Authorization

Question 1

When does authorization happen?

Answer 1

At the moment of the swipe

Question 2

2 possible results of authorization?

Answer 2

1. Places hold on funds and puts transaction in pending
2. Declines the transaction

Question 3

What is ISO 8583?

Answer 3

Messaging standard that is used by banks and card networks to exchange messages between themselves

Question 4

11 Step Authorization Process

Answer 4

1. Cardholder enters card details and cardholder credentials into the check-out page of the online storefront
2. Gateway encrypts card details and cardholder credentials
3. Gateway sends the encrypted card details and cardholder credentials to the merchant’s Acquirer Processor
4. Acquirer Processor identifies the Card Network affiliated with the card
5. Acquirer Processor forwards the card details to that Card Network, requesting Authorization
6. Card Network identifies the bank that issued the card
7. Card Network routes the transaction to the Issuer Processor affiliated with the Issuing Bank
8. Issuer Processor validates that the transaction is not fraudulent, verifies that the cardholder’s account is in good standing, and verifies that the cardholder has sufficient credit to cover the amount of the purchase
9. Issuer Processor sends back an approval message to the Card Network
10. Card Network relays the authorization to the Acquirer Processor
11. Acquirer Processor relays the authorization to the Gateway
12. Gateway notifies the Cardholder that the transaction is approved

Question 5

What are auth rates?

Answer 5

Percentage of a merchants transactions that successfully pass through the authorization process

Question 6

Reasons for failed authorization

Answer 6

• Technical errors
• Internet outages
• Page inactivity
• Issuer refusals
• Insufficient funds
• Stolen card
• Expired card
• Billing address that does not match

Question 7

Auth Rates CP vs. CNP

Answer 7

Overall, in-store (POS) transactions tend to have very low decline rates, while e-commerce transactions can have 5 to 10 percent decline rates

Question 8

‘Do Not Honor’

Answer 8

• Most common decline reason for an online transaction
• Does not really tell the merchant why the issuer is declining the transaction

Question 9

‘NSF’

Answer 9

Insufficient Funds

Question 10

‘Invalid CVV’

Answer 10

The CVV that a customer provided does not match the issuer’s records

Question 11

AVS Failed

Answer 11

The Address Verification Service cross checks the billing addresses a merchant submits with authorization, and the issuer says it does not match what they have on file

Question 12

Hard Declines

Answer 12

• Any refusal due to an invalid card, stolen card or closed account
• Not much the merchant can do
• Should not be reattempted

Question 13

Soft Declines

Answer 13

• Temporary Declines
• If it is a technical error, waiting to retry later could resolve the issue
• For an expired card, a merchant can either reach out to the shopper for them to ass a new card, or they can reach out to the relevant Network for updated details

Question 14

Auth rates online vs. POS

Answer 14

Auth rates can be 10% lower for online payments

Question 15

Why are auth rates lower for online payments?

Answer 15

Issuing banks use more conservative logic to approve or deny an online transaction because of the increased risk of fraud

Question 16

Network declines are also referred to as…

Answer 16

Issuer declined charges, meaning that the customer’s bank has declined the transaction request

Question 17

Strategy to deal with network decline should be based on:

Answer 17

1. Type of decline code
2. Specific issuing bank

Question 18

Strategy For Insufficient Funds:

Answer 18

• Prompt your customer for another payment method
• Obtain authorization to retry the transaction at a later date, when the original payment method is more likely to have adequate funds

Question 19

Strategy For Inaccurate or outdates card information:

Answer 19

• First time customer: Likely that they simply made a mistake, reach out and ask them to re-enter
• If transactions are declined using cards you have on file, the card information is likely outdated
• Ask your customers to update their credentials and ensure that your payment provider or processor offers a card account updater

Question 20

Strategy for suspicion of fraud:

Answer 20

• Have fraud prevention and management tools in place to help detect and block illegitimate charges

Question 21

5 Ways To Increase Auth Rates

Answer 21

1. Collect and submit additional billing information
2. Keep your fraud rates low
3. Accept digital wallets
   - Higher acceptance rates thanks to two factor authentication
4. Enable card account updater
5. Enable network tokens

