All posts

What is payment authorization, and how does it work?

James Hayward
Content Marketing Lead

Payment authorization is a pivotal moment in the payment processing flow. It's the point where the issuer gives the thumbs-up to proceed with a transaction.

This article will revisit the fundamentals of payment authorization within the payment flow. We'll delve into why payment authorization can sometimes fail and explore practical strategies to boost your authorization rates.

What is payment authorization?

Payment authorization is when an issuing bank gives the green light on a transaction, confirming it's prepared to release funds from the customer's account.

But before this authorization is granted, the issuing bank conducts thorough checks. These checks involve verifying if the cardholder has enough funds available (assuming they're using a valid card) and scrutinizing the transaction for any suspicious activity.

It's important to remember that each issuing bank has unique criteria for conducting these checks. They might also prioritize certain transactions over others. For instance, transactions involving cross-border payments or high-risk businesses may face more extensive scrutiny.

Once the issuer gives the green light for payment authorization, the payment is 'captured.' This is when the merchant's acquirer requests the funds from the issuing bank's account. It's worth noting that this 'capture' process can occur immediately after payment authorization or later before the authorization expires.

Please note the above refers to the debit card and credit card payments. Alternative payment methods will have a different flow—for instance, they'll likely couple authorization and capture.

Why merchants may delay capture

Some reasons merchants might not request 'capture' immediately include:

  • Fraud prevention: Merchants can conduct a post-authorization fraud check before capturing the transaction.
  • Inventory management: Refunds are expensive. It's much easier and economically prudent for merchants to authorize the payment and check they have the necessary inventory to fulfill the order before capturing the transaction.
  • Flexibility: Delaying 'capture' provides flexibility in case any changes or adjustments to the transaction are needed before finalizing it.

How does card authorization work?

As mentioned, payment authorization is a step towards the overall payment flow that includes several parties and steps. Let's look at the authorization process.

  1. The customer or merchant initiates payment: The payment journey begins when the customer initiates a payment at the checkout or when the merchant uses the card details on file to start a merchant-initiated transaction.
  2. An authorization request gets sent: The merchant's payment gateway transmits a request to the merchant's acquirer, also known as a payment processor. This request includes all the essential data required to support the transaction. This includes but is not limited to the card information, 3DS data, whether the customer or merchant initiated the transaction, whether it's a recurring payment, and whether the merchant uses a network token.
  3. The processor routes the request: Upon receiving the request, the acquirer forwards it to the card network associated with the card used for the transaction.
  4. The card network contacts the issuer: Here, the request undergoes evaluation based on various parameters, including card validity and the availability of funds.
  5. The issuer decides whether to approve or decline the transaction: If the issuer authorizes transactions, its response includes an authorization code. Conversely, a decline or error code is provided if the payment is declined.
  6. The issuer sends the transaction status to the processor: The card scheme, responsible for overseeing card transactions, communicates the issuer's decision to the merchant's acquirer.
  7. The processor relays the transaction status to the payment gateway: The merchant's payment gateway receives confirmation of the issuer's decision from the acquirer. Subsequently, the merchant informs the customer whether the transaction has been successfully authorized or declined.
  8. Temporary hold and settlement: In the case of approval, a temporary hold is placed on the customer's account. This hold remains until the payment is captured, signifying the funds transfer from the customer's bank to the merchant's account.

Potential step: Authentication

Payment authentication through the 3D Secure protocols is commonplace in online commerce today, especially in Europe and other markets where it's mandated. Typically, authentication occurs before the acquirer routes the request to the card network. However, it can also happen following step five, should the issuer require authentication to authorize the payment.

Learn how payment routing can help you increase your authorization rates.

Why is payment authorization necessary?

Payment authorization holds significant importance for all parties involved in a transaction. Here's a breakdown of why it matters to each party:

  • Customer: If payment isn't authorized, customers cannot finalize their purchase, leading to frustration and potential transaction abandonment.
  • Issuers: Have a duty to protect their customers from fraudulent transactions. And they may also be liable for any fraud if 3DS was used and liability shifted from the merchant to the issuer.
  • Merchant: Successful payment authorization is paramount for merchants for several reasons:
  • Revenue: Merchants can only recognize revenue once payment authorization occurs. It marks the point at which the sale is confirmed and funds are secured.
  • Customer satisfaction: Customers often hold merchants responsible for any payment authorization issues, even though it's ultimately the issuer's decision. A declined transaction can lead to customer frustration, damage the merchant's reputation, and result in lost future revenue.

Common reasons for declined transactions

As previously discussed, there are various reasons why an issuer may refuse to authorize a payment. Let's delve deeper into these factors:

