Credit card processing is vital for any business in today’s age of digital payments. Despite its importance, it’s not uncommon for some merchants to not fully understand the process. This lack of understanding can lead to unoptimized payment and transaction workflow, which results in missed opportunities to lower costs and improve sales. One area that often causes confusion is how the credit card authorization process works. 

Businesses often confuse credit card authorization with many different aspects of credit card processing. To help you better understand credit card processing and authorization, we’ll go over each step in the process. This knowledge will help you optimize your payment workflow and payment systems to reduce unnecessary friction and costs for both you and your customers.

What Is Card Authorization?

Card authorization is when the customer’s issuing bank transmits a confirmation that the card has sufficient funds or credit limit to cover the pending purchase. The issuing bank is the financial institution where the customer does their banking and that issues the card to them. Issuers differ from the individual card networks such as Visa, Mastercard, or American Express.

The customer’s issuing bank can also be a credit union or an online financial company with no physical locations. The authorization is a temporary hold on a specific amount within the cardholder’s account. 

Authorization puts a hold on funds so they can’t be spent elsewhere while the rest of the payment process takes place. Authorization requests are also used if there might be an additional charge to the account holder, such as with room service or hotel expenses.

It’s important to note that authorization is just the first step in the payment process. Several other steps are needed to complete the payment, which we’ll outline in the following sections.

How Does Credit Card Authorization Work?

We explained that the issuing bank is the financial institution that transmits the card authorization result. But you should be aware of other entities in the process.

Acquiring Bank/Payment Processor

The acquiring bank or payment processor is the financial institution with which you have your merchant account. For example, if you have a merchant account with ECS Payments, then ECS Payments is your acquiring bank.

The acquiring bank provides credit card processing services to merchants. It is an intermediary between merchants and the rest of the payment network. The bank provides communication support as payment information moves between financial institutions. It also helps transfer funds between different issuing banks and your merchant account.

Once a customer starts the payment process with a credit card, the acquiring bank takes over communications with other financial institutions, such as the customer’s issuing bank.

The Merchant

The merchant in credit card processing refers to the business that accepts credit cards. This is true whether the business sells goods or is providing a service.

Cardholder or Customer

The cardholder or customer is self-explanatory. They are the party that presents their payment information to the merchant for authorization. The rest of the authorization process is the same whether you take an order by phone or through a retail POS system.

A Typical Credit Card Authorization Process

To help you visualize the CC authorization process, we’ll run through the steps for a typical credit card transaction and authorization.

Step 1: Customer Presents Their Payment Information

This is when the customer presents their credit card information for payment. If you run a retail location, this is when the customer either taps or dips their credit card into a payment terminal. In an e-commerce setting, users enter their credit card information into the secure shopping cart checkout page.

Finally, for phone orders, you enter the credit card details into a virtual terminal after receiving them over the phone. However you obtain the customer’s payment information, the rest of the authorization process is handled exactly the same. 

Step 2: The Customer’s Payment Information Is Sent To The Acquiring Bank.

After receiving the customer’s payment information, your system then sends it to your acquiring bank or payment processor to initiate the authorization process. Your acquiring bank may perform some automatic fraud checks, such as comparing the card against certain lists.

Step 3: The Acquiring Bank Sends The Payment Information To The Card Networks.

Depending on the card used, your acquiring bank will transfer the information to the appropriate card network. For example, a Visa-branded card is sent via the Visa payment network. The card network then forwards the transaction to the issuing bank for final authorization.

Step 4: The Cardholder’s Issuing Bank Receives The Transaction

The issuing bank receives the information and then performs two main checks. 

  1. The issuing bank determines if the cardholder and the account card number are valid.
  2. It confirms that sufficient funds or credit limits are available to cover the authorization amount.

Depending on the outcome of those checks, one of two possible communications will be sent back to the merchant who ran the authorization.

  1. If the card number is valid and sufficient funds are available, the issuing bank sends an approval notice and a unique authorization code.
  2. If the payment authorization fails, the system sends a decline message and a decline or error code. The error code provides the reason for the decline.

