After your customer hits the ‘Checkout’ button to make a purchase from your business, a lot still needs to happen before that revenue reaches the merchant account.
Before the funds settle, they need to be captured – and before they’re captured, they need to be authorized. Card authorization is an essential ingredient in secure online payment processing. It's when the issuer confirms that a transaction relates to a valid account that holds enough funds to fulfil the request.
As such, credit card authorization is vital to meet payment industry regulations and security codes. It also protects the cardholder from purchasing products they cannot pay for.
This guide explains card authorization, and how it differs from the processes of payment capture and settlement. We'll cover a few reasons credit card authorization requests fail, too. This is critical to address as you build a credit card processing strategy. Why? If you can understand where and why your authorizations are failing, you can start to recover those failed payments.
What is card authorization?
Card authorization is when an issuer runs several checks to see whether or not to approve a payment request. Authorization checks include:
- The credit or debit card details relate to a real bank account
- The account contains sufficient funds to cover the payment
- There are no restrictions on the cardholder's account
After these checks are complete, the issuer returns a message of authorization success or failure back to the card scheme.
Through this lens, the card authorization process plays an important role in fraud detection and prevention; helping you avoid many of the different types of payment fraud.
How does credit card authorization work?
To the naked eye, the credit card authorization process takes mere seconds.
However, there’s a lot going on behind the scenes as the payment processor contacts the acquiring bank (which oversees the merchant's account), who contacts the card scheme, who contacts the issuing bank (where the payer's account is).
So let’s take a closer look at how the card authorization process unfolds:
- First up, the customer initiates a purchase: either by swiping, inserting, or tapping their credit card on a reader (known as a point of sale device), or by entering their card details online (in what’s known as a card-not-present transaction) or over the phone (known as mail order/telephone order, "MOTO").
- Your payment processor (a company like Checkout.com, who handles debit and credit card payments on your behalf) then sends an authorization request to the acquiring bank, using a credit card network – such as Visa, Mastercard, and American Express – as a payment rail.
- This request contains the transaction details: the purchase amount, the card number, plus the merchant’s information (and so on).
- After receiving this authorization request, the acquiring bank then routes it back through the card network, which forwards the authorization request on to the issuing bank. (Which, you’ll remember, is the bank that issued the credit card to the customer.)
- The issuing bank runs the authorization request: checking whether the account is active and available to use, evaluating the transaction for potential fraud (ensuring, for instance, that it’s consistent with the cardholder’s typical spending patterns), and checking that the account contains sufficient funds to cover the transaction amount.
- The decision: approve or deny, is passed back to the card scheme, who passes the message back to the acquirer. If it’s approved, the transaction process continues. If it’s declined, the transaction is canceled – and you’ll typically receive a decline code telling you why.
Authorize vs capture: What’s the difference?
Card authorization is the process of ensuring the cardholder’s account is ready to make the payment. That means there are no holds on the account, and it has enough funds to make the purchase.
However, the customer’s money doesn’t actually move during the card authorization process – and here’s where payment capture comes in.
Capture, as the name suggests, is the act of ‘capturing’ your customer’s funds. It means you ring-fence the agreed-upon amount of the purchase. During the capture stage, the authorization is converted into a charge. This means the acquirer requests that the issuing bank sets aside the funds, ready for transfer.
Capture often happens straight after authorization in a fast, fluid chain of processes. However, some merchants – or, more accurately, the payment processors operating on their behalf – may not capture the payment for several hours, or even days. (Though not too many days – most card authorizations expire after five to 10 days, so capture will always happen before then.)
What is pre-authorization?
The ability to authorize funds, but delay the actual capture of the payment, is an important part of how many businesses take payments – particularly those in the hospitality and travel industries. It's a useful mechanism to provide goods or services to a customer without taking full payment upfront.
This is what’s known as a pre-authorization charge, or authorization ‘hold’. It allows you to verify that a customer’s card is legitimate, and contains sufficient funds for a particular purchase amount – without actually confirming the specific amount you want to charge them.
Let’s say you operate a gas station, for instance. Before your customer fills up, the card machine by the pump may pre-authorize a set amount to cover the purchase – let’s say $100 – but not capture the payment yet. They top up their tank and, upon confirming the amount of gas they’ve used – $67 in this example – you then capture the correct amount.
(If the pre-authorized amount falls short – you might pre-authorize them only $50 for the ultimate amount of $67 – you can take advantage of incremental authorizations, which top up the transaction to include the extra expenditure incurred.)
After being captured, the designated purchase amount is sent to the acquiring bank for the final stage of the transaction – settlement.
Authorization vs settlement
Settlement takes place when the funds are actually transferred between the two parties involved in the transaction.
When a payment is settled, the funds are debited from the customer’s account and credited to the merchant’s. This also moves the payment’s status from ‘pending’ to ‘complete’.
