Posts in category: Blog

After your customer hits the ‘Checkout’ button to make a purchase from your business, a lot still needs to happen before that revenue reaches the merchant account.

Before the funds settle, they need to be captured – and before they’re captured, they need to be authorized. Card authorization is an essential ingredient in secure online payment processing. It’s when the issuer confirms that a transaction relates to a valid account that holds enough funds to fulfil the request.

As such, credit card authorization is vital to meet payment industry regulations and security codes. It also protects the cardholder from purchasing products they cannot pay for.

This guide explains card authorization, and how it differs from the processes of payment capture and settlement. We’ll cover a few reasons credit card authorization requests fail, too. This is critical to address as you build a credit card processing strategy. Why? If you can understand where and why your authorizations are failing, you can start to recover those failed payments.

What is card authorization?

Card authorization is when an issuer runs several checks to see whether or not to approve a payment request. Authorization checks include:

The credit or debit card details relate to a real bank account

The account contains sufficient funds to cover the payment

There are no restrictions on the cardholder’s account

After these checks are complete, the issuer returns a message of authorization success or failure back to the card scheme.

Through this lens, the card authorization process plays an important role in fraud detection and prevention; helping you avoid many of the different types of payment fraud.

How does credit card authorization work?

To the naked eye, the credit card authorization process takes mere seconds.

However, there’s a lot going on behind the scenes as the payment processor contacts the acquiring bank (which oversees the merchant’s account), who contacts the card scheme, who contacts the issuing bank (where the payer’s account is).

So let’s take a closer look at how the card authorization process unfolds:

1. First up, the customer initiates a purchase: either by swiping, inserting, or tapping their credit card on a reader (known as a point of sale device), or by entering their card details online (in what’s known as a card-not-present transaction) or over the phone (known as mail order/telephone order, “MOTO”).
2. Your payment processor (a company like Checkout.com, who handles debit and credit card payments on your behalf) then sends an authorization request to the acquiring bank, using a credit card network – such as Visa, Mastercard, and American Express – as a payment rail.
3. This request contains the transaction details: the purchase amount, the card number, plus the merchant’s information (and so on).
4. After receiving this authorization request, the acquiring bank then routes it back through the card network, which forwards the authorization request on to the issuing bank. (Which, you’ll remember, is the bank that issued the credit card to the customer.)
5. The issuing bank runs the authorization request: checking whether the account is active and available to use, evaluating the transaction for potential fraud (ensuring, for instance, that it’s consistent with the cardholder’s typical spending patterns), and checking that the account contains sufficient funds to cover the transaction amount.
6. The decision: approve or deny, is passed back to the card scheme, who passes the message back to the acquirer. If it’s approved, the transaction process continues. If it’s declined, the transaction is canceled – and you’ll typically receive a decline code telling you why.

Why can credit authorization requests fail?

When a credit authorization request fails, it can be for a number of reasons.

These include:

• The customer not having sufficient funds or credit in their bank account to complete the transaction (if they have $90 in their account, for example, but are trying to make a purchase of $100 with your business).
• A customer entering incorrect or expired card information (such as the credit card number, account holder name, or CVV code; or the billing address associated with it).
• Suspected fraud or suspicious patterns: such as a card being used to make several high-value purchases at different locations within a short period of time.
• A blocked or frozen account. (Banks and financial institutions may block cards due to unpaid fees, red-flag raising activity, or any other breach by the cardholder of their agreement.)
• Technical glitches. These could be an internet outage on your end, or temporary, systemic bugbears on the part of your payment processor or the card issuer.

When a card authorization request fails, you’ll typically be informed instantly by your payment processor. This notification comes in the form of a denial code: one of a set of standardized, five-digit numbers that provide more information as to why the card authorization failed.

As a customer, you’ll be aware of the three-digit code on the back of your Visa debit card (or the four-digit one on the front of your American Express), even if you didn’t know what it was called. Well, this number has a name – CVV (Card Verification Value).

And, as it turns out, it benefits not only customers – but merchants, too.

CVV checks can help your business detect and prevent payment fraud, avoid chargebacks, and remain compliant with the payment industry’s strict data handling standards. But how?

Read on to find out. We’ll explain the meaning of a CVV code, how it works, when you should ask for it in an online transaction – and what you should do with the CVV when you’re done.

What is a CVV number?

CVV stands for Card Verification Value. It’s a security feature that allows you to authenticate credit and debit card transactions you accept online, over the phone, or via mail order.

Because every CVV is unique to each customer’s card and account holder, CVV checks are an excellent way of verifying the legitimacy of a debit or credit card transaction. Essentially, CVV checks tell you that the customer actually has access to the card they’re using to make a purchase from your business – and that they’re not using stolen debit or credit card data.

There are different types of CVV, which include:

• CVV1: this is encoded on the magnetic stripe of the card your customer swipes when they make a payment in-store, from your point of sale (POS) terminal.
• CVV2: this is the three-digit number printed on the back of the customer’s card – usually in the signature panel. They’ll use this when making online or phone-based purchases from your business, where neither the customer – or their card – are physically present. (These are called card-not-present, or CNP, transactions.)
• CVC2: this refers to Card Validation Code 2, and is simply another term for CVV2 that Mastercard uses. (As we’ll see, different card schemes – such as Visa, Discover, American Express, and Mastercard – have similar, but varying, CVV approaches.)
• CID: this stands for Card Identification Number, and it’s the four-digit code you’ll see on the front of an American Express card. (It’s printed just above the card number.) In an online transaction, it serves the exact same purpose as the CVV2 or CVC2.

