds at present | Yes: Try later (after 24 hours) |
26 | REFUSEDRC51MAC26 | 51 | Insufficient funds at present | Yes: Try later (after 2 days) |
27 | REFUSEDRC51MAC27 | 51 | Insufficient funds at present | Yes: Try later (after 4 days) |
28 | REFUSEDRC51MAC28 | 51 | Insufficient funds at present | Yes: Try later (after 6 days) |
29 | REFUSEDRC51MAC29 | 51 | Insufficient funds at present | Yes: Try later (after 8 days) |
30 | REFUSEDRC51MAC30 | 51 | Insufficient funds at present | Yes: Try later (after 10 days) |
The results are returned in this format:
{ "outcome": "refused", "refusalCode": "83", "refusalDescription": "Fraud/Security related reasons", "riskFactors": [ { "type": "riskProfile", "risk": "verificationFailed" }, { "type": "cvc", "risk": "notMatched" }, { "type": "avs", "risk": "notMatched", "detail": "address" }, { "type": "avs", "risk": "notChecked", "detail": "postcode" } ] }
CVC test values
Use these values to test CVC responses.
Testing CVC
Use these magic values in the cvc
parameter in your request. Your response in contained in the riskFactors
object.
A response is returned only if the check produces a conflict.
Magic value | CVC result code | CVC result description |
---|---|---|
[Left blank] | riskFactors.risk : not_supplied riskFactors.type : cvc | NOT SUPPLIED BY SHOPPER |
111 | riskFactors.risk : not_checked riskFactors.type : cvc | NOT SENT TO ACQUIRER |
222 | riskFactors.risk : not_checked riskFactors.type : cvc | NO RESPONSE FROM ACQUIRER |
333 | riskFactors.risk : not_checked riskFactors.type : cvc | NOT CHECKED BY ACQUIRER |
444 | riskFactors.risk : not_matched riskFactors.type : cvc | FAILED |
555 | No riskFactors returned | APPROVED |
Testing CVC (American Express)
Use these magic values in the cvc
parameter in your request. Your response in contained in the riskFactors
object.
A response is returned only if the check produces a conflict.
Magic value | CVC result code | CVC result description |
---|---|---|
[Left blank] | riskFactors.risk : not_supplied riskFactors.type : cvc | NOT SUPPLIED BY SHOPPER |
1111 | riskFactors.risk : not_checked riskFactors.type : cvc | NOT SENT TO ACQUIRER |
2222 | riskFactors.risk : not_checked riskFactors.type : cvc | NO RESPONSE FROM ACQUIRER |
3333 | riskFactors.risk : not_checked riskFactors.type : cvc | NOT CHECKED BY ACQUIRER |
4444 | riskFactors.risk : not_matched riskFactors.type : cvc | FAILED |
5555 | riskFactors.risk : not_checked riskFactors.type : cvc | UNKNOWN |
6666 | No riskFactors returned | APPROVED |
AVS test values
Use these values to test AVS responses.
Testing AVS
Use these magic values in the postalCode
attribute in your request. You'll get responses for postcode checks and for address checks in the riskFactors
object.
A response is returned only if the check produces a conflict.
