Chargenet.co.uk

FULL DETAILS

The credit card pre-authorization process is a mechanism used to reserve funds on a cardholder’s account without immediately debiting them, ensuring the merchant can secure payment later.
You'll probably find Point 9. of Most Interest - see below:

### Key Terms Defined
- **Merchant**: The business or entity accepting credit card payments for goods or services (e.g., a hotel, restaurant, or online retailer). The merchant initiates the pre-authorization to verify funds availability.
- **Cardholder**: The individual or entity owning the credit card, whose account is checked for available funds during pre-authorization.
- **Payment Provider (or Payment Gateway)**: A service that acts as an intermediary between the merchant and the financial institutions, securely transmitting transaction data. Examples include Stripe, PayPal, or Square. It ensures the merchant’s request is formatted correctly and routed to the appropriate networks.
- **Acquiring Bank (Merchant Bank)**: The financial institution that maintains the merchant’s bank account and processes card payments on their behalf. It communicates with the card networks and ensures funds are settled to the merchant.
- **Issuing Bank**: The financial institution that issued the credit card to the cardholder. It verifies the cardholder’s account status, available credit, and authorizes or declines transactions.
- **Card Network**: The organization that governs the rules and facilitates communication between the acquiring and issuing banks (e.g., Visa, Mastercard, American Express). It ensures interoperability and security.
- **Payment Processor**: A company that handles the backend processing of card transactions, often working with the acquiring bank to route requests and manage settlements. Sometimes overlaps with the payment provider.
- **Cardholder’s Available Credit**: The amount of funds the cardholder can spend, which is temporarily reduced by the pre-authorized amount.

### Pre-Authorization Process in Extreme Detail
The pre-authorization process involves multiple parties, systems, and protocols working together in real-time. Here’s how it unfolds, step-by-step:

1. **Initiation by the Merchant**:
   - The merchant determines a need to verify funds, often for scenarios where the final amount is unknown (e.g., hotels reserving for potential room charges, car rentals for damages, or restaurants for tabs).
   - The merchant inputs a pre-authorization amount into their **Point of Sale (POS) terminal**, online checkout system, or payment software. This amount is an estimate, often higher than expected to cover potential costs.
   - Example: A hotel might pre-authorize £500 for a 3-night stay to cover room charges, incidentals, and taxes.

2. **Card Data Collection**:
   - The cardholder provides their credit card details (card number, expiry date, CVV, etc.), either physically (via chip, swipe, or tap) or online.
   - For in-person transactions, the card’s chip or magnetic stripe communicates with the POS terminal using **EMV** (Europay, Mastercard, Visa) standards or contactless NFC (Near Field Communication).
   - For online transactions, the cardholder enters details into a secure form hosted by the payment provider, often encrypted using **TLS/SSL** protocols.

3. **Data Transmission to Payment Provider**:
   - The merchant’s system sends the transaction details (card data, pre-authorization amount, merchant ID, transaction type) to the payment provider.
   - The payment provider validates the request, ensuring the data is complete and complies with **PCI DSS** (Payment Card Industry Data Security Standard) requirements.
   - The payment provider formats the request into a standardized message (e.g., **ISO 8583**, a common protocol for card transactions) and forwards it to the acquiring bank.

4. **Routing Through the Acquiring Bank**:
   - The acquiring bank receives the pre-authorization request and verifies the merchant’s account status.
   - It identifies the card network (Visa, Mastercard, etc.) based on the card’s **BIN** (Bank Identification Number, the first 6-8 digits).
   - The acquiring bank forwards the request to the card network, acting as the merchant’s representative in the financial ecosystem.

5. **Card Network Facilitation**:
   - The card network routes the pre-authorization request to the issuing bank, using secure, high-speed communication channels.
   - The network applies rules and checks, such as fraud detection algorithms or regional restrictions, to ensure compliance.
   - The card network may also log the transaction for dispute resolution or analytics purposes.

6. **Issuing Bank Verification**:
   - The issuing bank receives the pre-authorization request and performs several checks:
     - **Account Status**: Ensures the card is active, not expired, stolen, or blocked.
     - **Available Credit**: Verifies the cardholder has sufficient credit (or funds for debit cards) to cover the pre-authorized amount.
     - **Fraud Checks**: Analyzes the transaction for suspicious patterns (e.g., unusual location, high amount) using machine learning models or rules-based systems.
     - **Cardholder Authentication**: For online or certain transactions, the issuing bank may require **3D Secure** verification (e.g., Verified by Visa, Mastercard SecureCode), prompting the cardholder to enter a one-time password or biometric confirmation.
   - If all checks pass, the issuing bank places a **hold** (or lien) on the pre-authorized amount, reducing the cardholder’s available credit by that amount. No funds are transferred yet.
   - Example: If the cardholder has £1,000 available credit and the hotel pre-authorizes £500, their available credit drops to £500, but their account balance remains unchanged.
   - The issuing bank generates an **authorization code** (a unique identifier for the hold) and sends a response (approved or declined) back through the card network.

7. **Response Routing Back**:
   - The card network relays the issuing bank’s response to the acquiring bank.
   - The acquiring bank forwards it to the payment provider, which notifies the merchant’s system.
   - The entire process (steps 3-7) typically takes 2-10 seconds, depending on network latency and verification complexity.

