Code 93: Violation of Law

Decline Code 93: What 'Violation of Law' Means for Merchants

Decline code 93 means the transaction has been flagged as potentially violating applicable laws or regulations. The bank cannot process it due to legal compliance obligations. It is a hard decline, and unlike most other decline codes, the appropriate response goes beyond simply asking for a different payment method.

What Does Decline Code 93 Mean?

Banks operate under a range of legal and regulatory requirements that govern which transactions they can process. When a transaction triggers one of those compliance systems, the bank doesn't have discretion to approve it anyway. Code 93 is the result: a decline that comes not from the cardholder's account status or available funds, but from a legal determination that this transaction cannot go through.

The three most common sources are OFAC sanctions screening, anti-money laundering flags, and state or federal laws restricting specific transaction types. In each case the bank's compliance systems have identified something about the transaction that puts it outside the bounds of what the bank is permitted to process.

Common Triggers for Decline Code 93

• OFAC sanctions match on the cardholder name or account. The Office of Foreign Assets Control maintains lists of sanctioned individuals, entities, and countries. A match against those lists, even a partial or potential match, will stop a transaction cold.
• Transaction involving a sanctioned country or region. A card issued in or a transaction routing through a sanctioned jurisdiction can trigger a 93 regardless of who the cardholder is.
• AML flag on transaction amount or pattern. Anti-money laundering systems watch for transaction patterns associated with structuring or laundering. An unusual amount, a sudden change in behavior, or a pattern that fits a known typology can trigger a compliance hold.
• State or federal law restricting the merchant's industry. Certain merchant categories operate in legally complex environments. Cannabis, certain gambling operations, and some firearms-related merchants can trigger 93 declines depending on the issuing bank's compliance posture and the applicable law in the relevant jurisdiction.
• Card network compliance restriction on merchant category. Card networks maintain their own compliance rules on top of legal requirements. A merchant category that falls outside those rules can produce a 93 even when no specific law is being violated.

Compliance Risk for Merchants Receiving Code 93

Code 93 is not a standard decline to route around. If a bank has flagged a transaction as a legal violation, attempting to process the same transaction through an alternate method or a different processor without first understanding why the 93 was returned is not a workaround. It's a potential compliance violation in its own right.

Merchants who process transactions that a bank has identified as legally problematic can face regulatory penalties, account termination by their processor, and in serious cases, legal liability. The bank's compliance system flagged something. Finding a way to process it anyway doesn't make that flag disappear.

How Merchants Should Handle Decline Code 93

1. Do not retry under any circumstances. A code 93 is not a timing issue or a temporary block. Retrying the same transaction will produce the same result and compounds the compliance risk.
2. Do not fulfill the order. If goods or services haven't been delivered, keep it that way until you understand what triggered the decline.
3. Contact your payment processor immediately for guidance. Your processor has compliance resources and can help you understand what triggered the 93 and what your obligations are. This is not a call to delay.
4. Document the transaction details thoroughly. Date, time, amount, cardholder information, and the decline code. If this becomes a regulatory matter, documentation matters.
5. If OFAC may be involved, consult your compliance officer or legal counsel. OFAC sanctions carry specific reporting obligations for financial institutions and, in some cases, for merchants. This is not an area to navigate without professional guidance.

Frequently Asked Questions About Decline Code 93

Does decline code 93 mean I've done something wrong as a merchant? Not necessarily. A code 93 can result from something entirely outside your control, like a cardholder whose name partially matches an OFAC watchlist, or a transaction pattern that triggered an AML flag with no actual wrongdoing involved. That said, merchants in industries with complex legal status, cannabis, certain gambling categories, some firearms-related businesses, are more likely to see code 93 declines and may need to review their payment processing setup if they appear regularly. A single 93 is worth investigating. A pattern of them warrants immediate action.

Can a legitimate customer trigger code 93? Yes. A cardholder whose name is similar to a name on a sanctions list can trigger an OFAC screening flag without having any connection to the sanctioned party. A transaction that fits an AML pattern in terms of amount or frequency can fire a compliance flag even when the underlying transaction is completely legitimate. The compliance system doesn't know intent. It knows patterns and lists. Legitimate customers can and do get caught in those systems.

What should I do if I receive multiple code 93 declines? Treat it as a serious signal and escalate immediately. Multiple code 93 declines may indicate that your merchant category, your customer base, or something about how your transactions are structured is consistently triggering compliance flags. Contact your payment processor, review your merchant category classification, and if your business operates in a legally complex industry, engage legal counsel to understand your exposure. Repeated code 93 declines that go unaddressed are the kind of pattern that leads to account termination.

How is code 93 different from code 59 (suspected fraud)? Code 59 is the bank's fraud detection system flagging a transaction as potentially fraudulent based on behavioral or pattern-based signals. It's a risk management decision made by the bank to protect the cardholder. Code 93 is a legal compliance determination: the transaction touches something the bank is legally restricted from processing. A code 59 might clear after the cardholder calls their bank and verifies the transaction. A code 93 doesn't clear the same way because the underlying issue is legal, not behavioral. The merchant response is also different: a 59 warrants asking for an alternate payment method, while a 93 warrants stopping, documenting, and consulting your processor before doing anything else.

Related Decline Codes

Code 93 sits in its own category as a legal and compliance decline. These related codes cover adjacent scenarios worth understanding:

• Code 59 — Suspected Fraud. A fraud flag rather than a legal violation. Different cause, different response, often confused with 93.
• Code 05 — Do Not Honor. The catch-all decline. Sometimes used when a more specific code like 93 would be more appropriate, depending on the bank.
• Code 62 — Restricted Card. Card-level restrictions on a specific transaction type, a narrower issue than a legal compliance flag.
• Code 57 — Transaction Not Permitted to Cardholder. A permissions issue at the account level rather than a legal compliance determination.
• Code 41 — Lost Card. Hard decline. Card reported lost. No legal implication.
• Code 43 — Stolen Card. Hard decline. Card reported stolen. No legal implication.
• Code R0 — Stop Recurring Payment. A customer-initiated revocation with compliance implications if ignored.
• Code 46 — Closed Account. Account closed at the bank level, unrelated to legal flags.