The Payment Authorization Process Explained

Merchants and banks have a very long history of doing battle with criminals.

Even back as far as 1696, historians believe that about 10% of all coins were counterfeit in England. And in the US in the 1860s, there were around 5,400 types of counterfeit bills.

Today, debit and credit card payments still haven't been able to shake off the problem.

In 2016, $12.6million USD was fraudulently taken from cash points in Japan within the space of just three hours. The suspects all managed to leave the country before their crime was detected.

So, the quest to get ahead of criminals with authorized and verified transactions remains as urgent today as it has ever been.

But how are credit and debit card payments authorized? Let's take a look.

What is the payment authorization process?

The payment authorization process is the verification process that takes place before a purchase is completed (or rejected).

For cash payments, this can be as basic as a merchant simply checking a banknote's watermark.

But generally speaking, it to the electronic process that takes place between an issuing bank (i.e., the buyer's bank) and an acquiring bank (the merchant's bank) for credit card, debit card, mobile, or online payments.

The goal of the process is ultimately to confirm that the buyer is the genuine cardholder and their account has the required funds to cover the cost of their purchase.

Authorization is not settlement

To the cardholder, payment authorization often seems the same as simply making a payment. They can leave the store (or close the website browser) feeling that their transaction has been completed.

But in reality, authorization is simply the initiation of the transaction. It signals that payment information has - for now - been accepted.

‍Settlement is the final step - this is when the authorized funds are transferred from the customer's bank to the merchant's bank. It usually takes between 3 - 5 working days to complete the authorisation and settlement process.

‍

There are four main parties involved in the payment authorization process.

1. The buyer (cardholder)

The buyer (or cardholder) is the customer. They might be an individual or an organisation.

2. The merchant

The merchant is the seller. Most merchants have a merchant account set up to take payments from customers using payment processing technology.

3. The issuing bank & Electronic Money Institution

The issuing bank (or card issuer or EMI issuer) is the buyer's bank. They have issued the buyer's card and they in effect make the payment for them.

Examples of issuing banks include HSBC, JPMorgan Chase, Bank of China, and Bank of America, Monzo, Starling and Revolut.

4. The acquiring bank (card processor)

The acquiring bank (also known as the merchant acquirer, acquiring card processor) is essentially the merchant's bank.

They can be thought of as a go-between and manager of card transactions.

Examples of acquiring banks include Wells Fargo, HSBC, and JP Morgan, Chase (which is also an issuing bank) and Stripe.

‍Think of them as the electronic transaction equivalent of a security guard with a guest list outside a busy nightclub or restaurant. They verify the reservation, check the potential customer looks like a desirable customer and give the nod for the doorman to let them in (or send them off disappointed into the night).

‍

The 4 steps of the payment authorization process

From the point of view of the customer and the merchant, a successful payment authorization seems like one instantaneous and seamless action.

But it actually involves several steps. Let's take a closer look at them.

Step 1: The buyer initiates the payment authorization request

The customer in the store goes to the point of sale and uses their credit or debit card to make a payment.

‍In our nightclub analogy, this is when the customer arrives at the venue's entrance.

Step 2: The acquiring bank contacts the issuing bank

Once the merchant's payment device is tapped by the card, the merchant's acquiring bank contacts the customer's issuing bank.

The issuing bank then checks two things simultaneously:
‍

• That there is enough money in the cardholder's account
• That nothing looks suspicious about this payment
  ‍

If the issuing bank confirms these two points are true, an authorization request is sent to the merchant's acquiring bank using an authorisation code.

‍Here, the head security guard (the acquiring bank), calls the customer's bank (the issuing bank).

The security guard asks the customer's bank how much is in the customer's account, tells them how much the customer wants to spend, and checks that the customer is who he says he is...

Step 3: The issuing bank sends a payment authorization code to the acquiring bank

Next, the issuing bank sends an authorization code to the acquiring bank. These are usually made up of between 2 to 6 characters (numbers and/or letters).

The code will tell the acquiring bank whether or not to approve or decline the attempted transaction.

‍The customer's bank (the card issuer) gives the security guard (the acquiring bank) a pre-agreed password that confirms everything looks good.

Step 4: The acquiring bank begins the settlement process

The issuing bank now places an authorization hold on the customer's account. And the acquiring bank initiates the payment capture phase.

The payment capture is when the details of the transaction are saved by the acquiring bank. They are sent to the issuer bank immediately, or when the merchant chooses to send it, in order to initiate the payment settlement process.

The payment device at the checkout (or browser) confirms that the card authorization process is complete.

‍The customer's banker (issuing bank) places a note about the pending transaction on the customer's account.

The security guard (acquiring bank) gives a nod of approval to the customer and the nightclub's doorman. The happy customer enters the nightclub.

The security guard then sends an assistant out to go to the customer's bank to collect the customer's payment...

‍

Reasons authorization requests can fail

There are three main reasons why a payment will be declined.

1. Financial reasons

If there are insufficient funds in the customer's account to cover the sales amount, an error code will be sent to the acquirer bank.

2. Technical reasons

Technical issues might delay or prevent a successful transaction from taking place. These can range from internet connection issues, to issues with cards, banks or payment processor technology.

3. Fraudulent transactions

Merchants and customers need to be cautious of card fraud. Both issuing and acquiring banks aim to spot a fraudulent transaction.

Potential fraud cases might sometimes turn out to be a false alarm. A cardholder's account might get frozen if they suddenly make multiple credit card transactions, for example.

The CLOWD9 Payment Processing platform

The CLOWD9 payment processing platform is cloud-based and uniquely built using microservices architecture. Unlike many other service providers, it provides a more energy-efficient and resilient payments solution.

Your payments operations can scale up or down according to transactional demand.

CLOWD9 enables genuinely realtime payments across any network, any system, anywhere around the world.

Conclusion

The payment authorization process is the first step in the payment process.

In its oldest form, it's like a store employee trying to work out if metal or paper currencies are counterfeit.

With a credit or debit card transaction, or online purchases, it is more sophisticated. This is because modern card payment methods attract the unwanted attention of highly sophisticated fraudulent attackers.

Online and card transactions involve four parties:

• The customer
  ‍
• The customer's card issuing bank
  ‍
• The merchant
  ‍
• The merchant's acquiring bank

The issuing bank and acquiring bank complete the authorization process on behalf of the customer and merchant.

They communicate with one another to check the customer's credit line has sufficient funds and detect potential suspicious actions around any pending transactions.

If the authorization is successful, an authorization hold is placed on the customer's account for the approved amount.

Once the authorization process is complete, the process of settlement can begin. All this happens in a matter of moments to give the customer a seamless, trustworthy payment experience.

The payment authorization process is a crucial step in ensuring the security and efficiency of modern payment transactions. With the rapid growth in credit and debit card transactions, as well as online purchases, it has become necessary to implement sophisticated measures to prevent fraudulent attacks.

By involving four parties - the customer, the customer's card issuing bank, the merchant, and the merchant's acquiring bank - the authorization process effectively detects and prevents suspicious actions.

As soon as the authorization is successful, the settlement process begins, providing the customer with a seamless and trustworthy payment experience.

Overall, the payment authorization process plays a critical role in maintaining the integrity of modern payment transactions, providing a secure and reliable method of payment for customers around the world.

‍

‍

‍