If your system is returned a 71000 Soft decline response following processing an Authorisation (AUTH) Request to Trust Payments, this has occurred because card issuer declined the request due to absence of Strong Customer Authentication (SCA).
The Revised Directive on Payment Services (PSD2) mandates that a form of SCA is performed on all transactions initiated by the customer through their browser or mobile device. To comply with this mandate, you will need to utilise EMV 3-D Secure.
There are exceptions to this rule that are permitted by the card issuer and do not need to be declared, examples of which include Mail Order Telephone Order (MOTO) payments and Merchant Initiated Transactions (MIT) against a customer’s stored card (that was originally authenticated with SCA). However, there are additional exemptions that do require flagging to the card issuer, by including the field scaexemptionindicator (click here for the field specification).
Failure to declare exemptions correctly or to meet conditions specified by the card issuer may lead to the 71000 Soft decline error.
Authorisation of a payment by the issuing bank is not by itself evidential of meeting the requirements for an exemption to be granted. It is your responsibility to ensure your solution only applies exemptions when the criteria for doing so have been met. We recommend contacting your acquiring bank for assistance if you need guidance.
Actions to take in the event of Soft decline
If you are returned a 71000 Soft decline in the authorisation response, you must re-submit the authorisation request but this time ensuring it is authenticated using EMV 3-D Secure and without SCA exemption applied. Please refer to the relevant section below for information on how to handle this.
Please contact our Support Team and ensure your account has been configured to automatically retry payments with 3-D Secure authentication when a soft decline response is returned.
The instructions below assume your system is using JavaScript Library version 3.
Versions prior to v3 will be retired 1st December 2021.
Merchant developers are expected to update the request JWT payload in the transaction re-submission following a soft decline:
- Include THREEDQUERY in the requesttypedescriptions field e.g. ["THREEDQUERY","AUTH"].
Click here for a full list of supported request type combinations for JavaScript Library. - Include parenttransactionreference to the original authorisation that was soft declined (reference the AUTH, not the THREEDQUERY).
- Include scaexemptionindicator = 14. This is mandated to force the re-submission to trigger step-up (challenge) authentication.
Merchant developers are expected to update the request JWT payload in the transaction re-submission following a soft decline:
- Include THREEDQUERY in the requesttypedescriptions field e.g. ["THREEDQUERY","AUTH"].
Click here for a full list of supported request type combinations for Android SDK. - Include scaexemptionindicator = 14. This is mandated to force the re-submission to trigger step-up (challenge) authentication.
Merchant developers are expected to update the request JWT payload in the transaction re-submission following a soft decline:
- Include THREEDQUERY in the requesttypedescriptions field e.g. ["THREEDQUERY","AUTH"].
Click here for a full list of supported request type combinations for iOS SDK. - Include parenttransactionreference to the original authorisation that was soft declined (reference the AUTH, not the THREEDQUERY).
- Include scaexemptionindicator = 14. This is mandated to force the re-submission to trigger step-up (challenge) authentication.
For merchants who have the following integrations with the TRU Connect gateway:
- Webservices API to process authorisation, using merchants' own 3DS MPI provider for customer authentication.
- Webservices API to process authorisation, following 3DS authentication using JavaScript Library.
- Webservices API to process authorisation, following 3DS authentication using TRU Mobile (Android/iOS SDK).
The merchant developer will be expected to:
- Re-process the 3-D Secure authentication (either using your own 3DS MPI provider or by using our JavaScript Library / Mobile SDK solutions) and then process a new authorisation request using the Webservices API.
- Include parenttransactionreference to the original authorisation that was soft declined (reference the AUTH, not the THREEDQUERY).
- Include scaexemptionindicator = 14. This is mandated to force the re-submission to trigger step-up (challenge) authentication.
