What is a Pre-Authorisation?

What Is Pre-Authorisation?

Pre-authorisation (also called a pre-auth or authorisation hold) is a temporary hold placed on a customer's card for an estimated transaction amount before the final charge is confirmed. It verifies that the card is valid and that sufficient funds or credit are available, without actually completing the payment.

You encounter pre-authorisations regularly, even if you do not recognise the term. When you check into a hotel and they "take your card details for incidentals", that is a pre-auth. When a petrol station authorises your card before you pump fuel, that is a pre-auth. When you hire a car and a deposit hold appears on your statement, that is a pre-auth.

How Pre-Authorisation Works

The mechanics of a pre-authorisation are similar to a standard authorisation, with one crucial difference: the transaction is not immediately captured for settlement.

• Hold request -- The merchant sends a pre-authorisation request to the payment processor for an estimated amount.
• Issuer places a hold -- The customer's bank ring-fences the pre-authorised amount, reducing the available balance on the card.
• Service delivered -- The customer uses the service (stays at the hotel, fills up with fuel, completes the car hire period, etc.).
• Final amount determined -- Once the actual charge is known, the merchant captures the transaction for the final amount, which may be higher, lower, or equal to the pre-auth.
• Settlement -- The final captured amount is settled through the normal payment process.

If the merchant does not capture the pre-authorisation within the allowed timeframe, the hold expires and the funds are released back to the customer's available balance.

Pre-Auth Timeframes

Pre-authorisation holds do not last indefinitely. The timeframe depends on the card network, the merchant category code (MCC), and the issuing bank:

• Standard merchants -- Pre-auth holds typically expire after 7 days if not captured.
• Hotels -- Extended hold periods of up to 31 days are allowed to cover the full length of a guest's stay.
• Car hire -- Similar extended periods to hotels.
• Petrol stations -- Very short hold periods, often just a few hours.

It is important to note that even after a pre-auth expires on the merchant side, the hold on the customer's card may take additional time to release, depending on the issuing bank's systems.

Pre-Auth vs Standard Authorisation

A standard authorisation is followed by an automatic capture -- the merchant intends to charge exactly the authorised amount, and the transaction proceeds to settlement without further intervention. A pre-authorisation deliberately separates the authorisation and capture steps, giving the merchant flexibility to adjust the final amount.

• Standard authorisation -- Authorise GBP 50, capture GBP 50, settle GBP 50. Simple and automatic.
• Pre-authorisation -- Pre-authorise GBP 200, deliver service, capture GBP 175 (the actual cost), settle GBP 175. The GBP 25 difference is released from the hold.

Pre-Authorisation in Telephone Payments

Pre-authorisations are common in telephone payment scenarios, particularly for service-based businesses where the final charge is not known at the time of booking. Examples include:

• Travel companies -- Pre-authorising an estimated trip cost at the time of booking, with the final amount captured after the trip.
• Repair services -- Taking a pre-auth over the phone when a job is booked, then capturing the actual cost once the work is completed.
• Medical and dental practices -- Pre-authorising an estimated treatment cost, with the final amount adjusted based on the actual procedures performed.
• Event bookings -- Holding a pre-auth for a deposit, with the balance captured closer to the event date.

For any of these scenarios, the security of the initial card data capture is paramount. If the pre-auth is taken over the phone, the same PCI DSS requirements apply as for any other telephone payment.

Customer Communication

Pre-authorisations can cause confusion for customers. They see a "pending" charge on their account that may be for a different amount than the final charge, or they see both the pre-auth hold and the final charge temporarily. Clear communication is essential:

• Explain that a temporary hold will appear on their account
• State the hold amount and how long it may take to release
• Clarify that the final charge may differ from the hold amount
• Provide a contact number for any queries about the hold

Pre-Authorisation Amounts -- Getting It Right

Setting the right pre-authorisation amount requires judgement. Too low, and the merchant may not have enough cover for the final charge -- potentially requiring a second authorisation or a separate transaction. Too high, and the customer's available balance is unnecessarily reduced, which can cause their other payments to be declined or lead to complaints.

Industry norms help guide this decision. Hotels typically pre-authorise the room rate plus a percentage for incidentals (often 10-15%). Car hire companies pre-authorise the rental cost plus an excess deposit. Petrol stations often pre-authorise a standard amount (such as GBP 1 or GBP 100) before the customer pumps fuel.

For telephone-based service businesses, the pre-auth amount should be based on a reasonable estimate of the final cost. If the estimate is uncertain, it is better to communicate the hold amount clearly to the customer and explain that the final charge may differ.

Pre-Authorisation and Card-Not-Present Security

Pre-authorisations taken over the phone carry the same security requirements as any card-not-present transaction. The card data must be captured securely, transmitted through encrypted channels, and never stored in unprotected systems. PCI DSS applies fully to the pre-auth capture, regardless of whether the final payment is captured later through a different process.

This is particularly important because pre-authorisation scenarios often involve higher-value transactions -- hotel stays, vehicle hire, service deposits -- where the financial exposure from a data breach would be greater. Secure telephone payment solutions that prevent card data from entering the agent environment are essential for businesses that regularly process pre-authorisations by phone.