8. **Merchant Notification**:
   - The merchant’s POS or system displays the result:
     - **Approved**: The merchant receives the authorization code, confirming the funds are reserved. They can proceed with providing goods/services, knowing payment is secured.
     - **Declined**: The merchant is informed of the reason (e.g., insufficient funds, invalid card) and may ask the cardholder for an alternative payment method.
   - For approved pre-authorizations, the merchant stores the authorization code securely for later use (e.g., to complete the transaction or void the hold).

9. **Hold on Cardholder’s Account**:
   - The pre-authorized amount appears as a **pending transaction** on the cardholder’s account, visible in their online banking or mobile app.
   - The hold typically lasts 3-30 days, depending on the merchant, card network, and issuing bank policies. For example:
     - Visa and Mastercard often set a default hold period of 7-10 days for retail or hospitality.
     - Hotels and car rentals may request longer holds (up to 30 days).
   - If the merchant doesn’t complete or void the transaction within this period, the hold automatically expires, and the funds are released back to the cardholder’s available credit.

10. **Subsequent Actions by the Merchant**:
    - The merchant can take one of several actions with the pre-authorized hold:
      - **Complete the Transaction**: When the final amount is known (e.g., after a hotel stay), the merchant submits a **completion request** (or capture) for the actual amount, up to or less than the pre-authorized amount. The issuing bank debits the cardholder’s account, and funds are transferred to the acquiring bank for settlement to the merchant.
      - **Partial Completion**: If the final amount is less than the pre-authorized amount (e.g., £300 spent of a £500 hold), the merchant captures only the needed amount, and the remaining hold is released.
      - **Void the Hold**: If no charge is needed (e.g., no incidentals at a hotel), the merchant voids the pre-authorization, releasing the full hold immediately.
      - **Incremental Authorization**: If the merchant needs to increase the hold (e.g., additional charges), they can request an incremental pre-authorization, subject to issuing bank approval.
    - The merchant submits these actions through the payment provider, following a similar routing process (steps 3-7).

11. **Settlement and Funding**:
    - For completed transactions, the acquiring bank submits the transaction to the card network for **clearing**, where the final amount is confirmed.
    - The card network facilitates the transfer of funds from the issuing bank to the acquiring bank, minus **interchange fees** (paid to the issuing bank) and **network fees** (paid to Visa/Mastercard).
    - The acquiring bank deposits the funds into the merchant’s account, minus their own **processing fees**. This typically takes 1-3 business days.
    - Example: For a £300 hotel charge, the merchant might receive £292 after fees (e.g., 2.5% processing + £0.10 per transaction).

12. **Cardholder Experience**:
    - The cardholder sees the pending hold until the merchant completes, voids, or the hold expires.
    - Once completed, the pending transaction updates to a posted transaction, reflecting the final amount debited.
    - If the hold expires or is voided, the pending transaction disappears, and available credit is restored.

### Technical and Security Considerations
- **Encryption and Tokenization**: Card data is encrypted during transmission (e.g., AES-256) and often tokenized by the payment provider, replacing sensitive data with a unique identifier to prevent breaches.
- **Fraud Detection**: Issuing banks use real-time analytics, monitoring velocity (e.g., multiple transactions in a short time), geolocation, and behavioral patterns to flag suspicious pre-authorizations.
- **AVS and CVV**: For online transactions, the merchant may use **Address  **Address Verification Service (AVS)** and **Card Verification Value (CVV)** checks to validate the cardholder’s address and card code, reducing fraud.
- **Disputes**: If a cardholder disputes a pre-authorized charge, the merchant must provide evidence (e.g., authorization code, signed receipt) to the acquiring bank, which coordinates with the issuing bank for resolution.

### Edge Cases and Challenges
- **Mismatched Amounts**: If the final charge differs significantly from the pre-authorized amount, the issuing bank may flag it, delaying settlement.
- **Expired Holds**: If a merchant forgets to void or complete a hold, the cardholder may face temporary credit restrictions, leading to complaints.
- **Cross-Border Transactions**: Pre-authorizations involving foreign merchants or cardholders may incur currency conversion fees or trigger fraud alerts due to location discrepancies.
- **System Downtime**: Rare outages in payment provider or bank systems can delay or fail pre-authorizations, disrupting merchant operations.

### Example Scenario
A cardholder checks into a hotel. The hotel pre-authorizes £1,000 on their card for a week’s stay plus incidentals. The POS terminal sends the request via the payment provider (e.g., Stripe) to the acquiring bank (e.g., Wells Fargo), which routes it through Visa to the issuing bank (e.g., Chase). Chase verifies the cardholder’s £1,000 available credit, places a £1,000 hold, and sends an authorization code back. The hotel receives approval in 5 seconds. At checkout, the final bill is £800. The hotel captures £800, releasing the remaining £200 hold. Funds settle to the hotel’s account in 2 days, and the cardholder’s statement shows an £800 charge.

This process ensures merchants can confidently provide services while protecting against non-payment, balancing security, speed, and trust across the financial ecosystem.