The authorization of credit card transactions has a significant impact on risk, customer service and operational expenses. Implementing the following set of best practices will ensure that the authorization process is managed properly.
Transaction Authorization Routing Sequence
The transaction authorization routing sequence must be implemented with a focus on fraud prevention. When a cardholder initiates a transaction, merchants should:
If you are participating in Verified by Visa (VbV) or MasterCard SecureCode, complete the respective authentication process and provide the authentication data in the authorization request.
Perform internal fraud screening. Transactions should be matched against velocity parameters, high-risk locations and internal negative files. Transactions that raise suspicions should be subjected to a further review.
For transactions that pass your internal scrutiny, you should obtain authorization from the card issuer. The authorization should include Address Verification Service (AVS) and Card Security Verification (the 3- or 4-digit codes on the back or front of credit and debit cards) to determine whether the card issuer or you will decline the transaction.
If you use a third-party fraud screening service, merchants should obtain a fraud score for these transactions that have not yet been declined by you or the card issuer.
Merchants should make sure that all authorizations comply with the following requirements:
All online transactions should be identified with the correct Electronic Commerce Indicator (ECI). The ECI should be entered into the appropriate field of the authorization and settlement messages to identify internet transactions as such. Your payment processing provider should help you implement the ECI which is required for all internet transactions.
New authorizations should be obtained when the original ones expire. Web-based merchants that ship merchandise more than seven days after the original authorization (back order), should obtain a new authorization before proceeding with the shipment. This practice protects internet merchants from chargebacks due to no authorization.