Skip to content

Decline code 43: Stolen Card

Travis SteffenBy Travis Steffen · Co-Founder, GTMReviewed by Calum EwingUpdated 3 min read
Summarize with AI

Quick answer

Decline code 43 — “Stolen Card” — is a fraud decline from the cardholder’s issuing bank: under the ISO 8583 standard, code 43 instructs the merchant to pick up the card because the issuer has reported it stolen. It’s a hard decline, so retrying the same card never clears it. Stripe surfaces the same issuer decision as the stolen_card decline_code on a card_declined error, and NMI returns it as response code 252, “Stolen card.” Recovering it takes outreach for a new card.

What code 43 means

Hard declineDo not retry

Never blind-retry a 43 — the issuer has flagged the card as stolen and wants it retained, so re-attempts only stack fraud declines. Recovery is customer outreach for a different payment method, not a timed retry of the same card.

Cross-processor equivalents

The same issuer decision surfaces under a different code on every processor. Here is how code 43 maps across the stacks Revatto recovers on.

ISO 8583
Code43
CalledStolen Card
Stripe
Codefraudulent
CalledFraudulent
Braintree
Code2014
CalledFraud Suspected
Authorize.net
Code66
CalledFailed gateway securityresponseReasonCode 66; AFDS filters 250–254
NMI
Code252
CalledStolen card
Chargebee
Codefraudulent
CalledFraudulent
Recurly
Codefraudulent
CalledFraudulent
IxoPay
Code2010
CalledSuspected fraudadapterCode 34 also maps here
Shopify
CodeFRAUD
CalledFraud
Whop
Codefraud_decline
CalledSecurity declinenormalized — no processor-specific code (free-text categorized)
Fanbasis
Codefraud_decline
CalledSecurity declinenormalized — matched by substring rule, no processor-specific code

Why it happens

  • The cardholder reported the card lost or stolen and the issuer froze it, returning a stolen-card flag on every authorization.
  • The issuer’s fraud systems detected a compromised card — testing patterns, a breach, or anomalous activity — and locked it as stolen.
  • A reissued or replaced card whose old number is still on file with the merchant, now flagged stolen by the issuer.
  • The recurring card-on-file was canceled by the cardholder after suspected fraud, so the stored credential no longer authorizes.

How to recover it

  1. 1Don’t re-run the stored card — a 43 won’t clear on retry, and repeat fraud declines inflate your decline ratio with the issuer.
  2. 2Reach the customer on a channel they actually answer — email and SMS — and ask them to add a current card, since the one on file has been reported stolen.
  3. 3Once a new payment method is on file, charge that card; the original number will keep declining no matter how many times it’s attempted.
  4. 4
    When the customer doesn’t respond to automation, a real person — not another automated email — works the card update directly. That AI-plus-human handoff is exactly what Revatto does for you: we recover the payment end to end, and you only pay if it works (20% of the first recovered payment, $0 setup, $0 monthly, cancel anytime).See how Revatto recovers 43declines →

See what Revatto would recover for you

Failed payments recovered automatically — no engineering, no manual chasing. We do the work; you keep the revenue.

See Your Recovery Potential

Frequently asked questions