Authorisation
What Is Authorisation in Payments? Definition and How It Works
Definition
Authorisation in payments is the process by which an issuing bank approves or declines a card transaction request, verifying that the card is valid, the cardholder has sufficient funds or credit, and the transaction does not trigger fraud rules.
How it works
When a customer initiates a card payment, the merchant's payment system sends an authorisation request through the acquirer and card network to the issuing bank. The request contains the transaction amount, card details, merchant identifier, and any authentication data (3DS result, CVV response, AVS result). The issuer evaluates these inputs against its authorisation logic and returns a response.
An approved authorisation returns an authorisation code, a reference confirming the issuer has reserved the transaction amount against the cardholder's account. The authorisation code does not mean funds have moved; it means the issuer has committed to honor the transaction when it is captured and submitted for settlement.
Authorisation holds are time-limited. Card scheme rules and issuer policies define how long an authorisation hold remains valid before it expires. For most card-not-present transactions, the hold window is 7-30 days. If the merchant does not capture within the hold window, the authorisation expires and the reserved funds are released back to the cardholder.
Authorisation is distinct from capture. An authorisation reserves funds; capture is the instruction to collect them. Some merchants authorise and capture simultaneously (immediate capture). Others pre-authorise and capture later, hotels, car rental companies, and subscription businesses commonly use delayed capture flows.
Why it matters
Authorisation expiry creates operational risk for delayed fulfilment models: merchants who authorise at order placement but capture at shipment may face expired authorisations on long-lead orders. Re-authorisation may be required, which creates a second authorisation attempt with associated decline risk.
Authorisation rate is the primary metric for payment performance: every declined authorisation is lost revenue. Approval rate optimisation, through smart routing, 3DS optimisation, and retry strategy, directly impacts revenue. A 1 percentage point improvement in authorisation rate on $100M of annual volume is $1M in recovered revenue.
Authorisation holds can cause cardholder friction: when a merchant places a hold and the transaction is later cancelled, the cardholder's available credit or funds are reduced until the hold releases. This is particularly visible for high-value pre-authorisations (hotels, travel) and can cause cardholders to contact their bank or the merchant.
Partial authorisation support enables higher approval rates: some issuers approve transactions for less than the requested amount when the full amount exceeds available credit. Merchants who support partial authorisation can accept partial approvals and charge only the available amount rather than declining entirely.
With PXP
PXP's authorisation flow handles pre-authorisation and immediate capture modes, configurable per transaction type. Authorisation results including expiry timestamps, response codes, and authentication data are surfaced in real time. PXP's retry logic handles soft-declined authorisations within scheme-mandated retry rules.
Frequently asked questions
What is the difference between authorisation and capture?
Authorisation reserves funds on the cardholder's account and confirms the issuer will honor the transaction. Capture is the instruction to collect those reserved funds and move them through clearing to the merchant's account. Some merchants authorise and capture in one step; others separate them to allow for order verification, fulfilment confirmation, or partial capture before collecting funds.
How long is an authorisation hold valid?
Authorisation hold periods are set by card scheme rules and vary by card type and transaction category. Standard card-not-present authorisations typically hold for 7-30 days. Hotel and car rental pre-authorisations have longer hold periods defined by scheme rules for those merchant categories. Merchants should check the applicable hold period for their MCC and capture within that window to avoid authorisation expiry.
What happens when an authorisation expires before capture?
If the merchant does not capture within the authorisation hold window, the authorisation expires and the reserved funds are released back to the cardholder. The merchant must submit a new authorisation request to proceed with the transaction, which carries the risk of a different authorisation outcome. For high-value transactions with long fulfilment cycles, merchants should monitor authorisation expiry dates and re-authorise when necessary.
What is a partial authorisation?
A partial authorisation occurs when the issuer approves a transaction for less than the requested amount, typically because the cardholder's available balance is insufficient for the full amount. Merchants who support partial authorisation accept the approved partial amount rather than declining the entire transaction. This is more common for prepaid cards and debit cards and is most relevant for merchants in high-average-transaction-value categories.
Revolutionize your business with PXP
Take complete control of your commerce and payments with one platform.
Get Started