What Is Authorization?

Authorization is the first step in processing a card payment. When a consumer presents their card for payment (online or in-store), the merchant's payment system sends an authorization request through the acquiring bank and card network to the cardholder's issuing bank. The issuer evaluates the request and returns an approval or decline response, typically within 1-3 seconds. An approved authorization reserves the requested amount on the cardholder's account but does not transfer funds — actual fund movement occurs during settlement.

## How Authorization Works

The authorization flow involves the following steps:

1. **Transaction initiation**: The consumer enters their card details (or taps/swipes their card). The merchant's POS or payment form captures the card number, expiration date, CVV, and transaction amount.

2. **Request routing**: The merchant's payment processor or PSP formats an authorization request message (following ISO 8583 or similar standards) and sends it to the card network (Visa, Mastercard, etc.).

3. **Network routing**: The card network identifies the issuing bank based on the card's BIN (Bank Identification Number — the first 6-8 digits) and forwards the request.

4. **Issuer evaluation**: The issuing bank checks available funds or credit limit, evaluates fraud risk using its detection models, verifies the card status (active, not blocked), and checks for any restrictions. For 3D Secure transactions, authentication occurs before or during this step.

5. **Response**: The issuer returns an authorization code (if approved) or a decline code (with a reason) back through the card network to the acquiring bank and merchant.

6. **Hold**: If approved, the authorized amount is placed on hold on the cardholder's account, reducing their available balance or credit. This hold is temporary — it expires if the merchant does not capture the transaction within a set period (typically 7-30 days depending on the card network and merchant category).

## Authorization vs Capture

Authorization and capture are two distinct steps:

- **Authorization**: The issuer approves the transaction and places a hold on funds. No money moves. - **Capture**: The merchant confirms the transaction (e.g., when goods are shipped) and submits it for settlement. This triggers the actual fund transfer.

Many online merchants use "auth and capture" as a two-step process: authorize at checkout, capture at fulfillment. This is common for merchants that ship physical goods, where there may be a delay between order placement and shipping. Other merchants (digital goods, instant services) use "auth-capture" as a single step, combining authorization and capture immediately.

## Authorization Rates

The authorization rate (or approval rate) is the percentage of authorization requests that are approved by issuers. A typical online merchant sees authorization rates of 85-95%, meaning 5-15% of transactions are declined. Declines can be "hard" (the card is invalid, blocked, or over-limit) or "soft" (temporary issues like suspected fraud, incorrect CVV, or insufficient funds).

Improving authorization rates is a major focus for merchants and PSPs because every declined transaction is a lost sale. Strategies include:

- **Retrying soft declines**: Some PSPs automatically retry soft declines after a short delay. - **Network tokenization**: Using Visa/Mastercard network tokens instead of raw card numbers can improve approval rates by 2-5%. - **Sending rich data**: Including more data in the authorization request (billing address, device fingerprint, 3DS authentication results) helps issuers make better decisions. - **Local acquiring**: Using an acquirer in the same country as the issuer can improve rates because domestic transactions have higher approval rates than cross-border ones.

## Pre-Authorization

A pre-authorization (pre-auth) is an authorization for an estimated amount that may be adjusted later. Hotels and car rental companies commonly use pre-authorizations — they authorize an estimated total at check-in and adjust the final amount at checkout. Pre-authorizations hold funds on the cardholder's account but allow the merchant flexibility on the final charge amount.