If you receive the authorization and the authorization code, the purchase may be completed, and the transfer of funds to your merchant account begins another process. 

However, authorizations do not actually transfer funds yet. Merchants must complete the full purchase to secure their transaction. Sometimes, merchants may select “authorization” rather than “run a sale” on their payment terminal. Though running a transaction automatically checks for authorization, selecting “authorization” only will not complete a sale and will simply check for card and fund validity.

However, if the transaction fails to authorize and you encounter an error code, you can instruct the cardholder to try again or use a different payment method.

In the next section, we’ll cover why cards are not authorized and what can cause a decline.

What Causes A Card Authorization To Fail?

Card authorization can fail for many reasons, and it’s important to understand why to determine if there are too many authorization failures. If this happens, you want to take steps to minimize it so more legitimate transactions can go through.

Fraud or Security Reason

Fraud or security reasons, sometimes related to incorrect information, can be a common reason for the issuing bank to decline authorization. 

For example, a simple security issue is when customers incorrectly enter their expiration date or CVV number during an e-commerce purchase. This information will not match what the issuing bank has on file, and the issuing bank will not authorize the amount.

Another example is if the customer’s card was flagged for being stolen or compromised. In this case, the issuing bank will also not authorize the purchase. 

The issuing bank does not solely perform fraud and security checks. Your payment gateway, the acquiring bank, and the card networks can have their own fraud and security checks.

Ensure you correctly set your payment gateway fraud filters to avoid flagging too many transactions or allowing too many fraudulent charges to proceed for authorization.

Insufficient Funds Or Credit

If the issuing bank determines that the purchase amount exceeds the account limits, it will not authorize the transaction. However, some cards and accounts have services to authorize transactions even if funds or credit are unavailable. The cardholder must enable these services.

Technical Failures

The third common reason authorizations fail is some sort of technical failure along the payment processing network. Technical failures can include certain systems “timing out” while waiting to receive or send a reply. In this case, one financial institution along the network fails to respond with the correct information.

Another possible failure is when the issuing bank loses its connection with the database it uses for validating card information and account balances. In most cases, the charge will decline if those systems are offline during the authorization.

Technical failures are often hard to detect, and it’s one reason that asking a customer to attempt the payment again can sometimes fix the problem.

Understanding Capturing

Sometimes, people confuse authorization with the transfer of funds from the customer’s account to the merchant. However, that is a different process known as capturing. When the original authorization occurs, the payment system holds pending funds.

This pending state means the funds are not in your account yet, and the customer no longer has that amount available on their credit or debit card. But at this point, you have not requested or transferred any funds to your merchant account or bank account.

Capturing is when the transaction goes from pending to completed, at which point the merchant officially requests the funds be sent to their merchant account. This may seem confusing, but there is a reason that this occurs in two separate steps. The delay creates a beneficial buffer that helps merchants.

By separating this process, you can ensure that funds are available before delivering or shipping products or services. Merchants can also not capture certain transactions and avoid having to perform a return or risk a costly chargeback.  

After the capture, the next step is the settlement.

Understanding Credit Card Settlement

We explained that the capture occurs when the merchant requests to send the authorized pending funds to their account. In a settlement, the actual authorized amount moves between accounts, and you receive your money in your merchant account.

It’s common for merchants to handle settlements in batches. Batch settlements can save time and reduce processing costs. It also provides a final buffer for the merchant to remove any transaction they don’t want to settle. 

What Does POS Pre-Authorization Mean?

After initiating a transaction and confirming the card’s validity and sufficient funds, the acquiring bank places a hold on the funds, known as pre-authorization. The funds authorized are not transferred but are no longer available for further use by the customer during subsequent transactions.

Your POS system can create pre-authorization when accepting a customer’s credit card. Sometimes this is displayed as a POS preauth, meaning funds were authorized but not captured or settled.

