What does decline code 63 mean?
Decline code 63 indicates that the transaction has been flagged as a security violation by the issuing bank. The bank's fraud detection systems have identified something about the transaction that does not pass security verification checks.
This code is more severe than a generic fraud flag. It specifically points to a security data mismatch — such as an incorrect CVV/CVC code, a failed address verification (AVS), or a 3D Secure authentication failure. The bank is not just suspicious; it has identified a concrete security discrepancy.
What triggers a security violation
An incorrect CVV/CVC code is the most common trigger. The three or four digit security code on the card must match exactly. Even if the card number and expiration date are correct, a wrong CVV will produce a security violation.
Address Verification System (AVS) mismatches can also trigger code 63. If the billing address provided does not match what the bank has on file, particularly the ZIP code, some banks will decline the transaction rather than just flagging it.
Failed 3D Secure authentication (Verified by Visa, Mastercard SecureCode) is another cause. If the cardholder fails the additional authentication step — entering the wrong one-time password, for example — the transaction is declined with a security violation.
Repeated failed transaction attempts in a short period can escalate to code 63. If someone attempts to use a card multiple times with slightly different details (testing different CVVs or expiration dates), the bank will flag this as a potential card-testing attack.
How to resolve decline code 63
The cardholder should verify their security code (CVV/CVC) and billing address are entered correctly. Even small discrepancies in the address — an apartment number, a different ZIP code format — can cause AVS failures.
If the details are correct, the cardholder should contact their bank. The bank may have placed a temporary security hold that requires identity verification to lift. This usually involves answering security questions or confirming a verification code sent via SMS or email.
For merchants, implementing 3D Secure 2.0 can actually reduce code 63 declines by shifting authentication to the cardholder before the transaction reaches the issuing bank, providing a smoother experience for legitimate transactions while catching fraud earlier.
Reducing security violation declines
Merchants should ensure their checkout forms clearly label the CVV field and provide visual guidance showing where to find it on the card. Address fields should be validated in real time to catch formatting issues before submission.
If your business sees a high rate of code 63 declines, work with your payment processor to review your fraud filter settings. Overly aggressive filters can flag legitimate transactions, while too-lenient settings allow fraud attempts that trigger bank-side security violations.
