Card authorization explained

After your customer hits the ‘Checkout’ button to make a purchase from your business, a lot still needs to happen before that money arrives in your account.

Before the funds settle, they need to be captured – and before they’re captured, they need to be authorized. At its most basic, card authorization is how all the banks involved verify that the customer is legitimate, and that they possess enough funds to pay for the purchase.

But credit card authorization also has important benefits for combating fraud, safeguarding your business from chargebacks and fees, and removing the friction from your customer’s payment experience. And, if you have the right tools at your disposal to understand why your transactions are or aren’t being authorized, it can help you transform how you take payments.

So what is card authorization – and how does it differ from the processes of payment capture and settlement? Moreover, why do credit card authorization requests fail – and what can you do not only to ensure higher levels of card authorization, but implement a more robust credit card processing strategy heading into 2024?

Let’s find out.

What is card authorization?

Card authorization is the process of ensuring, when your customer uses a credit or debit card to make a purchase from your business, that the cardholder has sufficient funds or credit available to complete the transaction.

When your customer uses a card to pay – be it online, over the phone, or in-person through a point of sale (POS) terminal or card reader – your payment processor communicates with their bank (known as the ‘issuing bank’).

In doing so, you’re able to proceed with the transaction with peace of mind: knowing not only that the customer has enough funds, but that they’re the legitimate cardholder, too.

Through this lens, the card authorization process also plays an important role in fraud detection and prevention; helping you avoid many of the different types of payment fraud, and the damaging effects their consequences – such as chargebacks – can have on your business’s reputation and revenue.

How does credit card authorization work?

To the naked eye, the credit card authorization process takes mere seconds.

However, there’s a lot going on behind the scenes as the issuing bank, the acquiring bank (that’s your bank), and your payment processor all work together to ensure the transaction goes ahead smoothly.

So let’s take a closer look at how the card authorization process unfolds:

1. First up, the customer initiates a purchase: either by swiping, inserting, or tapping their credit card at the POS, or by entering their card details online in what’s known as a card-not-present (CNP) transaction.
2. Your payment processor (a company like Checkout.com, who handles debit and credit card payments on your behalf) then sends an authorization request to the acquiring bank, using a credit card network – such as Visa, Mastercard, and American Express – as a payment rail.
3. This request contains the transaction’s most important details: including the purchase amount, the card number, and the merchant’s information.
4. After receiving this authorization request, the acquiring bank then routes it back through the card network, which forwards the authorization request on to the issuing bank. (Which, you’ll remember, is the bank that issued the credit card to the customer.)
5. Here, the issuing bank runs the rule over the authorization request: checking whether the account is valid, evaluating the transaction for potential fraud (ensuring, for instance, that it’s consistent with the cardholder’s typical spending patterns), and checking that the account contains sufficient funds to cover the cost of the purchase.
6. The issuing bank then communicates the card authorization’s outcome back, via the same channels it arrived through, to you.
7. If it’s approved, you proceed with the sale without further ado. If it’s declined, the transaction is canceled – and you’ll typically receive a denial code telling you why. This provides you with more information about why the card authorization failed: whether it was due to insufficient funds, suspected fraud, or simply a technical glitch.

Authorize vs capture: What’s the difference?

Card authorization is the process of ensuring the cardholder’s account is in good standing with their bank, and that they have enough funds to make the purchase.

However, the customer’s money doesn’t actually move during the card authorization process – and here’s where payment capture comes in.

Capture, as the name suggests, is the act of ‘capturing’ your customer’s funds: of claiming the agreed-upon amount of the purchase. During the capture stage, the authorization is converted into an actual charge, and involves the acquirer requesting that the issuing account sends over the authorized funds.

Capture often happens straight after authorization in a fast, fluid chain of processes. However, some merchants – or, more accurately, the payment processors operating on their behalf – may not capture the payment for several hours, or even days. (Though not too many days – most card authorizations expire after five to ten days, so capture will always happen before then.)

The ability to authorize funds, but delay the actual capture of the payment, is an important part of how many businesses take payments – particularly those in the hospitality and travel industries.

This is what’s known as a pre-authorization charge, or authorization ‘hold’. It allows you to verify that a customer’s card is legitimate, and contains sufficient funds for a particular purchase amount – without actually confirming the specific amount you want to charge them.

Let’s say you operate a gas station, for instance. Before your customer fills up, the card machine by the pump may pre-authorize a set amount to cover the purchase – let’s say $100 – but not capture the payment yet. They top up their tank and, upon confirming the amount of gas they’ve used – $67 in this example – you then capture the correct amount.

(If the pre-authorized amount falls short – you might pre-authorize them only $50 for the ultimate amount of $67 – you can take advantage of incremental authorizations, which top up the transaction to include the extra expenditure incurred.)

After being captured, the designated purchase amount is sent to the acquiring bank for the final stage of the transaction – settlement.

Authorization vs settlement

Settlement takes place when the funds are actually transferred between the two parties involved in the transaction.

When a payment is settled, the funds are debited from the customer’s account and credited to the merchant’s. This also moves the payment’s status from ‘pending’ to ‘complete’.

