What is a Authorisation?

What Is Payment Authorisation?

Authorisation is the first step in processing a card payment. It is the real-time check where the card issuer verifies that the card is valid, the account has sufficient funds or credit, and no fraud indicators are present. If everything checks out, the issuer returns an authorisation code that allows the transaction to proceed.

This happens in seconds, but a remarkable amount of work takes place behind the scenes. The authorisation request passes from the merchant through their payment processor, across the card network, to the issuing bank -- and the response travels back the same way. The entire round trip typically completes in under two seconds.

The Authorisation Process -- Step by Step

Here is what happens when a customer makes a card payment:

• Card details submitted -- The customer presents their card (in person, online, or over the phone). The merchant's payment system captures the card number, expiry date, and CVV.
• Request sent to acquirer -- The merchant's payment terminal or gateway sends the transaction details to the acquiring bank (the merchant's bank).
• Acquirer routes through card network -- The acquiring bank forwards the request through the appropriate card network (Visa, Mastercard, etc.).
• Issuer evaluates the request -- The card issuer (the customer's bank) checks the card status, available balance, fraud rules, and any spending limits.
• Response returned -- The issuer sends back either an approval with an authorisation code or a decline with a reason code.
• Merchant receives the result -- The approval or decline travels back through the card network and acquirer to the merchant's payment system, usually within 1-2 seconds.

What the Issuer Checks

The authorisation check is more sophisticated than simply verifying the account balance. The issuing bank evaluates several factors:

• Card validity -- Is the card number real? Is it within its expiry date? Has it been reported lost or stolen?
• Available funds -- Does the account have enough money (debit) or available credit (credit card) to cover the transaction?
• Fraud screening -- Does this transaction match the cardholder's normal spending patterns? Is the location consistent? Is the amount unusual?
• Velocity checks -- Has this card been used an unusual number of times in a short period?
• Security verification -- Does the CVV match? For online transactions, has 3D Secure authentication been completed?

Authorisation Codes and Decline Codes

When a transaction is approved, the issuer returns a unique authorisation code -- typically a six-character alphanumeric string. This code is recorded against the transaction and used as proof that the issuer approved the payment. It is essential for settlement, refunds, and dispute resolution.

When a transaction is declined, the issuer returns a decline reason code. Common reasons include:

• Insufficient funds
• Card expired
• Incorrect CVV
• Suspected fraud
• Card reported lost or stolen
• Exceeds transaction or daily limit

The decline code helps the merchant understand why the payment failed and advise the customer accordingly. In a contact centre setting, agents should be trained to handle common decline scenarios sensitively and suggest alternatives.

Authorisation and Telephone Payments

For telephone payments, the authorisation process is identical to any other card-not-present transaction. The customer's card details are captured (either by the agent or by the customer entering them on their keypad) and submitted for authorisation through the payment gateway.

The key difference is how the card data is captured. In a secure telephone payment environment, the customer enters their card details using DTMF tones on their phone keypad, and those tones are masked before reaching the agent. The actual digits are routed directly to the payment processor for authorisation, ensuring the agent never hears or sees the card number.

This approach keeps the authorisation process fast and smooth for the customer while maintaining full PCI DSS compliance in the contact centre.

Authorisation Holds

When a transaction is authorised, the issuing bank places a hold on the funds in the customer's account. This ring-fences the money so it is available when settlement occurs, typically at the end of the business day.

The authorisation hold is not a charge -- the money has not actually moved yet. If the merchant does not capture (settle) the transaction within the hold period (usually 7 to 30 days, depending on the card network and merchant category), the hold expires and the funds are released back to the customer.

This is why customers sometimes see "pending" transactions on their bank statements that later disappear. The authorisation was obtained, but the transaction was never settled -- perhaps because it was voided or the order was cancelled.

Authorisation Rates and Optimisation

Authorisation rate -- the percentage of transactions that are approved on the first attempt -- is one of the most important metrics in payment processing. A low authorisation rate means lost revenue, frustrated customers, and potential damage to the merchant's reputation.

Factors that affect authorisation rates include:

• Data quality -- Accurate card numbers, expiry dates, and CVVs increase the likelihood of approval. Errors during data capture are a leading cause of unnecessary declines.
• Transaction velocity -- Submitting too many transactions in a short window from the same card or merchant can trigger fraud rules at the issuer.
• Merchant category -- Some business categories face higher decline rates due to historically higher fraud or chargeback levels.
• Cross-border transactions -- Payments where the merchant and cardholder are in different countries often see lower authorisation rates.

For telephone payments specifically, authorisation rates benefit from secure data capture methods. When card data is entered accurately via a phone keypad and routed directly to the processor -- rather than being read aloud and manually typed by an agent -- transcription errors are eliminated, which directly improves authorisation rates.