AVS responses
Magic value | riskFactors Response | Meaning |
---|---|---|
AAAA | No riskFactors returned | Postcode and address matched |
BBBB | riskFactors.risk : not_checked riskFactors.detail : address riskFactors.type : avs | Postcode matched; address not checked |
CCCC | riskFactors.risk : not_matched riskFactors.detail : address riskFactors.type : avs | Postcode matched; address not matched |
DDDD | riskFactors.risk : not_checked riskFactors.detail : postcode riskFactors.type : avs | Address matched; postcode not checked |
EEEE | riskFactors.risk : not_checked riskFactors.detail : postcode riskFactors.type : avs riskFactors.risk : not_checked riskFactors.detail : address riskFactors.type : avs | Postcode and address not checked |
FFFF | riskFactors.risk : not_matched riskFactors.detail : postcode riskFactors.type : avs | Address matched; postcode not matched |
GGGG | riskFactors.risk : not_checked riskFactors.detail : postcode riskFactors.type : avs riskFactors.risk : not_matched riskFactors.detail : address riskFactors.type : avs | Postcode not checked; address not matched |
HHHH | riskFactors.risk : not_supplied riskFactors.detail : postcode riskFactors.type : avs riskFactors.risk : not_supplied riskFactors.detail : address riskFactors.type : avs | Postcode and address not supplied by customer/merchant |
IIII | riskFactors.risk : not_checked riskFactors.detail : address riskFactors.type : avs riskFactors.risk : not_matched riskFactors.detail : postcode riskFactors.type : avs | Address not checked; postcode not matched |
JJJJ | riskFactors.risk : not_matched riskFactors.detail : postcode riskFactors.type : avs riskFactors.risk : not_matched riskFactors.detail : address riskFactors.type : avs | Postcode and address not matched |
[Left blank] | riskFactors.risk : not_supplied riskFactors.detail : postcode riskFactors.type : avs riskFactors.risk : not_supplied riskFactors.detail : address riskFactors.type : avs | Postcode and address not supplied by customer/merchant |
KKKK | riskFactors.risk : not_checked riskFactors.detail : postcode riskFactors.type : avs riskFactors.risk : not_checked riskFactors.detail : address riskFactors.type : avs | Postcode and address not checked |
LLLL | riskFactors.risk : not_checked riskFactors.detail : postcode riskFactors.type : avs riskFactors.risk : not_checked riskFactors.detail : address riskFactors.type : avs | Postcode and address not checked |
MMMM | riskFactors.risk : not_checked riskFactors.detail : postcode riskFactors.type : avs riskFactors.risk : not_checked riskFactors.detail : address riskFactors.type : avs | Postcode and address not checked |
Exemption test values
Submit the values from the magic value column in the cardHolderName
to test the different issuer responses when applying an exemption.
The test values for requesting an exemption using Access FraudSight/Exemptions and the test values for the issuers response to applying the exemption in the payment are different.
The three possible exemption result
outcomes are covered by the test values below but not all the reason
values.
Magic Value | Response | Description |
---|---|---|
EE.HON_ISSUER_HONOURED.AUTHRD | Authorized
| The issuer honoured the exemption and authorised the payment. |
EE.REJ_ISSUER_REJECTED.SD | Refused (soft Decline)
| The issuer refused (soft declined) the payment. |
EE.REJ_NOT_SUBSCRIBED.AUTHRD | Authorized
| Exemptions not enabled (contact support), authorized by issuer anyway. |
EE.REJ_NOT_SUBSCRIBED.SD | Refused (soft Decline)
| Exemptions not enabled (contact support), soft decline by issuer (refused). |
EE.REJ_UNSUPPTD_SCHEME.AUTHRD | Authorized
| The gateway rejected the exemption, because of unsupported scheme, but the issuer authorized the payment. |
EE.REJ_UNSUPPTD_SCHEME.SD | Refused (soft Decline)
| The gateway rejected the exemption, because of unsupported scheme and the issuer refused (soft declined) the payment. |
EE.OOS_OLO.SD | Refused (soft Decline)
| The gateway excludes the exemption, because it was identified as One-Leg-Out and the issuer refused (soft declined) the payment. |
Online refund test values
Submit the values from the magic value column in the value.amount
field in a partial refund request to test different scenarios related to online refunds. The response to your partial refund request is a standard http status 202 response, but the refund outcome will come via an Events webhook.
Magic Value | Response | Description |
---|---|---|
220 | Refund failed
| Online refund failed. |
330 | Offline refund
| Offline refund sent. No refund object within eventDetails |
Any other amount | Authorized
| Online refund approved. Note the authorization code within the refund object. |