Test Data
Sandbox-only test cards for simulating payments in PCE.
Test cards you can use in the PCE Sandbox to safely simulate approvals, declines, and common payment scenarios.
Important: Use these numbers only in sandbox/test environments. Do not use real payment cards for testing. Follow your organization’s PCI and security guidelines.
Definitions
- AVS (Address Verification Service): Validates the billing address (street/ZIP) against issuer records.
- CVV / CVC: Verifies the accuracy of the card security code.
- Issuer Response Codes: Numeric codes that indicate the result of a transaction.
- Authorization Message: A human-readable message associated with the response code (e.g., “Do Not Honor”).
- EMS/Fraud Score: Mastercard’s risk score and reason code derived from fraud screening.
General test cards
Test cards are fake card numbers used in development and testing to safely simulate payment transactions.
Why they matter
- No real money involved — safe for testing.
- Simulate approvals/declines, fraud, insufficient funds, expired cards, etc.
- Validate behavior for AVS, CVV, 3-D Secure (3DS), and partial approvals.
- Ensure proper error handling and user-friendly messages.
- Avoid fraud, chargebacks, or compliance issues that arise from using real cards.
- They’re essential for developers, testers, and QA teams working on payment integrations.
Use these in the PCE Sandbox. Expiry date and CVV rules may vary by gateway; follow the gateway’s test guide when a specific CVV/AVS is required.
| Card number | Brand | Type |
|---|---|---|
4242 4242 4242 4242 | Visa | Credit |
4012 8888 8888 1881 | Visa | Credit |
4000 0566 5566 5556 | Visa | Debit |
4123 4000 7332 0224 | Visa | Debit |
3782 822463 10005 | American Express | Credit |
3714 496353 98431 | American Express | Credit |
5200 8282 8282 8210 | Mastercard | Credit |
2222 4000 6000 0007 | Mastercard | Credit (2-series BIN) |
5555 5555 5555 4444 | Mastercard | Debit |
5305 4847 4880 0098 | Mastercard | Debit |
5572 4084 2218 9334 | Mastercard | Prepaid |
6011 1111 1111 1117 | Discover | Credit |
6011 0009 9013 9424 | Discover | Credit |
3530 1113 3330 0000 | JCB | Credit |
3566 0020 2036 0505 | JCB | Credit |
3056 9309 0259 04 | Diners Club | Credit |
3540 5019 9000 9456 | JCB / Diners Club | Credit (co-branded) |
Usage tips
- Scope: These values are for sandbox only; production gateways will reject most test PANs.
- Scenarios: Pair with gateway-specific AVS/CVV values to trigger approvals, soft/hard declines, and error codes.
- Logging: Capture request/response payloads to verify error handling and user messages.
- Data hygiene: Do not store PANs in logs or screenshots outside approved secure tools.
Issuer response codes
When you submit a payment authorization, the issuing bank (or card network) returns a response code that indicates approval or the reason for decline. These codes drive your next steps (retry, prompt the cardholder to call their bank, collect another payment method, or handle a partial approval).
Reference: PCE provides an “authorization code messages” list that maps raw codes to human-readable messages.
Where you’ll see it in responses
responseCode— primary numeric code from the processorissuerResponseCode— issuer-specific variant (if provided)authMessage/authMessageText— human-readable explanationapprovedAmount— present when a partial approval occurs
Common response codes & meanings (across brands)
Actual mappings can vary by bank/processor. Use this table to design user messaging and fallback logic, and verify against your sandbox docs.
| Code | Meaning / description | Common use / notes |
|---|---|---|
00 / 000 | Approved | Transaction fully authorized. |
01 | Refer to card issuer | Issuer declines without detail — customer should call bank. |
02 | Refer to issuer’s special conditions | More restrictive version of “refer to issuer.” |
03 | Invalid merchant | Merchant account is invalid or misconfigured. |
04 | Pick up card / capture card | Card should be retained (e.g., lost or stolen). |
05 | Do not honor | Generic decline with no further detail. |
06 | Error | System or processing error. |
07 | Pick up card, special condition | Similar to 04, but with additional context. |
08 | Honor with ID | Approve but require additional identity verification. |
10 | Partial approval | Only part of the requested amount is approved. |
12 | Invalid transaction | Something is wrong with the request. |
13 | Invalid amount | Amount is out of bounds (too large, negative, etc.). |
14 | Invalid card number | Card number not recognized. |
15 | No such issuer | The card’s issuer cannot be found. |
19 | Re-enter transaction | Temporary issue — try again. |
30 | Format error | Malformed request. |
33 | Expired card | Card’s expiration date is invalid/expired. |
34 | Suspected fraud | Issuer flagging possible fraud. |
35 | Call acquirer / merchant contact | Bank requests that the merchant call for more info. |
36 | Restricted card | Restrictions on card type or usage. |
37 | Call acquirer security dept. | More serious “call us” code. |
40 | Requested function not supported | Attempted action isn’t allowed by issuer. |
41 | Lost card | Card reported lost. |
43 | Stolen card | Card reported stolen. |
49 | Not enabled / declined online | Card not enabled for this channel/use. |
51 | Insufficient funds / over credit limit | Lack of available balance/limit. |
54 | Expired card | Duplicate of 33 in some systems. |
57 | Transaction not permitted | Card or merchant category not allowed. |
58 | Transaction not allowed for this terminal | Merchant/terminal not authorized. |
59 | Suspected fraud | Another fraud-related decline. |
61 | Withdrawal amount limit exceeded | Over per-transaction or daily limit. |
62 | Restricted card | Issuer restriction in place. |
63 | Security violation | Issuer flagged a security issue. |
65 | Exceeds withdrawal count / activity limit | Too many transactions or amount. |
68 | Response received too late | Authorization timed out. |
70 | Contact issuer | General “call card issuer.” |
91 | Issuer or system unavailable | Connectivity issue or issuer busy. |
92 | Unable to route | Network routing issue. |
93 | Transaction cannot be completed | Issuer refuses the transaction. |
96 | System malfunction / error | Internal error or fallback failure. |
Test cases for issuer response codes
- Mapping between
responseCode/issuerResponseCode/authMessageand business outcomes (Approved / Decline / Partial approval). - UI behavior on device receipts, web receipts, and in PCE.
- Automatic logic paths — retry, fallback, “call your bank,” or request an alternate method.
- Edge cases — partial approvals, timeouts, network failures, AVS/CVV mismatches.
Updated 19 days ago