Last Updated: 23 October 2024 | Change Log
Card payment testing
Test your integration with our Payments API using the magic values provided below. Send requests and see simulated responses.
You can test specific scenarios by using the magic values in conjunction with each other. For example, a magic value used to simulate 'CVC not matched' response will not alone produce an 'Issuer refused' response. To simulate issuer responses, you need to use specific issuer response magic values.
On this page:
Test card numbers
For use in our try environment only.
With these cards, you can specify an expiry date up to seven years in the future. These cards do not have an issue number, a registered address or a card verification code (CVC).
| Card type | Test card number |
|---|---|
| American Express | 343434343434343 |
| Cartes Bancaires | 5555555555554444 |
| Discover/ Diners | 6011000400000000 |
| JCB | 3528000700000000 |
| Maestro | 6759649826438453 |
| MasterCard | 5555555555554444, 5454545454545454 and 2221000000000009 |
| MasterCard Debit | 5163613613613613 |
| Visa | 4444333322221111, 4911830000000 and 4917610000000000 |
| Visa Debit | 4462030000000000 and 4917610000000000003 |
| Visa Electron (UK only) | 4917300800000000 |
Issuer response test values
Input these magic values in your paymentInstrument.cardHolderName parameter.
| Magic value | Result code | Result description |
|---|---|---|
| AUTHORISED | N/A | AUTHORISED |
| ERROR | N/A | ERROR |
| REFUSED | N/A | REFUSED |
| REFUSED4 | 4 | HOLD CARD |
| REFUSED5 | 5 | REFUSED |
| REFUSED8 | 8 | APPROVE AFTER IDENTIFICATION |
| REFUSED13 | 13 | INVALID AMOUNT |
| REFUSED15 | 15 | INVALID CARD ISSUER |
| REFUSED17 | 17 | ANNULATION BY CLIENT |
| REFUSED28 | 28 | ACCESS DENIED |
| REFUSED29 | 29 | IMPOSSIBLE REFERENCE NUMBER |
| REFUSED33 | 33 | CARD EXPIRED |
| REFUSED34 | 34 | FRAUD SUSPICION |
| REFUSED38 | 38 | SECURITY CODE EXPIRED |
| REFUSED41 | 41 | LOST CARD |
| REFUSED43 | 43 | STOLEN CARD, PICK UP |
| REFUSED51 | 51 | LIMIT EXCEEDED |
| REFUSED55 | 55 | INVALID SECURITY CODE |
| REFUSED56 | 56 | UNKNOWN CARD |
| REFUSED57 | 57 | ILLEGAL TRANSACTION |
| REFUSED62 | 62 | RESTRICTED CARD |
| REFUSED63 | 63 | SECURITY RULES VIOLATED |
| REFUSED75 | 75 | SECURITY CODE INVALID |
| REFUSED76 | 76 | CARD BLOCKED |
| REFUSED85 | 85 | REJECTED BY CARD ISSUER |
| SOFT_DECLINED | 65 | AUTHENTICATION REQUESTED |
Raw response code test values
Input these magic values in your paymentInstrument.cardHolderName parameter to return the rawCode. Note that these responses are specific to card schemes, so your test cardNumber should match the card scheme.
| Magic value | code | rawCode | description | Card scheme | Example test cardNumber |
|---|---|---|---|---|---|
| REFUSEDRCN3RAW | 831 | N3 | Cash service not available | Visa | 4444333322221111 |
| REFUSEDRC62RAW | 62 | 62 | Restricted card | Visa, Mastercard, JCB | 4444333322221111 (Visa) 5555555555554444 (Mastercard) 343434343434343 (Amex) |
| REFUSEDRCG7RAW | 584 | G7 | The amount exceeds the limit for the day. Contact Issuer. | Mastercard | 5555555555554444 |
| REFUSEDRC20625RAW | 583 | 20625 | The card is maxed out for the day. Contact Issuer. | Mastercard | 5555555555554444 |
Refusal advice test values
Input these magic values in your paymentInstrument.cardHolderName parameter to get the refusalAdvice object in a Refused response.
A Mastercard or Maestro test card number is also required to test these outcomes.