If the authorization process verifies the transaction and capture finalizes it, settlement closes the loop by ensuring the seamless transfer of funds from the customer’s bank account to yours.

Settlement is often done in ‘batches’. This means that your payment processor collects all your captured transactions – before sending them together, in bulk, to the card networks. These card networks then distribute the funds to the issuing banks. Who, in turn, transfer the money from the accounts of their cardholders to your business’s coffers.

How soon your transactions will be settled depends on the agreement you have with your payment processor. Often, it happens at the end of every working day, and most payment processors are able to offer same-day settlement to the merchants they work with.

Why can credit authorization requests fail?

When a credit authorization request fails, it can be for a number of reasons.

These include:

• The customer not having sufficient funds or credit in their bank account to complete the transaction (if they have $90 in their account, for example, but are trying to make a purchase of $100 with your business).
• A customer entering incorrect or expired card information (such as the credit card number, account holder name, or CVV code; or the billing address associated with it).
• Suspected fraud or suspicious patterns: such as a card being used to make several high-value purchases at different locations within a short period of time.
• A blocked or frozen account. (Banks and financial institutions may block cards due to unpaid fees, red-flag raising activity, or any other breach by the cardholder of their agreement.)
• Technical glitches. These could be an internet outage on your end, or temporary, systemic bugbears on the part of your payment processor or the card issuer.

When a card authorization request fails, you’ll typically be informed instantly by your payment processor. This notification comes in the form of a denial code: one of a set of standardized, five-digit numbers that provide more information as to why the card authorization failed.

At Checkout.com, for instance, all our API response codes for credit card authorization denial that begin with 1 indicate that the transaction is successful. Codes starting with 2 indicate a soft decline: that, while this authorization attempt has failed, subsequent tries may be more successful. (It’s often to do with an incorrect PIN or card information; or insufficient funds.)

A denial code beginning with 3, however, denotes a hard decline – which suggests a deeper issue that must be resolved before the transaction can be re-attempted. This could be due to suspected fraud, or a card that’s been reported as lost or stolen.

A denial code is the opposite of a credit card authorization number, which you’ll receive if the authorization request was successful.

Best practices to improve authorization rates

As a merchant, maintaining high credit card authorization rates is crucial.

Not only are excellent authorization rates good for business (more authorized transactions mean a higher payment acceptance rate; which equates to more sales, after all), they’re also good for your customers.

Higher authorization rates facilitate a smoother, more seamless checkout experience; reducing cart abandonment and encouraging your shoppers to return.

There’s a strong case as to why improving your authorization rates is important, then. So how can you actually go about doing it? Here are our top tips:

• Accept digital wallets such as Apple Pay and Google Pay: because these rely on factors like biometric verification to secure the transaction, they tend to have higher rates of acceptance than other payment methods.
• Consider pre-authorization charges: by authorizing a customer’s credit card – but not actually capturing the final amount until later – you can optimize your payments flow. This can help you avoid chargebacks and refund fees, reduce fraud, cut costs, and guarantee that customers are committed to paying for your product or service.
• Collect all the right billing information: by requiring your customer to submit their name, card number, CVV number, and billing address at the checkout, the more credible the transaction is – and the more likely the issuing bank will be to accept the authorization request.
• Get to grips with response codes: by understanding and regularly reviewing your credit card authorization numbers and denial codes, you can identify transaction patterns. And, through this, understand why authorization requests are succeeding. (And, of course, why they might be failing.)
• Invest in reliable fraud prevention and detection tools: by embedding anti-fraud technologies into your own setup (perhaps with the help of a solution like Fraud Detection Pro from Checkout.com), you add another layer of security to each transaction you accept. This helps keep you in good stead with card schemes, and develop a reputation as a trustworthy merchant – which can boost your authorization rates.
• Harness the added security of network tokens: tokens are alphanumeric strings of numbers that act as surrogates for your customers’ actual debit or credit card information – enabling the transaction to take place without the fear of hackers intercepting sensitive cardholder data, and keeping your business compliant.

For more information around authorization rates – and how to optimize them for your business – delve deeper into the topic with our guide. Or, for a comprehensive take on how one high-profile business in the buy now, pay later (BNPL) space is optimizing its payment strategy to see authorization rates soar, read our Klarna case study.

Improve your payments performance with Checkout.com

To boost your credit card authorization rates – and keep them high not only for your business’s sake, but your customers’ – you’ll need a payment processor that understands the unique needs of your business, industry, and payments strategy.

A payment processor like Checkout.com.

We equip you with all the tools and information you need to understand your credit card authorization rates. With us, you’ll have access to a deeper level of data – including more than 150 response codes – and, better still, be able to actually use those insights to drive performance. We’ll empower you to respond faster to issues, streamline your payments process, and get to grips with exactly how money is flowing into – and out of – your business.

Not quite ready to take the next step in your payments strategy – and need to do some more research first? Our guide to high-performance payments (and the hidden, billion-dollar opportunity they present) puts insights from 1,500 merchants and 8,000 consumers at your fingertips – and is completely free to download.