Question 22

Stripe Enhanced Issuer Network

Answer 22

• Set of partnerships with major US card issuer and networks
• Stripe shares fraud scores from Radar, its fraud prevention solution, through an encrypted pathway with Capital One and Discover to help fight fraud
• Issuers already operate their own fraud detection models, yet they only have partial information about a transaction, which reduces their accuracy in determining whether to approve or deny it. Using Radar fraud scores for transactions in tandem with the information the issuer already has leads to more accurate fraud determinations

Question 23

Stripe Adaptive Acceptance

Answer 23

• Uses machine learning models to selectively retry payments declined by the Issuer in real time, before a response is returned to the customer
• Stripe dynamically adjusts different factors in the payment request to increase the chances of acceptance, running dozens of experiments with different issuing banks at the same time to understand which treatment is most likely to result in a successful payment—within milliseconds
• For example, let’s say some customers in the UK quickly type their postal code in all lowercase, with no spaces, into a checkout form. Stripe would notice this pattern and test a variety of variations to find out if a certain postal code format gets better authorization rates than others

Question 24

Stripe Smart Retries

Answer 24

For example, we look at issuer behavior (like when the issuing banks change their review thresholds), check for card updates, and analyze activity across Stripe to see if the payment method is being used successfully. Stripe then uses this information to choose the optimal times to retry failed payments attempts, so as to increase the chance of successfully paying an invoice

Question 25

Stripe Card Account Updater

Answer 25

Stripe works with card networks and automatically attempts to update saved card details whenever a customer receives a new card

Question 26

Stripe Network Tokens

Answer 26

• Network tokens are a card network solution that can substitute primary account numbers (PANs) for online purchases
• Network tokens are unique to an individual user
• Stripe works with payment networks to tokenize a user’s repository of PANs into network tokens and maintains them so they stay current, even if the underlying card data changes
• For example, if a customer lost their card, Stripe would get notified by the network and update the token directly so it would continue to work without the customer having to update their payment information

Question 27

What is the Primary Account Number (PAN)?

Answer 27

The 15- or 16-digit numbers found on every credit or debit card

Question 28

Fraud Definition

Answer 28

“Any false or illegal transaction.”

• It typically occurs when someone has stolen a card number or checking account data and uses that information to make an unauthorized transaction

Question 29

Dunning

Answer 29

The process of recovering declined or failed payments for recurring revenue businesses.

Question 30

Decline Code: offline_pin_required

Answer 30

• The card was declined because it requires a PIN
• The customer needs to try again by inserting their card and entering a PIN

Question 31

3 Steps Of A Payment

Answer 31

1. Is the payer genuine and allowed to make the payment transaction? This is the Authorization process
2. Do all stakeholders involved in the payment process agree on a single truth of payment transaction information? This is Clearing
3. Has the value moved from payer to payee? This is Settlement

Question 32

Main question of Authorization?

Answer 32

Is the payer genuine and allowed to make the payment transaction?

Question 33

Question-Answer Process

Answer 33

Acquirer asks the issuer to verify that the payment transaction is genuine before it is allowed to progress to the next stage.

• The Issuer gives their answer, either authorizing or declining the transaction

Question 34

STIP

Answer 34

Stand-in-Processing

STIP is a card scheme’s backup process for authorizing transactions when an issuer can’t respond in real-time

Question 35

2 Main Stages of Authorization

Answer 35

1. Auth Request
2. Auth Decision

Question 36

Does using Apple Pay drastically change the authorization process?

Answer 36

No.

• Ultimately, regardless of the underlying technology used, the cardholder is still making a purchase with a card
• These technologies simply introduce a layer of abstraction on top of existing infrastructures for the convenience of consumers
• The form factor is irrelevant and the authorisation process is the same. Underneath, the ducks still paddle in the same way

“You can say that it is an overlay service on top of the card information which wraps a card to present it in a different way”

Question 37

Industry Approved Standard for authentication during authorization:

Answer 37

3D Secure