Authorization Flashcards
When does authorization happen?
At the moment of the swipe
2 possible results of authorization?
- Places hold on funds and puts transaction in pending
- Declines the transaction
What is ISO 8583?
Messaging standard that is used by banks and card networks to exchange messages between themselves
11 Step Authorization Process
- Cardholder enters card details and cardholder credentials into the check-out page of the online storefront
- Gateway encrypts card details and cardholder credentials
- Gateway sends the encrypted card details and cardholder credentials to the merchant’s Acquirer Processor
- Acquirer Processor identifies the Card Network affiliated with the card
- Acquirer Processor forwards the card details to that Card Network, requesting Authorization
- Card Network identifies the bank that issued the card
- Card Network routes the transaction to the Issuer Processor affiliated with the Issuing Bank
- Issuer Processor validates that the transaction is not fraudulent, verifies that the cardholder’s account is in good standing, and verifies that the cardholder has sufficient credit to cover the amount of the purchase
- Issuer Processor sends back an approval message to the Card Network
- Card Network relays the authorization to the Acquirer Processor
- Acquirer Processor relays the authorization to the Gateway
- Gateway notifies the Cardholder that the transaction is approved
What are auth rates?
Percentage of a merchants transactions that successfully pass through the authorization process
Reasons for failed authorization
- Technical errors
- Internet outages
- Page inactivity
- Issuer refusals
- Insufficient funds
- Stolen card
- Expired card
- Billing address that does not match
Auth Rates CP vs. CNP
Overall, in-store (POS) transactions tend to have very low decline rates, while e-commerce transactions can have 5 to 10 percent decline rates
‘Do Not Honor’
- Most common decline reason for an online transaction
- Does not really tell the merchant why the issuer is declining the transaction
‘NSF’
Insufficient Funds
‘Invalid CVV’
The CVV that a customer provided does not match the issuer’s records
AVS Failed
The Address Verification Service cross checks the billing addresses a merchant submits with authorization, and the issuer says it does not match what they have on file
Hard Declines
- Any refusal due to an invalid card, stolen card or closed account
- Not much the merchant can do
- Should not be reattempted
Soft Declines
- Temporary Declines
- If it is a technical error, waiting to retry later could resolve the issue
- For an expired card, a merchant can either reach out to the shopper for them to ass a new card, or they can reach out to the relevant Network for updated details
Auth rates online vs. POS
Auth rates can be 10% lower for online payments
Why are auth rates lower for online payments?
Issuing banks use more conservative logic to approve or deny an online transaction because of the increased risk of fraud
Network declines are also referred to as…
Issuer declined charges, meaning that the customer’s bank has declined the transaction request
Strategy to deal with network decline should be based on:
- Type of decline code
- Specific issuing bank
Strategy For Insufficient Funds:
- Prompt your customer for another payment method
- Obtain authorization to retry the transaction at a later date, when the original payment method is more likely to have adequate funds
Strategy For Inaccurate or outdates card information:
- First time customer: Likely that they simply made a mistake, reach out and ask them to re-enter
- If transactions are declined using cards you have on file, the card information is likely outdated
- Ask your customers to update their credentials and ensure that your payment provider or processor offers a card account updater
Strategy for suspicion of fraud:
- Have fraud prevention and management tools in place to help detect and block illegitimate charges
5 Ways To Increase Auth Rates
- Collect and submit additional billing information
- Keep your fraud rates low
- Accept digital wallets
- Higher acceptance rates thanks to two factor authentication - Enable card account updater
- Enable network tokens
Stripe Enhanced Issuer Network
- Set of partnerships with major US card issuer and networks
- Stripe shares fraud scores from Radar, its fraud prevention solution, through an encrypted pathway with Capital One and Discover to help fight fraud
- Issuers already operate their own fraud detection models, yet they only have partial information about a transaction, which reduces their accuracy in determining whether to approve or deny it. Using Radar fraud scores for transactions in tandem with the information the issuer already has leads to more accurate fraud determinations
Stripe Adaptive Acceptance
- Uses machine learning models to selectively retry payments declined by the Issuer in real time, before a response is returned to the customer
- Stripe dynamically adjusts different factors in the payment request to increase the chances of acceptance, running dozens of experiments with different issuing banks at the same time to understand which treatment is most likely to result in a successful payment—within milliseconds
- For example, let’s say some customers in the UK quickly type their postal code in all lowercase, with no spaces, into a checkout form. Stripe would notice this pattern and test a variety of variations to find out if a certain postal code format gets better authorization rates than others
Stripe Smart Retries
For example, we look at issuer behavior (like when the issuing banks change their review thresholds), check for card updates, and analyze activity across Stripe to see if the payment method is being used successfully. Stripe then uses this information to choose the optimal times to retry failed payments attempts, so as to increase the chance of successfully paying an invoice