When making online payments or signing up for a subscription service in Japan, you might be billed a small amount, such as ¥1 or ¥10, before the full charge is made. This is known as ¥1 authorization (often shortened to ¥1 auth) and is used to see whether or not the credit card is valid. This test allows businesses to run processes that confirm that the card is certified and review the available limit on the card.

Although the ¥1 auth system is intended for legitimate purposes, it is sometimes misused for fraud. For example, ¥1 auth has been utilized to check whether the information from a stolen card is usable or to prepare for a false payment. For this reason, organizations need to use the ¥1 auth process properly and take measures to block suspicious transactions.

In this article, we’ll examine the details of the ¥1 auth setup, the risks of fraud, and the countermeasures businesses need to implement.

What’s in this article?

• What is ¥1 auth?
  
• How to perform ¥1 auth
  
• When is the ¥1 auth returned?
  
• How can ¥1 auth be misused?
  
• How can you prevent ¥1 auth fraud?
  
• Frequently asked questions about ¥1 auth
  
• What to know about ¥1 auth fraud
  

What is ¥1 auth?

¥1 authorization is the process of confirming the validity of a credit card issuing a small fee before charging the full cost. Although we refer to it as ¥1 auth, Japanese vendors might charge slightly more, with ¥10, ¥50, and ¥100 being common authorization methods. ¥1 auth is done to check whether the card has been used fraudulently or stolen, as well as verifying the card number, expiration date, and credit limit, among other details.

When handled correctly, businesses can use ¥1 auth to prevent input errors for online purchases and to ensure that billing is carried out smoothly. This process is also helpful to secure credit lines in cases where the actual bill amount will be determined later, such as when making a hotel or car rental reservations.

The fee is usually canceled immediately, so there is rarely any actual billing.

How to perform ¥1 auth

¥1 auth for a credit card is a confirmation method performed during billing. There are two types: automatic and manual authorization. Let’s look at the specifics when a manual or automatic auth is used.

Automatic authorization

Some payment processing APIs (application programming interfaces) perform this function by default. This could happen when customers enter their card details on an ecommerce site or finalize a purchase. Automatic authorization is suitable for ongoing charges or subscription services.

Manual authorization

Staff can also perform a manual ¥1 auth when a customer buys something in a physical store. Manual authorization is also suitable for transactions that might be canceled, such as hotel reservations or ticket bookings made with a call center.

When is the ¥1 auth returned?

The payment is often canceled immediately after the card has been verified. It doesn’t typically appear on the cardholder’s statement but will temporarily show up in rare cases. Shoppers could feel uneasy—naturally so—about a charge they don’t recall, regardless if it’s just ¥1. Each issuer has its own way of handling this situation, but if the business clearly understands ¥1 auth, the customer’s fears and concerns can be alleviated.

How can ¥1 auth be misused?

Some major international brands, such as Visa, do not allow ¥1 auth transactions. Let’s look at an example where this rule was exploited to carry out dishonest purchases.

In 2023, it was reported that a group of foreigners used the ¥1 auth system to cheat Japanese gas stations out of ¥90 million worth of products. The fraudsters employed a debit card from a Sri Lankan bank to visit gas stations and bought expensive items such as tires. The card passed the ¥1 auth, so they could make these purchases with little issue.

This group of eight people used this debit card and visited a gas station repeatedly with a different member each time to buy tires. As more purchases were made, the store checked with the payment system provider to ensure there would be no problem if they continued. At the time, they were told that as long as it passed through the system, it was fine. And because the gas station was receiving the money properly, the transactions continued, all while passing the ¥1 auth check.

Six months later, the Sri Lankan bank suddenly demanded a refund from the credit card company mediating the payment process because the ¥1 auth for in-store purchases violated the rules of international brands such as Visa. The provider had no choice but to agree to the reversal and incurred a huge loss of ¥90 million.

How can you prevent ¥1 auth fraud?

Organizations can take the following countermeasures to prevent fraudulent use of ¥1 auth:

Comply with the rules of international cards

When we look at the example of the fraudulent activity mentioned above, the store’s violation of the rules is used as the pretense for boldly demanding a refund.

Consider the aforementioned gas station case—the vendor violated the rules of international cards. This shows how important it is for businesses to understand these policies accurately. Make sure to check and fully understand Visa, Mastercard, and American Express’s guidelines for chargebacks and ¥1 auth.

Set limits on small-value authorizations

Introduce a system that automatically blocks requests when too many small-value authorizations, such as ¥1, happen in quick succession, and monitor those permissions accordingly.

Require a security code

You can minimize risk by making it mandatory for users to enter their card’s three- or four-digit security code.

Utilize a fraud detection system

Stripe Radar is one of the most effective tools for preventing illicit ¥1 auth. Radar is a fraud detection system that uses machine learning to study and analyze suspicious patterns based on extensive data. If a ¥1 auth appears dubious, Radar will determine that the transaction is abnormal and block it. Radar also integrates with 3D Secure, which allows additional identity verification for suspicious activities.

Frequently asked questions about ¥1 auth

What causes a rejected authorization (authorization error)?

A denial could occur for a variety of reasons.

On the business’s side:

• Fraud prevention rules
  
• Problems with 3D Secure authentication
  
• Issues with payment service settings
  

On the credit card company’s side:

• Fraud risk
  
• Card use restrictions
  

On the cardholder’s side:

• Credit card has expired
  
• Card is over the credit limit
  
• Late bills
  
• Card number input error
  
• PIN code input error
  

Why is the ¥1 auth not refunded?

If the business is delayed in processing the refund, the user will also experience a delay.
Furthermore, if there’s a system error in the cancellation process and sales information does not reach the credit card company, the ¥1 return could take a while to hit the cardholder’s account.

When will I know that the authorization process is over?

The purpose of a ¥1 auth is to verify that a payment can be made. In most cases, once the card’s legitimacy is confirmed, the authorization is immediately canceled, or the money is immediately reinstated. However, the timing of refunds varies from one issuer to another, so it’s a good idea to check first.

What to know about ¥1 auth fraud

¥1 auth is one way to prevent the illegitimate use of credit or debit cards, but it can also be misused. For this reason, it’s key that businesses monitor suspicious authorizations and actively use fraud detection systems. Additionally, they must understand the rules of various credit card companies. Setting appropriate approval steps and criteria can greatly reduce the risk of fraudulent activity.

Organizations must also consider using 3D Secure and implementing policies to detect irregular patterns to improve transaction security. Ensuring that the payment processing service’s fraud prevention capabilities are appropriately structured and that customer data is carefully managed are also important. To maintain a secure checkout environment, businesses must remain vigilant and aware of the latest defense methods and countermeasures.