The acronym CVV is also Discover’s version of CVV2 – the code on the back of the card, not the one encoded into the magstripe – and is not to be confused with CVV1. (Confusing, we know!) 

For a handy, at-a-glance guide to the different acronyms each card scheme uses, see below:

• CVV2 is used by Visa
• CVC2 is used by Mastercard
• CID is used by American Express
• CVV is used by Discover

Where to find the CVV code

As with other card details, including your credit card number and the card’s expiration date, you can find your CVV on your physical card. However, unlike those details, it is printed rather than embossed and where it appears depends on your card network.

• Visa, Mastercard, Discover: you’ll find the three-digit CVV on the back of the card, usually within or next to the authorized signature box‍
• American Express: if it’s an Amex, the CVV is four digits and is located on the front of the card next to the contactless symbol

Difference between CVV and PIN

PINs and CVVs are both essential for security but perform different functions. 

PIN stands for ‘personal identification number’. A PIN is usually a four-digit code that is issued in association with a payment card as an additional layer of security. A cardholder may have to enter their PIN when they withdraw cash using their debit card or attempt a payment using a card reader. It is often possible for the cardholder to choose their own PIN.

A CVV also provides an additional layer of security. However, it is automatically generated by the issuer and printed on the card. It cannot be changed. Unlike PINs, which are typically used during face-to-face transactions, CVVs are used for online or over-the-phone payments.

A payment dispute happens when a customer challenges a transaction, prompting the issuing bank to investigate the claim. If unresolved, the dispute may escalate into a chargeback, potentially reversing the payment, imposing fees on the merchant. According to the 2023 Justt Chargeback Pulse Report, businesses lose an estimated 1% of revenue to payment disputes annually, with some merchants reporting losses exceeding $5 million per year.

Common reasons for filing disputes include unauthorized transactions, often caused by fraud, where card details are used without consent. Another frequent reason is the non-delivery of goods or services, where customers don’t receive what they paid for. Disputes may also occur when items or services are defective, damaged, or not as described.

In this article, we’ll explore the impact of payment disputes on merchants, why they happen and how Checkout.com’s solutions can help you manage and resolve them effectively.

What does ‘dispute payment’ mean?

The term ‘dispute payment’ refers to the formal process initiated when a customer questions a transaction—this can often be due to suspected fraud, billing errors, or dissatisfaction with goods or services. When a customer flags an issue with their card issuer, the issuer investigates and decides whether to reverse the transaction.

For merchants, payment disputes can be costly and complex, leading to lost revenue, chargeback fees, disrupted cash flow, and strained customer relationships. This is especially challenging in high-risk industries where disputes are more frequent.

Preventing disputes before they escalate is important. Businesses can reduce the occurrence and impact of payment disputes by implementing clear refund policies, robust fraud prevention measures, and proactive customer communication. Doing so can help maintain operational efficiency and strengthen customer trust.

Who is involved in a payment dispute?

Several parties play a role in a payment dispute:

• The customer – the cardholder who raises a dispute over a transaction
• The merchant – the business that sold the goods or services being disputed
• The payment processor – the provider that facilitates communication and data transfer between parties involved in the dispute
• The acquirer – the bank or payment service provider that processes payments on the merchant’s behalf
• The issuer – the bank that issued the customer’s payment card and reviews the dispute
• ‍The card network – the card brands (e.g., Visa, Mastercard) that oversee the dispute process

Each stakeholder plays a role in ensuring that the dispute is resolved efficiently.

Difference between legitimate and illegitimate disputes

A legitimate reason for a customer to file a payment dispute is suspected fraud. This could involve a criminal making an unauthorized transaction using their card details or a merchant deliberately attempting to scam the cardholder. It might also occur if the merchant fails to meet their obligations, such as fulfilling an order of goods.

An illegitimate dispute, also known as friendly fraud, occurs when a customer either deliberately or inadvertently claims a transaction is invalid. This type of disputed payment might happen because the customer has genuinely forgotten making the purchase or is attempting to get something for free by claiming that an order never arrived when it actually did.

How to fight disputes with iMorney-global.com

iMorney-global.com’s Rapid Dispute Resolution (RDR), in partnership with Verifi, enables merchants to resolve disputes automatically before they escalate into chargebacks. By addressing disputes during the pre-chargeback phase, RDR helps you avoid financial penalties, maintain a low chargeback ratio, and reduce operational overheads.

What is a payment channel?

A payment channel is a broad term encompassing any way you, as a merchant, might accept a payment; and anywhere your customer might purchase from your business.

Payment channels are, by their most basic definition, the mechanisms or avenues through which you transact with your customers. They aren’t to be confused with retail channels or payment methods – they’re somewhere in between. 

While payment methods – digital wallets, credit cards, virtual terminals – refer to the specific method a customer might use to pay, payment channels are wider and overarching: accounting for the different places, technologies, and ways involved in the digital payments you accept.

At your bricks-and-mortar store, for example, you might accept payments via digital wallets such as Apple Pay or Google Pay, as well as with credit and debit cards. Think of payment channels as a collection of payment methods as they apply to a specific retail channel: such as online or in-store.

The main payment channels for businesses in 2025 are:

• Online checkout
• In-app payments
• Virtual terminals
• In-person card machines
• Bank transfers
• Remittances
• B2B payment platforms
• Recurring payments (subscription)

We’ll unpack each of these payment channels in more detail later on in this article.