AUTHENTICATION_REQUIRED response means the issuer mandates a strong customer authentication (SCA). This refusal is considered a soft decline. In case you are confronted with soft declines for the first time, you have to make sure your integration is able to handle 3D Secure. If you are still unfamiliar with PSD2 and 3D Secure, please find more information about what you need to do here: 3D Secure for regulation compliance and PSD2 SCA compliance guide.
Currently the soft declines are present for Visa, Mastercard, American Express, Diners and Dankort with the errors and messages below:
- 1A : Authentication Required (Visa)
- 65 : Authentication Required or sometimes "Exceeds withdrawal count limit" (Mastercard)
- 130 : Authentication Required (American Express)
- 103 - Customer Authentication Required (Diners)
- 132 - Authentication required (Dankort)
If this happens, and your integration supports 3D Secure, we automatically retry the transaction on 3DS1 or 3DS2, unless you have specifically included the parameter
executeThreeD set to
false in the payment request.