"Do Not Honour" Explained: Response Code 05
"Do Not Honour" is the most common card decline code your customers will ever see and the most misunderstood. Here's what it actually means, why it happens, and how OnePay merchants can recover the sale.
What does "Do Not Honour" mean?
When a card payment fails, your payment gateway receives a two-digit response code from the customer's issuing bank. Response code 05 "Do Not Honour" is a general-purpose decline that means the bank has refused the transaction without giving a specific reason why.
It is the most common single decline code processed through OnePay's gateway. Across Sri Lanka's payment network, it accounts for a significant share of all failed card transactions affecting Visa, Mastercard, and domestic cards alike.
Why banks send vague codes
Banks deliberately use generic codes like 05 to protect cardholders. If a bank returned a specific reason "transaction flagged as fraudulent" or "card reported stolen" fraudsters could use that information to refine their attacks. Ambiguity is by design.
The critical thing to understand
How a "Do Not Honour" reaches your checkout
Customer enters card details
Checkout form on your website or app captures card number, expiry, CVV.
OnePay sends authorisation request
Encrypted transaction data is routed through the card network (Visa/Mastercard/Amex/UnionPay) to the issuing bank.
Issuing bank evaluates the request
The bank checks balance, fraud scores, velocity rules, card status, and spending patterns — all in under 2 seconds.
Bank returns code 05 — Do Not Honour
The bank refuses without explanation. The refusal is passed back through the network to OnePay.
Customer sees a decline message
OnePay surfaces a customer-friendly message. The underlying code 05 is visible in your OnePay merchant dashboard.
Why does "Do Not Honour" happen?
Because code 05 is generic, it can stem from a wide range of issuing bank decisions. The most common causes in context include:
1. Fraud scoring / risk rules triggered
Banks maintain real-time fraud models. If a transaction looks unusual a large amount, an unfamiliar merchant category, a first-time international purchase, or activity that doesn't match the cardholder's typical behaviour the bank's risk engine may decline automatically. This is the most common cause of code 05 in Sri Lanka, especially for first-time online transactions on cards primarily used at physical POS terminals.
2. Daily spending or transaction limits exceeded
Many Sri Lankan bank accounts have daily online transaction limits set by default often as low as LKR 50,000–100,000 for standard debit cards. A customer attempting a larger purchase will receive code 05 even if funds are available. The fix: the customer must increase their online limit through their bank's mobile app or branch.
3. Online / E-commerce Transactions Not Enabled
This is a common issue with Sri Lankan debit cards. Many banks issue cards with e-commerce transactions disabled by default as a security precaution. As a result, online payments may fail unless the cardholder has explicitly enabled this feature.
Sri Lanka-specific: debit cards with online payments disabled
4. Insufficient funds (masked as Do Not Honour)
While insufficient funds typically returns its own code (51), some banks route insufficient balance declines through code 05 — particularly for credit cards where the bank does not wish to reveal the credit limit situation. If the customer is confident their card is fine in other respects, checking available balance is worth trying.
5. Transaction velocity limits
Banks set rules on how many transactions a card can attempt in a given time window. If a customer's card was recently used multiple times or if there were multiple failed attempts, the bank may temporarily block further authorisations and return code 05. This often resolves itself within a few hours.
6. 3D Secure / OTP failure upstream
In Sri Lanka, most card-not-present transactions require 3D Secure authentication (the OTP step). If the OTP is entered incorrectly or the bank's authentication server has an issue, the transaction may still return code 05 after the OTP flow. This is a bank-side issue, OnePay passes the 3DS result faithfully.
7. International merchant or currency restrictions
Some Sri Lankan bank accounts have foreign currency or international merchant restrictions. Even for domestic payments, if the merchant is categorised under a restricted MCC (Merchant Category Code) gambling, crypto, certain digital goods the bank may return code 05 based on account-level category restrictions.
What should the customer do?
A "Do Not Honour" decline is almost always resolvable. Here is the recommended flow to give your customers either in your checkout error message, your order failure email, or your customer support script.
Contact your bank first
Call the number on the back of your card or message through your banking app. Ask why the transaction was declined and request that the block be lifted. Do not assume the problem is with the merchant's website or Onepay.
Enable online / e-commerce transactions
If you are using a Sri Lankan debit card, you can enable online transactions by contacting your card-issuing bank (via hotline or branch). The relevant contact details are typically available on the back of the card.
