pexels-mikhail-nilov-6969660

Card authorization explained

Blog

After your customer hits the ‘Checkout’ button to make a purchase from your business, a lot still needs to happen before that revenue reaches the merchant account.

Before the funds settle, they need to be captured – and before they’re captured, they need to be authorized. Card authorization is an essential ingredient in secure online payment processing. It’s when the issuer confirms that a transaction relates to a valid account that holds enough funds to fulfil the request.

As such, credit card authorization is vital to meet payment industry regulations and security codes. It also protects the cardholder from purchasing products they cannot pay for.

This guide explains card authorization, and how it differs from the processes of payment capture and settlement. We’ll cover a few reasons credit card authorization requests fail, too. This is critical to address as you build a credit card processing strategy. Why? If you can understand where and why your authorizations are failing, you can start to recover those failed payments.

What is card authorization?

Card authorization is when an issuer runs several checks to see whether or not to approve a payment request. Authorization checks include:

The credit or debit card details relate to a real bank account

The account contains sufficient funds to cover the payment

There are no restrictions on the cardholder’s account

After these checks are complete, the issuer returns a message of authorization success or failure back to the card scheme.

Through this lens, the card authorization process plays an important role in fraud detection and prevention; helping you avoid many of the different types of payment fraud.

How does credit card authorization work?

To the naked eye, the credit card authorization process takes mere seconds.

However, there’s a lot going on behind the scenes as the payment processor contacts the acquiring bank (which oversees the merchant’s account), who contacts the card scheme, who contacts the issuing bank (where the payer’s account is).

So let’s take a closer look at how the card authorization process unfolds:

  1. First up, the customer initiates a purchase: either by swiping, inserting, or tapping their credit card on a reader (known as a point of sale device), or by entering their card details online (in what’s known as a card-not-present transaction) or over the phone (known as mail order/telephone order, “MOTO”).
  2. Your payment processor (a company like Checkout.com, who handles debit and credit card payments on your behalf) then sends an authorization request to the acquiring bank, using a credit card network – such as Visa, Mastercard, and American Express – as a payment rail.
  3. This request contains the transaction details: the purchase amount, the card number, plus the merchant’s information (and so on).
  4. After receiving this authorization request, the acquiring bank then routes it back through the card network, which forwards the authorization request on to the issuing bank. (Which, you’ll remember, is the bank that issued the credit card to the customer.)
  5. The issuing bank runs the authorization request: checking whether the account is active and available to use, evaluating the transaction for potential fraud (ensuring, for instance, that it’s consistent with the cardholder’s typical spending patterns), and checking that the account contains sufficient funds to cover the transaction amount.
  6. The decision: approve or deny, is passed back to the card scheme, who passes the message back to the acquirer. If it’s approved, the transaction process continues. If it’s declined, the transaction is canceled – and you’ll typically receive a decline code telling you why.

Why can credit authorization requests fail?

When a credit authorization request fails, it can be for a number of reasons.

These include:

  • The customer not having sufficient funds or credit in their bank account to complete the transaction (if they have $90 in their account, for example, but are trying to make a purchase of $100 with your business).
  • A customer entering incorrect or expired card information (such as the credit card number, account holder name, or CVV code; or the billing address associated with it).
  • Suspected fraud or suspicious patterns: such as a card being used to make several high-value purchases at different locations within a short period of time.
  • A blocked or frozen account. (Banks and financial institutions may block cards due to unpaid fees, red-flag raising activity, or any other breach by the cardholder of their agreement.)
  • Technical glitches. These could be an internet outage on your end, or temporary, systemic bugbears on the part of your payment processor or the card issuer.

When a card authorization request fails, you’ll typically be informed instantly by your payment processor. This notification comes in the form of a denial code: one of a set of standardized, five-digit numbers that provide more information as to why the card authorization failed.

Comments are closed.