Skip to content


Xendit supports credit and debit cards from around the world. To date, we’ve charged cards from over 100 countries. Xendit supports Visa, Mastercard, JCB, and American Express, so long as the acquiring bank supports these as well. Our integrations are optimized for maximizing card acceptance rate both for Indonesian and foreign cards.

We provide card solutions for simple checkout flows as well as recurring payments (subscriptions). Solutions include:

  • Tokenization
  • Pre-Authorization
  • Authentication (3DS/OTP)
  • Charge (Capture)
  • Refund

The chart below provides an example of a typical payment flow.

alt text

Why use Xendit for Credit Cards

We offer all of the features below with simple integrations:

  • International payments
  • Secure tokenization >> No storing raw card data, clears merchants of PCI-DSS scope when using our iOS/Android/Javascript SDKs
  • Recurring payments (eg monthly)
  • 1-Click checkout >> Optional 3DS & CVN
  • Pre Authorization >> Holding funds before capture
  • We move fast & take customer support seriously.

Accepted Cards

We accept VISA, MasterCard and JCB cards from across the world.

Note: A lot of debit cards in Indonesia require their cardholders to visit their bank and ask them to enable e-commerce before they work for online transactions.


  1. Do you have transaction cut off time?

    Yes. All transactions are processed at 2PM WIB Indonesian time. Transactions done after 2PM will be processed the next day.

  2. Can you accept debit card?

    Yes, as long as the card is in a credit network. However, in Indonesia, majority of debit cards require their cardholders to make online transaction activation request at the bank beforehand.

  3. Is this feature restricted to Credit/Debit Card with Visa/MasterCard Logo only?

    The card needs to be on a credit network.

  4. What causes a credit card transaction to be declined?

    Common reasons why a credit card transaction is declined during authentication and authorization:

    • Expired card: Expired card means that the card that is charged has passed its expiry date so it is no longer able to be used for transactions.
    • Insufficient balance: If the cardholder does not have enough balance or credit to complete the transaction, issuing banks may send a code to indicate this. However, our data shows that some banks may sometimes use this code this to mask the actual decline reason, so we would advise showing a generic decline message to the customer, perhaps asking them to inquire with their bank about the decline.
    • Invalid CVN: Issuing Banks will generally block transactions where the CVN has been entered incorrectly as this generally indicates a higher chance of fraudulent transaction.
    • Inactive card: Globally, this would be caused most likely by the user entering a mistyped, fake/test, or inactive card number (eg. never activated).
    • 3DS required: Globally, most banks do not require authentication (3DS) prior to charging debit or credit cards. Regionally however, some banks in Malaysia and Indonesia will decline debit cards if they have not been authenticated.
    • CVN required: While optional for most banks in the Asia-Pacific and Americas, European banks will often decline cards if the CVN is not included.
    • Foreign/ local fraud: Banks will flag attempts as suspected fraud when they detect significant anomalies in cardholder behavior. When this happens, they generally block transactions and attempt to contact the cardholder via phone/email/SMS to confirm authenticity. Once the cardholder confirms, they can generally retry again with success.