Increase your daily online transaction limit
Some banks in Sri Lanka require customers to manually request an increase to their daily online or e-commerce transaction limit. If your purchase exceeds the current limit, the transaction may fail even if sufficient funds are available.
Try a different card or payment method
If the issue persists, try a credit card from a different bank, or use an alternative payment method such as FriMi, Qplus or Helapay.
Wait and retry if velocity-blocked
If you made multiple failed attempts recently, wait 2–4 hours before trying again. The bank's velocity rule will typically be clear.
What should merchants do?
While code 05 is issued by the cardholder's bank not by OnePay there are meaningful steps merchants can take to reduce the frequency of these declines and recover more revenue.
Check your Merchant Category Code (MCC)
If your business was assigned an MCC that certain banks restrict (e.g., digital goods, software, subscriptions), you may see elevated code 05 rates from certain issuing banks. Contact OnePay support to review your MCC and determine if a reclassification is appropriate. Correct categorisation can meaningfully reduce friction.
Card Decline Codes: Full Reference
Code 05 is the most common, but it's far from the only declining code you'll see in your OnePay dashboard. Here is a reference for the codes most frequently encountered in the Sri Lankan market:
| Code | Message | Meaning | Action |
|---|---|---|---|
| 05 | Do Not Honour | Generic bank decline fraud score, limits, e-commerce disabled, or velocity | Contact bank |
| 51 | Insufficient Funds | Card balance or credit limit too low for the transaction amount | Don't retry |
| 14 | Invalid Card Number | Card number entered incorrectly or card does not exist | Re-enter details |
| 54 | Expired Card | Card's expiry date has passed | Use new card |
| 41 | Lost Card — Pick Up | Card has been reported lost by the cardholder | Do not retry |
| 43 | Stolen Card — Pick Up | Card has been reported stolen | Flag for review |
| 57 | Transaction Not Permitted | This card type is not allowed to make this transaction (e.g., e-commerce blocked at card level) | Enable online payments |
| 61 | Exceeds Withdrawal Limit | Daily or per-transaction limit exceeded | Increase limit |
| 65 | Exceeds Frequency Limit | Too many transactions attempted in a short period | Retry after 2–4 hours |
| 91 | Issuer Not Available | The cardholder's bank is temporarily unreachable | Retry later |
| 96 | System Malfunction | Technical issue at the network or bank level — not a card problem | Retry later |
| 12 | Invalid Transaction | Transaction type or format not supported by the issuing bank | Contact OnePay support |
| 82 | CVV Incorrect | The 3-digit security code does not match bank records | Re-enter CVV |
| N7 | CVV2 Failure | Specific CVV2 mismatch — common with cards newly issued in Sri Lanka | Re-enter CVV |
Never retry codes 41 and 43
Frequently Asked Questions
Is "Do Not Honour" always fraud-related?
No, and this is one of the most important points to communicate to your customers. A "Do Not Honour" response does not mean the transaction was flagged as fraudulent. It does not mean the customer's card has been compromised. It does not mean anything suspicious occurred.
In Sri Lanka's context, the overwhelming majority of code 05 declines are caused by routine card settings that haven't been configured for online use, not fraud. Banks simply default to the most restrictive setting to protect customers who might not know that online payment settings need to be manually enabled.
Can I force a "Do Not Honour" transaction through?
No. When a bank returns code 05, the authorisation is definitively declined. There is no mechanism for a merchant or payment gateway to override a bank's decline decision.
Will retrying a "Do Not Honour" cause problems?
Retrying once or twice after a customer has taken corrective action is perfectly fine. However, repeatedly retrying without addressing the underlying cause can trigger velocity blocks.
Why does my customer see "Do Not Honour" on a brand-new card?
New cards from Sri Lankan banks are often issued with e-commerce transactions disabled as a default security measure. The customer simply needs to activate online payments in their banking app.
Does OnePay charge for declined transactions?
OnePay does not charge transaction fees for failed or declined payments. You are only charged on successful transactions. Declined authorisations incur no cost.
Does "Do Not Honour" affect my merchant account standing?
Code 05 declines initiated by the issuing bank do not negatively affect your OnePay merchant account or your standing with card networks. However, if your overall decline rate is unusually high, it may indicate a configuration issue worth reviewing with OnePay support.