A common example of this is at a bar or restaurant. Customers may start a tab instead of ordering and paying for each drink separately. Your server can request a credit card, and the POS system can authorize a credit card for a standard amount to ensure the funds are available. Those funds are held, but they are not transferred or settled.

The server applies the final amount to the customer’s credit card after finishing the bill. This final amount is what is captured and settled. If this was in addition to the pre-authorization, the separate pre-authorization will simply expire after a certain period, generally 3 -7 days. 

If the pre-authorized funds were not used for the final capture and settlement, the system returns them to the customer’s available balance when they expire.

Pre-authorization aims to protect both the merchant and the cardholder. By pre-authorizing, the merchant can ensure funds are available before delivering goods or services.

It prevents situations where the cardholder may make several quick purchases but has already reached their credit or balance limit. The pre-authorization immediately removes the funds from the available balance so the cardholder can’t exceed their limit and incur additional fees.

How Long Does A Credit Card Authorization Last?

Credit authorization and debit authorization can expire within a minute. But generally, they last 3-7 business days. Merchants use this time to capture and settle the transaction. But depending on the payment authorization process, a merchant can choose to have an authorization expire almost immediately.

Credit Card Authorization Form

A credit card authorization differs from a standard authorization we explained earlier. The merchant uses a credit card authorization form to precisely document how they will charge a credit card. 

You will usually use a form like this for large or recurring purchases. Credit card authorization acts as an additional layer of protection for the merchant if the customer ever disputes the charges.

It also protects the customer by allowing them to see exactly how charges will apply to their card and under what circumstances. 

As a side note, a merchant’s authorization form is different from a bank authorization letter, which is often used to grant account access to others. 

Using Credit Card Authorization Forms To Reduce Chargebacks

Chargebacks are an expense and time-consuming issue that every merchant has to deal with occasionally. For large credit card authorizations, a chargeback can result in huge losses for a business. For example, a car dealership may allow customers to use credit or debit cards for down payments. In this case, a charge may be thousands of dollars, and if there is a chargeback, the car is already off the lot.

To mitigate the risk of a chargeback, the car dealership will use a credit card authorization form. This clearly outlines what the charge is for and how much it is. The customer signs this along with identification and other proof. If a chargeback ever occurs, the merchant can contest it with the most possible proof.

Another example is if you operate a catering company and a local business hires you to provide regular food deliveries. For this type of recurring billing situation, you can have the local business fill out a credit card authorization form. The form will outline how the billing will take place and explain that it can vary in amount. This allows you to charge your customer regularly without having to go through invoicing or other billing methods each time you complete an order or delivery. 

Overall, credit card authorization forms help streamline recurring payments and protect you from fraud and chargebacks, especially if you handle high-value transactions.

More Information About Payment Processing & Authorizations

If you’re a business looking to start accepting credit cards, there can be a lot to learn. At ECS Payments, we help businesses of all sizes maximize their profits through innovative merchant solutions.

If you need merchant services or want to switch payment processors, contact ECS Payments. Our in-house payment experts can analyze your business and suggest the most cost-effective options to help your business succeed.

Frequently Asked Questions About Credit Card Authorization

What is credit card authorization?

Credit card authorization is when a merchant sends card information through their payment terminal to the customer’s issuing bank. The issuer then transmits a confirmation that the card is valid and has a sufficient credit limit or funds to cover the pending purchase.

What is the credit card authorization process?

The merchant initiates the authorization process by sending the customer’s payment details to the payment processor/acquiring bank, who then sends the customer’s payment information to the card networks. The card brand then forwards the transaction to the issuer for final authorization.

Why did a card authorization fail?

A credit card authorization can fail due to fraud or security issues, insufficient funds or credit available, or technical failures.

Who does a credit card authorization benefit?

A credit card authorization protects both the merchant and the cardholder. The merchant can ensure funds are available before delivering goods or services, and the authorization prevents the cardholder from going over their limit and incurring additional fees if they are making purchases with several merchants in the same time frame.