Dictionary

Card Purchase Authorization

What Is Card Purchase Authorization?

Card purchase authorization is a card payment process which ensures the card is used legitimately, that there are enough funds or credit to pay for the item or service, and that the payment should go ahead. Enabled by banks and payment processors, it is a useful tool against chargebacks and other types of fraud.

Card purchase authorization can begin when someone uses a card to pay for something, either online and in brick-and-mortar stores. It should be noted that not every merchant makes use of this system, though they ought to – as we’ll explain.

How Are Card Payments Authorized?

Card payment authorization is a very specific process that goes on behind the scenes whenever someone attempts to pay with a payment card – such as a credit, debit or prepaid card.

  1. Someone enters their bank details online or scans/taps their card in person.
  2. The merchant’s payment gateway system sends a request to the acquirer bank (the merchant’s bank), usually via a payment processor.
  3. The acquirer bank sends a request to the card issuer (buyer’s) bank, to verify…
    • that the card is valid and in use, and
    • that the shopper has sufficient funds to make the payment.
  4. The issuer bank captures the funds, leading to an authorization hold.
  5. The acquirer receives an approval or decline.
  6. If they receive approval, the payment is authorized – and soon cleared.
  7. The merchant (and sometimes the buyer) is provided with an authorization code.
card purchase authorization

Both as a shopper and a merchant, one should keep in mind that this is not the only possible way for card payments to take place. 

Some merchants are still using the legacy system, which first approves the payment and then tries to capture the funds. This is not ideal because payment authorization has been put in place to protect merchants from fraud and chargebacks, and ensure they get paid

What Can Go Wrong with Card Purchase Authorizations?

Payment gateways and acquirers offer convenience but can enable certain types of fraud. How do you prevent malicious transactions from slipping through? Read our tips.

Read More

What Is a Card Purchase Authorization Hold?

A card purchase authorization hold or capture is a pause put on the buyer’s account that is equal to the amount of money they are looking to spend in the transaction. This guarantees that should the purchase request clear without any issues, there will still be enough money at the time and won’t have been spent on anything else in the meantime.

Holds typically last a few minutes to seven days, often depending on the type of transaction, but can take as long as 31 days in rare instances.

If there is no progress/clearance on the banks’ or merchant’s side for a hold in place, this will “fall off” the account after 31 days, and the money will be released or the order will be canceled.

An authorization hold is always equal to the amount of money spent in the transaction. Once it has been placed, the money will eventually either be sent to the merchant or the hold will be canceled. 

Before the hold is canceled, the cardholder will not be able to spend that money anywhere else, although in some cases, they might be able to speed up the process by speaking to their bank.


Why Is Card Payment Authorization Important?


Card payment authorization makes transactions safer for both consumers and merchants, providing protection for merchants and ensuring that any short-term changes or cancellations are easy and quick to make.

Merchants have the option to proceed to completion as soon as authorization is granted, or they also choose to follow the authorization workflow and place an authorization hold.

Why would they do this? 

Without capturing the payment sum, several things can go wrong and result in the merchant not getting paid:

  • The cardholder might claim they are unfamiliar with this transaction and challenge it. With a hold in place, the merchant can easily cancel the transaction. This would not be a chargeback – the funds simply get released.
  • The cardholder might run out of money before the payment is completed. With a hold, you always know there will be enough money.
  • A criminal could have used stolen card details, rather than the legitimate owner. If the money has been held, it is just released back to the actual cardholder.
  • The merchant could find that they have run out of stock of said item and can’t replace it. If they have already charged, the process will be much lengthier – while a hold is simply dropped.

Moreover, without following card payment authorization in the first place, the merchant is risking the following:

  1. Not getting paid because the card information is wrong.
  2. Not getting paid because the cardholder doesn’t have the funds or is over their credit limit.
  3. Not getting paid because the card has been used by a criminal and the legitimate holder has been notified.
  4. Receiving a chargeback request, which can mean:
    • The merchant losing the item. 
    • The merchant paying for the item out of pocket.
    • The merchant paying chargeback processing fees.
    • The merchant’s chargeback ratio – and thus bank fees – increasing.
    • The merchant having so many chargebacks they are dropped by the bank.
    • The merchant having to waste time and effort responding to the chargeback request or even disputing it.

As we have stressed before, a chargeback costs shops much more than the price of the item involved in the purchase: at least 2.40x the amount, while chargebacks have been calculated to increase by 41% every two years. They are a key pain point for merchants and should be avoided as much as possible. 


What Can Go Wrong During a Card Purchase Authorization?

Card purchase authorizations are extremely helpful, which includes the fact that they can flag some issues with the card or cardholder right away. However, there is always a small chance of a false positive, as with any process. Here are some things that can go wrong during the authorization process:

  • The system might mistakenly think the cardholder is not who they say they are, which would result in a false rejection. 
  • The buyer might enter their details incorrectly, which will return a similar error. 
  • If a legitimate buyer is prevented from completing the transaction, this is considered to be a “customer insult” and can put them off your business, even if it was their own fault. 
  • The system may be failing or be down, which will delay the transaction and the feedback and confirmation the customer is awaiting.
  • The merchant might think that payment authorization is a complete guarantee against card fraud. But it is certainly not. 

How Does the Card Payment Authorization System Help Fight Fraud? 

The card payment authorization is a good tool to combat fraud, but it is by no means a failsafe or a guarantee. In fact, one would say it is an essential but rudimentary step towards safeguarding your livelihood as an ecommerce merchant or even an offline merchant who accepts card payments. But you ought to go beyond just this.

Because card payment authorization checks that the card details are correct, that there is no freeze on the card, and that the cardholder has sufficient funds, the likelihood that the transaction is legitimate increases, and some of the most common yet simple fraud scenarios are avoided. 

Another important use case is that monitoring failed authorization checks can help catch high risk and outright fraudulent users, since multiple failed attempts will be flagged.

However, more is needed:

Strong Customer Authentication (SCA) protocols such as the PSD2 directive introduced by the EU further strengthen the payment authentication and shopper verification conducted during the authorization flow. 

Meanwhile, 3-D Secure standards by EMVCo and major card issuers ensure that there is more than one factor authenticated at checkout, enabling MFA for online card payments. Again, these measures are pretty standard and, unfortunately, fraudsters have found ways around them.

For merchants, comprehensive protection against crime, scams and fraud should go beyond card payment authorization and the above widely used protocols. 

This is even more urgent a matter for those operating in high-turnover, high-risk sectors of the market. AI-powered, 360-degree fraud detection on the merchant’s side can provide assurance.

By integrating a complete fraud detection service that includes device fingerprinting, behavior analysis, data enrichment, and IP analysis at checkout, a merchant can assess individual shoppers and transactions using risk scoring, choosing to manually review or even block those that seem suspicious. 

This adds an additional, robust wall of defense for the merchant, but it does more than that: It can also, if configured in this way, make the shopping journey quicker, easier and more comfortable for shoppers, by pre-authorizing those that are found to be safe and trustworthy. 

As a result, they will not be asked for as much information (e.g. through MFA) as they would have by default, and good shoppers will be left even more satisfied with their shopping experience.