| Refusal Advice Code | Magic value | Result code | Example Scenarios | Retry Advised? |
|---|---|---|---|---|
| 01 | REFUSEDRC79MAC01 | 79 | Card expired: updated account information available | Yes: with updated account information or authentication |
| 01 | REFUSEDRC82MAC01 | 82 | Card expired: updated account information available | Yes: with updated account information or authentication |
| 01 | REFUSEDRC83MAC01 | 83 | Card expired: updated account information available | Yes: with updated account information or authentication |
| 02 | REFUSEDRC79MAC02 | 79 | Insufficient funds at present | Yes: try later (after 72 hours) |
| 02 | REFUSEDRC82MAC02 | 82 | Insufficient funds at present | Yes: try later (after 72 hours) |
| 02 | REFUSEDRC83MAC02 | 83 | Insufficient funds at present | Yes: try later (after 72 hours) |
| 03 | REFUSEDRC79MAC03 | 79 | Invalid Account Number | No: do not retry (scheme fees may apply) |
| 03 | REFUSEDRC82MAC03 | 82 | Invalid Transaction | No: do not retry (scheme fees may apply) |
| 03 | REFUSEDRC83MAC03 | 83 | Lost/Stolen Card | No: do not retry (scheme fees may apply) |
| 04 | REFUSEDRC79MAC04 | 79 | Problem with network token authentication value | Yes: review network token authentication value |
| 04 | REFUSEDRC82MAC04 | 82 | Problem with network token authentication value | Yes: review network token authentication value |
| 04 | REFUSEDRC83MAC04 | 83 | Problem with network token authentication value | Yes: review network token authentication value |
| 21 | REFUSEDRC79MAC21 | 79 | Cardholder requested that recurring or installment payment be stopped | No: do not retry (scheme fees may apply) |
| 21 | REFUSEDRC82MAC21 | 82 | Cardholder requested that recurring or installment payment be stopped | No: do not retry (scheme fees may apply) |
| 21 | REFUSEDRC83MAC21 | 83 | Cardholder requested that recurring or installment payment be stopped | No: do not retry (scheme fees may apply) |
| 22 | REFUSEDRC79MAC22 | 79 | Merchant not enrolled in Mastercard instalment program | No: do not retry |
| 22 | REFUSEDRC82MAC22 | 82 | Merchant not enrolled in Mastercard instalment program | No: do not retry |
| 22 | REFUSEDRC83MAC22 | 83 | Merchant not enrolled in Mastercard instalment program | No: do not retry |
| 24 | REFUSEDRC51MAC24 | 51 | Insufficient funds at present | Yes: Try later (after 1 hour) |
| 25 | REFUSEDRC51MAC25 | 51 | Insufficient funds at present | Yes: Try later (after 24 hours) |
| 26 | REFUSEDRC51MAC26 | 51 | Insufficient funds at present | Yes: Try later (after 2 days) |
| 27 | REFUSEDRC51MAC27 | 51 | Insufficient funds at present | Yes: Try later (after 4 days) |
| 28 | REFUSEDRC51MAC28 | 51 | Insufficient funds at present | Yes: Try later (after 6 days) |
| 29 | REFUSEDRC51MAC29 | 51 | Insufficient funds at present | Yes: Try later (after 8 days) |
| 30 | REFUSEDRC51MAC30 | 51 | Insufficient funds at present | Yes: Try later (after 10 days) |
The results are returned in this format:
{ "outcome": "refused", "description": "CARD EXPIRED", "code": "33", "refusalAdvice": { "code": "01" }, "riskFactors": [{ "risk": "not_supplied", "type": "cvc" }, { "risk": "not_checked", "detail": "address", "type": "avs" }, { "risk": "not_checked", "detail": "postcode", "type": "avs" }, { "risk": "verificationFailed", "type": "riskProfile" } ] }
CVC test values
Use these values to test CVC responses.
Testing CVC
Use these magic values in the cvc parameter in your request. Your response in contained in the riskFactors object.
A response is returned only if the check produces a conflict.
| Magic value | CVC result code | CVC result description |
|---|---|---|
| [Left blank] | riskFactors.risk : not_suppliedriskFactors.type : cvc | NOT SUPPLIED BY SHOPPER |
| 111 | riskFactors.risk : not_checkedriskFactors.type : cvc | NOT SENT TO ACQUIRER |
| 222 | riskFactors.risk : not_checkedriskFactors.type : cvc | NO RESPONSE FROM ACQUIRER |
| 333 | riskFactors.risk : not_checkedriskFactors.type : cvc | NOT CHECKED BY ACQUIRER |
| 444 | riskFactors.risk : not_matchedriskFactors.type : cvc | FAILED |
| 555 | No riskFactors returned | APPROVED |
Testing CVC (American Express)
Use these magic values in the cvc parameter in your request. Your response in contained in the riskFactors object.
A response is returned only if the check produces a conflict.
| Magic value | CVC result code | CVC result description |
|---|---|---|
| [Left blank] | riskFactors.risk : not_suppliedriskFactors.type : cvc | NOT SUPPLIED BY SHOPPER |
| 1111 | riskFactors.risk : not_checkedriskFactors.type : cvc | NOT SENT TO ACQUIRER |
| 2222 | riskFactors.risk : not_checkedriskFactors.type : cvc | NO RESPONSE FROM ACQUIRER |
| 3333 | riskFactors.risk : not_checkedriskFactors.type : cvc | NOT CHECKED BY ACQUIRER |
| 4444 | riskFactors.risk : not_matchedriskFactors.type : cvc | FAILED |
| 5555 | riskFactors.risk : not_checkedriskFactors.type : cvc | UNKNOWN |
| 6666 | No riskFactors returned | APPROVED |
AVS test values
Use these values to test AVS responses.
