If you’ve ever used a credit or debit card to make a purchase, you’ve been involved in the card authorization process. The same is true if you have a business that accepts credit and debit card payments from customers. According to data collected by Capital One Shopping, US credit card transactions totaled 56.2 billion in 2024. But despite being an important part of doing business, most people don’t know very much about the process.

Card authorization is a complex process that provides a powerful security check against fraud. However, it can lead to several pain points for businesses, such as declined transactions, authorization holds that freeze cash flow, and the complexity of error management. Understanding how card authorization works and why some authorizations fail will enable you to set up your business and give your customers the smoothest transaction experience possible.

What’s in this article?

• What is card authorization?
  
• How does card authorization work?
  
• What is capturing?
  
• What is settlement?
  
• What is a credit card authorization form?
  
• Are credit card authorization forms safe?
  
• What is a card authorization hold?
  
• Why does card authorization fail?
  
• How businesses can improve authorization rates
  
• How Stripe Payments can help
  

What is card authorization?

Card authorization is approval from a credit or debit card issuer (usually a bank or credit union) that states the cardholder has sufficient funds or the available credit needed to cover the cost of a transaction they’re using a card to complete.

How does card authorization work?

Card authorization usually happens through a payment processor as part of the scope of services they provide for businesses. Many payment processors play multiple roles for businesses around payment processing, including serving as the business’s acquirer.

Stripe, for example, offers payment processing for businesses, as well as the functionality of a business account and acquirer. An acquirer—also called an acquiring bank—is a bank or financial institution that processes credit or debit card payments on behalf of businesses, specifically in the context of communicating with cardholders’ banks—called issuers, or issuing banks—to authorize transactions.

Card authorization involves four parties:

• The customer, often referred to in this context as the cardholder
  
• The business
  
• The issuer, or issuing bank
  
• The acquirer, or acquiring bank
  

Here’s the process in which all these parties communicate with each other to approve (or not approve) a transaction:

• The customer presents a card for payment at the point of sale. Card authorization is required for both online and in-person transactions.
  
• The business’s point-of-sale (POS) software will automatically send a request to their payment processor or acquirer, asking them to authorize the transaction.
  
• The acquirer will take the request and send it to the issuer, via the card network, requesting approval. Card networks like Visa, Mastercard, and Discover act as the communication layer between issuing and acquiring banks, routing authorization requests and responses.
  
• The issuing bank reviews the cardholder’s account to check for two things:
  
  • To make sure the card itself is valid
    
  • To make sure there are sufficient funds or credit available to cover the cost of the purchase
    
• The issuing bank will return one of two decisions to the acquiring bank:
  
  • Approved with an authorization code
    If the card is valid and there are sufficient funds available, then the issuer responds to the acquirer’s request with approval for the transaction to proceed. This approval will be accompanied by an authorization code.
    
  • Declined with an error code
    If the issuer determines that the transaction cannot be authorized, they will inform the acquirer and send an error code.
    

The card authorization process usually lasts just a few seconds.

What is capturing?

The capturing phase of the card payment process occurs when the business acquirer requests that authorized funds be sent from the issuing account. During card authorization, the issuer confirms that the funds or credit necessary to cover the cost of the purchase is available, but the money itself doesn’t move during authorization. That happens right after, during capturing.

Payment capture can happen on a variable timeline, but since most card authorizations expire in 5–10 days, most businesses and their payment processors capture funds before that time.

What is settlement?

Settlement is when the funds from customer transactions are transferred from the cardholder’s issuing bank to the business’s acquiring bank. Think of it like this:

• Authorization is when the issuer says, “Yes, those funds are available and approved to be used for this purchase.”
  
• Capture is when the business acquirer says, “OK, great, please send us the funds.”
  
• Settlement is when the funds move from the issuing account to the business account.
  

Credit card authorization and settlement are often conflated, but they are different processes. Authorization confirms that funds are available and approved, while settlement is the point at which money moves between banks. A transaction can be authorized without ever being settled if it’s canceled or expires.

Card authorization example

Let’s say you place an order for groceries to be delivered to your house. The app you’re using adds up the estimated cost of the items you selected, plus the estimated tax, plus a tip for the driver. The app won’t know the exact total until after the order is complete, but it needs prior authorization from your card’s issuer to make sure you have enough available funds or credit to cover the amount.

When you submit your card information for payment, the app's acquirer or payment processor will contact the bank that issued your card and request authorization for the estimated total amount of your order, which will probably be slightly higher than the actual total amount.

Assuming your card’s issuer authorizes the transaction, a hold for that amount will be placed on your card. After the transaction has been completed and the app knows how much the final amount of your order is, it will ask to capture that amount.

What is a credit card authorization form?

Credit card authorization forms are documents that customers fill out granting permission for their credit card to be charged. The information on such a form must include:

• Cardholder’s name
  
• Card number
  
• Card network (Visa, Mastercard, American Express, Discover, etc.)
  
• Card expiration date
  
• Cardholder’s billing ZIP code
  
• Business name
  
• Statement authorizing charges
  
• Cardholder’s signature and the date they signed
  

Additionally, many credit card authorization forms include some or all of the following information:

• Cardholder’s full billing address and shipping address
  
• Cardholder’s phone number
  
• Cardholder’s email address
  
• Business contact information
  
• Purchase amount
  
• Language stipulating that this approval is for a recurring payment, if applicable
  
• Details of items or services covered by the purchase
  
• Customer ID, invoice, or purchase order numbers
  

Credit card authorization forms are more often used for larger purchases (think cars, computers, etc.) than they are for smaller, everyday items. They are also commonly used when starting new subscriptions and other recurring payments. Sometimes credit card authorization forms are generated digitally; sometimes they’re printed. Usually, businesses will use these forms when they plan to charge the card later without the cardholder present.