  • Communication failures: A payment can be denied if there is a communication breakdown during the payment flow. These breakdowns may occur because of network issues, system errors, or downtime. If the problem is with the payment processor, a merchant can use fallbacks to route the transaction to another processor and possibly recover the revenue.
  • Volume limits exceed: Debit cards often have transaction limits set by the bank. If a transaction amount exceeds this daily limit, the issuer will decline the payment. Similarly, credit cards have balance limits.
  • Expired card: When a credit or debit card expires, transactions become invalid.
  • Frozen account: Accounts can be frozen for various reasons, including suspected fraudulent activity or legal orders. When an account is frozen, all transactions, including legitimate ones, are temporarily blocked until the account holder resolves the issue with their bank.
  • Incorrect CVV/security code: Entering an incorrect CVV (Card Verification Value) or security code during a transaction can indicate that the person may not physically possess the card, resulting in authorization failure.
  • Insufficient funds: If the account doesn't have sufficient funds to cover the transaction amount, the issuer will decline the payment, preventing overdrawing the account.
  • Mismatched address information: An Address Verification Check (AVS) is when banks and payment processors verify the billing address provided during a transaction against the address on file with the card issuer. A mismatch between these addresses may lead to transaction denial as a precaution against unauthorized use.
  • Reported lost or stolen card: Once a cardholder reports their card as lost or stolen, the issuing bank will block any attempts to use that card for transactions to prevent unauthorized use.
  • Suspicious activity: If a transaction seems unusual, such as a large purchase in a location where an individual doesn't typically shop, the issuing bank might flag it as suspicious and deny authorization to prevent potential fraud.

Merchants should receive a code that identifies why a transaction was declined. But it's not always the case.

Research finds two-thirds of businesses don't receive detailed raw response codes on failed payments. In most instances, these merchants receive what's known as a 'Do Not Honor' response code.

Merchants receiving a 005: Do Not Honor response code have no idea why the payment was declined. This is incredibly frustrating because they lack the necessary data to resolve the issue.

What happens if payment authorization gets declined?

Merchants have two choices if payment authorization gets declined.

The first is to inform the customer they cannot complete their transaction. The other approach is to explore other options to ensure the payment is successfully authorized.

There are a variety of steps a merchant can take here. However, the effectiveness of these options depends on whether they receive detailed response codes from their payment provider. It's worth noting that many businesses do not receive these detailed response codes, which can leave them in the dark when deciding how to proceed.

With access to detailed response codes, merchants can confidently take specific steps to recover the transaction. Here are three suggested actions based on common reasons for payment failure:

  • Requesting their customer use a different payment method. If the customer's payment failed because of insufficient funds, merchants could ask the customer to use an alternative payment method, such as Buy Now, Pay Later. This option provides flexibility and increases the chances of a successful transaction.
  • Initiate a 3D Secure (3DS) challenge when a transaction encounters a soft decline from the issuer. If the issuer suggests that they might approve the payment after the customer successfully authenticates through 3D Secure, the merchant can trigger the 3DS challenge. The decision to do so rests with the issuer, and the experience for the customer can vary, ranging from a smooth, frictionless process to receiving an authentication challenge.
  • Prompt the customer to use a new card: If the payment authorization fails because the customer is using an expired card, merchants could prompt the customer to use a different, valid card for the transaction. This approach helps resolve the specific issue causing the failure.

How to improve payment authorization rates

Issuers will always decline payment authorization for one reason or another—remember, they're just managing their risk and financial exposure. That said, merchants can implement strategies to minimize the chances of authorization failures.

Here are some steps merchants can take to enhance their payment authorization rates:

Enable network tokenization: Tokens, unlike physical cards, do not have expiration dates. Merchants can convert a card-on-file into a network token. This approach increases the likelihood of payment authorization, even if the customer's original card has expired. Network tokenization is particularly beneficial for subscription-based businesses, reducing involuntary churn. Additionally, the enhanced security features of tokens make them valuable tools for merchants to improve their payment authorization rates. Research from Visa finds merchants using its tokens realize an average 2.1% authorization rate uplift for card-not-present transactions.

Utilize 3D Secure authentication: Implementing 3D Secure authentication effectively reduces the risk of fraud. It instills confidence in issuers when authorizing payments and provides merchants with liability coverage in case of fraud. This added layer of security enhances the chances of successful payment authorization.

Enable fallbacks: Fallback mechanisms come into play when the primary payment processor encounters issues, and the transaction is rerouted to a backup processor. By setting up fallbacks, merchants create an opportunity to recover a transaction following a failed authorization. This redundancy can significantly improve payment authorization rates.

Use payment orchestration: Many merchants are adopting a multi-acquirer strategy to enhance their authorization rates. That's because different payment processors excel in various regions and scenarios—so payment could be declined by processor one but accepted by processor two. Understanding these subtleties and routing payments to the processor that'll give the payment the best chance of success is crucial—and they can utilize a unified payment infrastructure like Primer to execute this effectively.

Get our buyer's guide to payment orchestration.

Adhere to the scheme rules: Not following the rules outlined by the card schemes leads to a downward trend in authorization rates. Merchants in this situation should work with their payment partners to understand where they're falling foul of the rules to get their MID seen in a better light by the schemes.

Use AI-enabled smart routing: UpliftAI from Primer is an AI-enabled smart routing solution that provides merchants with as much as a 5% authorization rate uplift at the flip of a switch. It works by simulating a transaction and predicting what payment processor has the highest chance of delivering payment success.

The bottom line

Maximizing revenue for businesses hinges on achieving a high payment authorization rate. Businesses can enhance this by understanding the process and implementing best practices such as payment orchestration. This leads to better customer experiences and the ability to gain a competitive advantage in the digital commerce landscape.

Check out this article for more on how to improve authorization rates.

The smartest payment decision you’ve ever made

Connect your favorite payment and commerce services, create beautiful customer journeys and expand into new markets fast.

Head of Payments