search

Authorization and preauthorization

hashtag
Card Authorization Flow

chevron-rightStep 1: The Request Starts at the POS Terminalhashtag

The POS terminal reads the Card Data (PAN, expiry, secure EMV chip data).

The terminal captures the Transaction Details (amount, merchant ID, terminal ID).

Crucially, the EMV chip generates a unique, one-time-use cryptographic code to ensure the transaction is secure and cannot be cloned.

chevron-rightStep 2: POS → Acquirer (The First Leg)hashtag

The terminal takes all the data(Merchant ID, Cardholder data, Amount & Currency, Terminal ID, Location, Transaction type — chip, swipe, contactless) and packages it into an encrypted Authorization Request message (using the ISO 8583 standard).

This request is immediately sent to the Acquirer (or the Processor managing the merchant’s account). The Acquirer’s job is to prepare the message for the global network.

chevron-rightStep 3: Acquirer → Card Scheme (Routing the Message)hashtag

The Acquirer has received the request. Now it must find the correct Issuing Bank to approve the money.

  1. The Acquirer routes the request to the relevant Card Scheme (Visa or Mastercard).

  2. The Scheme acts as the central traffic cop. It reads the first 6–8 digits of the card (the BIN Range) to identify which Issuer around the world handles that card. E.g., Cards starting with 5xxxxxx → Mastercard, ards starting with 4xxxxxx → Visa

  3. The Scheme then forwards the request packet to the correct Issuing Bank.

chevron-rightStep 4: Card Scheme → Issuer (The Decision Point)hashtag

This is the moment of truth. The Issuing Bank receives the request and performs a rapid-fire series of checks in milliseconds:

  • Validity Check: Is the card active, not expired, and not flagged as stolen?

  • Balance Check: Are there sufficient funds or credit available?

  • Security Check: Is the PIN/CVV correct? Does the unique EMV cryptogram validate?

  • Fraud Check: Does the transaction location, amount, or merchant type match the cardholder’s spending habits?

  • Is the merchant category allowed?

  • Is the user within their daily limits?

If all checks pass, the Issuer generates an Approval response and places a hold on the funds. If any check fails, it sends a Decline.

chevron-rightStep 5: The Response Returns to the POShashtag

The Approval/Decline message travels back through the exact same path but in reverse:

Issuer → Scheme → Acquirer → Processor → POS Terminal

The POS displays the final result, and the merchant hands you your coffee. The entire journey, from tap to approval, took less time than a blink.

WHEN PREAUTHORIZATION

  • A gas pump doesn't have the total sale amount until after the gas is dispensed.

  • A car rental agency wants to cover the cost of a delayed return of the car, plus other unforeseeable costs.

  • A hotel knows the cost of the room but doesn't know whether the minibar or other features will be accessed until checkout.

  • A restaurant assumes that a tip will be added to the receipt.

  • An online retailer knows the sale amount of the goods but does not know the shipment amount until after the order is processed at the warehouse.

  • An online retailer preauthorizes $1 to check if the card is valid, and then immediately reverses the preauthorization.

hashtag
FIVE-STEP PREAUTH EXAMPLE

For a preauthorization with completion at a gas pump, Visa Interlink (debit) rails, and an upcharge of $75, this is how a $25 purchase might appear, assuming $1000 available balance at the beginning of the purchase.

1 Preauth 2 Preauth backout 3 Completion 4 Completion backout 5 Settle

hashtag
INCREMENTAL AUTH EXAMPLE

In this example, a ride-share app gets an authorization for $15, then after arriving at the first destination the cardholder asks for a second destination, which is an additional $10. After arriving at the second destination the cardholder asks for a third destination for $5. The network is Visa credit.

1 Auth 2 Preauth backout 3 Auth 4 Preauth backout 5 Auth 6 Backout 7 Settle

AUTH REVERSAL AND EXPIRY

In this example the cardholder makes a purchase in a mobile app for $40 but cancels it a few minutes later. The cardholder has a $500 available balance before the transaction, and it takes place over Mastercard Banknet rails.

1 Auth 2 Reversal 3 Expire auth 4 Expire reversal

PARTIAL REVERSAL AND EXPIRY

This example shows a cardholder using a ride-share app. At the beginning of a ride, the app obtains a $15 preauthorization and then settles the actual amount ($10) at the end of the ride. The cardholder has an available balance of $500 prior to the ride. The network is Mastercard Banknet (credit).

1 Preauth 2 Reversal 3 Expire reversal 4 Backout 5 Settle

DISPUTES / CHARGEBACK

This example shows a chargeback and a second presentment over Visa rails for a disputed transaction of $70 that was not resolved in the cardholder's favor. The initial available balance is $500.

1 Auth 2 Backout 3 Settle 4 Chargeback 5 2nd present

GAS PUMP PLUS CONVENIENCE STORE

Cardholders frequently make purchases at the convenience store where they pump gas. These sample transactions assume Mastercard Maestro (debit) rails, a $75 upcharge, $45 total at the pump, $12 at the convenience store, and a starting available balance of $500.

1 Preauth 2 Preauth backout 3 Completion 4 Auth 5 Completion backout 6 Backout 7 Settle 8 Settle

PreviousCredit CardNextAcquiring

Last updated