Are credit card authorization forms safe?

The security of credit card authorization forms entirely depends on the protective measures taken by the business. For example, digital credit card authorization forms through third-party websites like DocuSign are rigorously engineered to be as secure as possible.

Conversely, when you’re dealing with a printed template, the security of sensitive information on the form depends on what the business does after the cardholder fills it out.

What is a card authorization hold?

When the card issuer reviews an authorization request for a transaction, if there are enough funds available to cover the cost of the sale, the issuer will place an authorization hold—which often clear within a few days but can last up to 31 days—on the cardholder’s account. This will reduce their available funds or credit by the amount of the sale, to prevent them from potentially overdrawing the account before the funds from the current transaction are moved and sent to the business’s bank. Authorization holds are a helpful mechanism for preventing card fraud and chargebacks.

Alongside authorization holds, there are also preauthorization holds used in specific kinds of transactions. A preauthorization is a specific type of authorization used when the final transaction amount isn’t known yet, such as hotels, gas stations, or delivery apps.

As a customer, you may see a pending authorization appearing as a temporary charge that hasn't been posted yet. It reduces available credit but may disappear if the transaction isn’t completed.

Card authorization hold example

Say someone had $300 available on a line of credit, and they purchased something for $260. If there was no authorization hold placed on their card after that transaction was approved, it would be possible for them to quickly purchase something else for, say, $100 before the $260 from the first purchase was transferred out of their account.

When all transactions settled, the cardholder would be over their limit by $60. Authorization holds are effectively a way for issuers to make sure that cardholders’ accounts immediately reflect their true available balance, even before all pending transactions are settled.

Why does card authorization fail?

If a card issuer declines to authorize a transaction, the issuer will return an authorization response code that indicates why the transaction failed. Payment processors can surface these codes differently depending on their level of detail.

When a transaction fails, the reason almost always falls into one of the following three categories:

Declines caused by security or fraud concerns

The card authorization process is where any red flags related to potential fraud most often get raised. If the issuer finds that a card has been marked as stolen, lost, or frozen, they will reject the transaction and likely trigger a deeper look into the account to see if there’s been other suspicious activity. Similarly, if the card is past its expiration date, the transaction will also not be authorized.

One way businesses can help mitigate the occurrence of security-related failed authorizations is to take strong offensive measures against fraud overall. Stripe users have access to Stripe Radar, which uses machine learning to prevent fraud without blocking your real customers from making payments and applies Dynamic 3D Secure authentication to high-risk payments. Radar doesn’t require any additional setup or integration if you’re already using Stripe products.

Declines caused by insufficient funds or credit

If the issuer looks at the cardholder’s account and finds there are insufficient funds or available credit, they will decline authorization and reject the transaction. Some issuers offer overdraft protection that allows transactions to proceed even when sufficient funds are not available, but this feature usually comes with a fee and is not available on all accounts. In most cases, insufficient funds will stop a transaction from being authorized.

Declines caused by technical errors or incorrect payment details

There are also technical reasons why a payment authorization might fail. This is more common with online purchases, where there’s more room for user error while inputting payment information. Online transactions tend to be more sensitive to technical errors because of the increased risk of fraud with these card-not-present (CNP) transactions. If anything about the payment information submitted for an online purchase is incorrect or suspicious, it’s likely to get rejected by the issuer.

Sometimes the business and customer are given a specific reason why a rejected charge was declined, and sometimes it’s simply not authorized. The amount of information that accompanies a rejected authorization depends on various factors, such as who the card issuer is, who the business’s payment processor is, what kind of POS they have, and whether the transaction was online or in person.

How businesses can improve authorization rates

Card authorization can fail for a range of reasons, no matter where they’re processed, but there are steps businesses can take to improve their authorization rate. Having your payments supported by Stripe is a strong step in that direction: the Stripe platform provides intelligent acquiring functionality with direct integrations to major card networks globally, reducing latency and improving reliability on card transactions.

Stripe users have access to issuer-level insights and enhanced data fields, like raw response codes, to give you greater visibility into what’s going on with your payments. With its modern acquiring platform, Stripe continually learns from billions of data points to help optimize routing and messaging on each transaction—it’s a payments infrastructure itself that’s primed to work in favor of better authorization rates. Stripe solutions have generated billions in revenue for businesses by preventing legitimate payments from being blocked. Read more here for details on how Stripe works for businesses to optimize authorizations.

How Stripe Payments can help

Stripe Payments provides a unified, global payments solution that helps any business—from scaling startups to global enterprises—accept payments online, in person, and around the world.

Stripe Payments can help you:

• Optimize your checkout experience: Create a frictionless customer experience and save thousands of engineering hours with prebuilt payment UIs, access to 125+ payment methods, and Link, a wallet built by Stripe.
  
• Expand to new markets faster: Reach customers worldwide and reduce the complexity and cost of multicurrency management with cross-border payment options, available in 195 countries across 135+ currencies.
  
• Unify payments in person and online: Build a unified commerce experience across online and in-person channels to personalize interactions, reward loyalty, and grow revenue.
  
• Improve payments performance: Increase revenue with a range of customizable, easy-to-configure payment tools, including no-code fraud protection and advanced capabilities to improve authorization rates.
  
• Move faster with a flexible, reliable platform for growth: Build on a platform designed to scale with you, with 99.999% historical uptime and industry-leading reliability.
  

Learn more about how Stripe Payments can power your online and in-person payments, or get started today.