If the authorization process verifies the transaction and capture finalizes it, settlement closes the loop by ensuring the seamless transfer of funds from the customer’s bank account to yours.
Settlement is often done in ‘batches’. This means that your payment processor collects all your captured transactions – before sending them together, in bulk, to the card networks. These card networks then distribute the funds to the issuing banks. Who, in turn, transfer the money from the accounts of their cardholders to your business’s coffers.
How soon your transactions will be settled depends on the agreement you have with your payment processor. Often, it happens at the end of every working day, and most payment processors are able to offer same-day settlement to the merchants they work with.
Why can credit authorization requests fail?
When a credit authorization request fails, it can be for a number of reasons.
These include:
- The customer not having sufficient funds or credit in their bank account to complete the transaction (if they have $90 in their account, for example, but are trying to make a purchase of $100 with your business).
- A customer entering incorrect or expired card information (such as the credit card number, account holder name, or CVV code; or the billing address associated with it).
- Suspected fraud or suspicious patterns: such as a card being used to make several high-value purchases at different locations within a short period of time.
- A blocked or frozen account. (Banks and financial institutions may block cards due to unpaid fees, red-flag raising activity, or any other breach by the cardholder of their agreement.)
- Technical glitches. These could be an internet outage on your end, or temporary, systemic bugbears on the part of your payment processor or the card issuer.
When a card authorization request fails, you’ll typically be informed instantly by your payment processor. This notification comes in the form of a denial code: one of a set of standardized, five-digit numbers that provide more information as to why the card authorization failed.
At Checkout.com, for instance, all our API response codes for credit card authorization denial that begin with 1 indicate that the transaction is successful. Codes starting with 2 indicate a soft decline: that, while this authorization attempt has failed, subsequent tries may be more successful. (It’s often to do with an incorrect PIN or card information; or insufficient funds.)
A denial code beginning with 3, however, denotes a hard decline – which suggests a deeper issue that must be resolved before the transaction can be re-attempted. This could be due to suspected fraud, or a card that’s been reported as lost or stolen.
A denial code is the opposite of a credit card authorization number, which you’ll receive if the authorization request was successful.
Best practices to improve authorization rates
As a merchant, maintaining high credit card authorization rates is crucial.
Not only are excellent authorization rates good for business (more authorized transactions mean a higher payment acceptance rate; which equates to more sales, after all), they’re also good for your customers.
Higher authorization rates facilitate a smoother, more seamless checkout experience; reducing cart abandonment and encouraging your shoppers to return.
There’s a strong case as to why improving your authorization rates is important, then. So how can you actually go about doing it? Here are our top tips:
- Accept digital wallets such as Apple Pay and Google Pay: because these rely on factors like biometric verification to secure the transaction, they tend to have higher rates of acceptance than other payment methods.
- Consider pre-authorization charges: by authorizing a customer’s credit card – but not actually capturing the final amount until later – you can optimize your payments flow. This can help you avoid chargebacks and refund fees, reduce fraud, cut costs, and guarantee that customers are committed to paying for your product or service.
- Collect all the right billing information: by requiring your customer to submit their name, card number, CVV number, and billing address at the checkout, the more credible the transaction is – and the more likely the issuing bank will be to accept the authorization request.
- Get to grips with response codes: by understanding and regularly reviewing your credit card authorization numbers and denial codes, you can identify transaction patterns. And, through this, understand why authorization requests are succeeding. (And, of course, why they might be failing.)
- Invest in reliable fraud prevention and detection tools: by embedding anti-fraud technologies into your own setup (perhaps with the help of a solution like Fraud Detection Pro from Checkout.com), you add another layer of security to each transaction you accept. This helps keep you in good stead with card schemes, and develop a reputation as a trustworthy merchant – which can boost your authorization rates.
- Harness the added security of network tokens: tokens are alphanumeric strings of numbers that act as surrogates for your customers’ actual debit or credit card information – enabling the transaction to take place without the fear of hackers intercepting sensitive cardholder data, and keeping your business compliant.
For a comprehensive take on how one high-profile business in the buy now, pay later (BNPL) space is optimizing its payment strategy to see authorization rates soar, read our Klarna case study.
Improve your payments performance with Checkout.com
To boost your credit card authorization rates – and keep them high not only for your business’s sake, but your customers’ – you’ll need a payment processor that understands the unique needs of your business, industry, and payments strategy.
At Checkout.com, we equip you with all the tools and information you need to understand your credit card authorization rates. With us, you’ll have access to a deeper level of data – including more than 150 response codes – and, better still, be able to use those insights to drive performance. We’ll empower you to respond faster to issues, streamline your payments process, and improve revenue flow into your business.
Not quite ready to take the next step in your payments strategy – and need to do some more research first? Our guide to High Performance Payments (and the hidden, billion-dollar opportunity they present) puts insights from 1,500 merchants and 8,000 consumers at your fingertips – and is completely free to download.