Testing AVS
Use these magic values in the postalCode attribute in your request. You'll get responses for postcode checks and for address checks in the riskFactors object.
A response is returned only if the check produces a conflict.
AVS responses
| Magic value | riskFactors Response | Meaning |
|---|---|---|
| AAAA | No riskFactors returned | Postcode and address matched |
| BBBB | riskFactors.risk : not_checkedriskFactors.detail : addressriskFactors.type : avs | Postcode matched; address not checked |
| CCCC | riskFactors.risk : not_matchedriskFactors.detail : addressriskFactors.type : avs | Postcode matched; address not matched |
| DDDD | riskFactors.risk : not_checkedriskFactors.detail : postcoderiskFactors.type : avs | Address matched; postcode not checked |
| EEEE | riskFactors.risk : not_checkedriskFactors.detail : postcoderiskFactors.type : avsriskFactors.risk : not_checkedriskFactors.detail : addressriskFactors.type : avs | Postcode and address not checked |
| FFFF | riskFactors.risk : not_matchedriskFactors.detail : postcoderiskFactors.type : avs | Address matched; postcode not matched |
| GGGG | riskFactors.risk : not_checkedriskFactors.detail : postcoderiskFactors.type : avsriskFactors.risk : not_matchedriskFactors.detail : addressriskFactors.type : avs | Postcode not checked; address not matched |
| HHHH | riskFactors.risk : not_suppliedriskFactors.detail : postcoderiskFactors.type : avsriskFactors.risk : not_suppliedriskFactors.detail : addressriskFactors.type : avs | Postcode and address not supplied by customer/merchant |
| IIII | riskFactors.risk : not_checkedriskFactors.detail : addressriskFactors.type : avsriskFactors.risk : not_matchedriskFactors.detail : postcoderiskFactors.type : avs | Address not checked; postcode not matched |
| JJJJ | riskFactors.risk : not_matchedriskFactors.detail : postcoderiskFactors.type : avsriskFactors.risk : not_matchedriskFactors.detail : addressriskFactors.type : avs | Postcode and address not matched |
| [Left blank] | riskFactors.risk : not_suppliedriskFactors.detail : postcoderiskFactors.type : avsriskFactors.risk : not_suppliedriskFactors.detail : addressriskFactors.type : avs | Postcode and address not supplied by customer/merchant |
| KKKK | riskFactors.risk : not_checkedriskFactors.detail : postcoderiskFactors.type : avsriskFactors.risk : not_checkedriskFactors.detail : addressriskFactors.type : avs | Postcode and address not checked |
| LLLL | riskFactors.risk : not_checkedriskFactors.detail : postcoderiskFactors.type : avsriskFactors.risk : not_checkedriskFactors.detail : addressriskFactors.type : avs | Postcode and address not checked |
| MMMM | riskFactors.risk : not_checkedriskFactors.detail : postcoderiskFactors.type : avsriskFactors.risk : not_checkedriskFactors.detail : addressriskFactors.type : avs | Postcode and address not checked |
Exemption test values
Submit the values from the magic value column in the cardHolderName to test the different issuer responses when applying an exemption.
The test values for requesting an exemption using Access FraudSight/Exemptions and the test values for the issuers response to applying the exemption in the payment are different.
The three possible exemption result outcomes are covered by the test values below but not all the reason values.
| Magic Value | Response | Description |
|---|---|---|
| EE.HON_ISSUER_HONOURED.AUTHRD | Authorized
| The issuer honoured the exemption and authorised the payment. |
| EE.REJ_ISSUER_REJECTED.SD | Refused (soft Decline)
| The issuer refused (soft declined) the payment. |
| EE.REJ_NOT_SUBSCRIBED.AUTHRD | Authorized
| Exemptions not enabled (contact support), authorized by issuer anyway. |
| EE.REJ_NOT_SUBSCRIBED.SD | Refused (soft Decline)
| Exemptions not enabled (contact support), soft decline by issuer (refused). |
| EE.REJ_UNSUPPTD_SCHEME.AUTHRD | Authorized
| The gateway rejected the exemption, because of unsupported scheme, but the issuer authorized the payment. |
| EE.REJ_UNSUPPTD_SCHEME.SD | Refused (soft Decline)
| The gateway rejected the exemption, because of unsupported scheme and the issuer refused (soft declined) the payment. |
| EE.OOS_OLO.SD | Refused (soft Decline)
| The gateway excludes the exemption, because it was identified as One-Leg-Out and the issuer refused (soft declined) the payment. |
Online refund test values
Submit the values from the magic value column in the value.amount field in a partial refund request to test different scenarios related to online refunds. The response to your partial refund request is a standard http status 202 response, but the refund outcome will come via an Events webhook.
| Magic Value | Response | Description |
|---|---|---|
| 220 | Refund failed
| Online refund failed. |
| 330 | Offline refund
| Offline refund sent. No refund object within eventDetails |
| Any other amount | Authorized
| Online refund approved. Note the authorization code within the refund object. |