The Ultimate Merchant’s Guide to Credit Card Authorization Codes
Is there really that much you need to know about credit card transactions? After all, a cardholder slips a chip card into your POS terminal and, moments later, ‘approved’ or ‘denied’ pops up on the screen.
Pretty straightforward, right? Well, maybe not.
The authorization process is complex. Knowing the difference between credit card authorization codes can mean the difference between a successful transaction and losing money to fraud. Knowledge of credit card authorization codes can even help you fight back against chargebacks in some cases.
In this article, we’ll discuss what credit card authorization codes are and how they work. We’ll run down a list of standard credit card approval codes, and explain how to use them properly.
Recommended reading
What is an Authorization Code?
- Authorization Code
A credit card authorization code is an alphanumeric code, typically between 2-6 figures long, meant to indicate whether or not a credit card transaction has been approved. If a transaction has been declined, the authorization code will provide further details.
[noun]/ô • THər • ə • zā • sh(ə)n • kōd/
When the cardholder’s card is swiped or their chip is inserted into your EMV reader, your POS terminal relays a digital fingerprint to the issuing bank for verification and permission to process. A few seconds later, approval or denial is rendered back to the terminal. If the cardholder has the appropriate funds available in their account, and the bank doesn’t detect any red flags, then the card should be deemed safe to process.
A credit card authorization code is the string of numbers that accompany either ‘accepted’ or ‘declined’ messages as part of the transaction process. This all happens in real-time, and the process rarely lasts longer than one minute.
Keep in mind, authorization doesn’t mean the transaction is guaranteed against fraud. It only means that the account in question exists, and that it has funds or credit available.
A customer signature will be required to process the transaction for credit purchases. In contrast, a debit card transaction requires a PIN (at least in the US). For online purchases, other verification methods like a card verification value (CVV) may be used.
How Do I Find the Authorization Code?
One of the most common questions about authorization codes is where merchants can find them. The approval or decline message gets transmitted to your terminal by the issuing bank and will appear on your POS dial and at the top or bottom of a printed receipt.
Authorization codes for credit cards generally inform the merchant of a transaction’s validity in real-time.
What the authorization code cannot do, is guarantee whether or not a transaction is fraudulent. With tools like machine learning and fraud scoring, banks and processors are getting better at detecting likely fraudulent transactions. Still, nothing is foolproof.
We recommend merchants use their best judgment to gauge suspicious cardholder activity. If something seems off, don’t process the transaction. The best way to accomplish this is to deploy a multilayer strategy to detect and prevent fraud.
What do Credit Card Authorization Codes Look Like?
Credit card authorization codes are alphanumeric strings that, depending on the processor, can range from two to six digits in length. For example: 00, 54, 97, 10002, etc.
Some payment processors use codes that are specific to their products alone. If so, you may see a 2-digit alpha-numeric code accompanied by an approval message. Processor-specific codes can be found on your POS terminal or accompanying processing guide.
The standard credit card authorization codes are:
00
Approval
85
Approval (in general disuse)
There are several reasons why a bank may deny authorization, though. Depending on the response code, you may need to request another form of payment, or cancel the transaction altogether. Common reasons for a decline code include:
- Lost or stolen card
- The cardholder has an active hold on their account
- The cardholder lacks the funds to complete the transaction
The bank may include additional instructions along with the credit card authorization code. Examples include:
Here’s the standard list of credit card denial codes:
| Response Code | Description |
| 01 | Declined - Call Issuer |
| 04 | Declined - Pick Up Card |
| 05 | Declined - Do Not Honor |
| 10 | Declined - Partial Approval |
| 12 | Declined - Invalid Transaction |
| 13 | Declined - Card Amount Invalid |
| 14 | Declined - Card Number Invalid |
| 15 | Declined - No Such Issuer |
| 19 | Declined - Re-Enter |
| 51 | Declined - Insufficient Funds |
| 54 | Declined - Card Expired |
| 55 | Declined - Wrong PIN Entered by Card Holder |
| 57 | Declined - Service Not Allowed |
| 61 | Declined - Customer Exceeds Withdrawal Limit |
| 62 | Declined - Restricted SIC Code |
| 63 | Declined - Restricted |
| 65 | Declined - Customer Exceeds Activity Limit |
| 78 | Declined - No Account |
| 97 | Declined - CVV MisMatch |
Can you Charge a Credit Card Without Authorization?
No. However, if your terminal is down, you can have the cardholder fill out an authorization form, provide a signature, or manually secure a one-time authorization.
Here’s where credit card authorization codes get tricky.
Let’s say your internet is down, and your POS terminals aren’t able to connect with the host. You have to manually enter a transaction. What do you do then?
It is illegal for merchants to charge a credit card without the cardholder’s permission. However, there are many scenarios in which a merchant can get permission without requesting authorization through an approved POS terminal:
Authorization Forms
One-Time Authorization
Signature Verification
What About Online Purchases?
Online purchases require authorization, just like any purchase. However, they don’t require physical authorization via a POS terminal.
Digital signatures or buttons that prod a buyer to ‘approve the purchase’ supply the necessary verification to the bank. As the merchant, you’re then responsible for deploying fraud detection technologies like CVV verification and Address Verification Service (AVS) to prevent fraud. If the buyer has two-party verification enabled, they will have to complete that process to make a purchase, too.
Remember: authorization codes for credit cards are not meant to eliminate fraud. They merely verify that the cardholder’s account is in good standing, and that there are funds available.
Learn more about bank chargebacks
Authorization-Related Chargebacks
To avoid authorization-related chargebacks, don’t reattempt transactions that have been declined.
All the major card networks use chargeback reason codes to convey the reason for a chargeback. Some of these reason codes are specifically designated to apply to authorization-related issues. Visa, for example, has reason codes:
The most important point to help avoid authorization-related chargebacks is to never push through transactions that have been declined. You should reattempt a transaction only when the declined authorization code tells you you can. Otherwise, you should pass on the sale. In fact, there are even some situations in which you should reverse an authorization after receiving a positive message.
A few best practices that every merchant can follow to limit errors and the opportunity for authorization-related chargebacks include:
- Always authorizing every transaction in accordance with card network rules.
- Obtaining authorization on the same day as the transaction.
- Not including tips or other adjustments on a previously-authorized amount.
- Discontinuing a transaction if the card has been declined.
- Asking for another form of payment after a card decline.
- Checking the Card Recovery Bulletin (CRB) when required.
Other Chargeback Questions?
Seeking a credit card authorization code can be a deceptively-complicated matter. There are a number of pitfalls that can lead you to reject a legitimate purchase…or even worse, accept a purchase that you should have rejected.
Not to worry: the experts at Chargebacks911® have your back.
Chargebacks911 offers the most comprehensive chargeback management services and products available. Our transparent, end-to-end solutions go beyond prevention to revenue recovery and future growth.
Whatever you need to help in the fight against chargebacks, we’ve got it. Contact us today for a free demo.
FAQs
What are authorization response codes?
Authorization response codes are alphanumeric strings, typically two to six digits long, that indicate the status of a transaction. These codes are generated by card issuers in response to a merchant's request for transaction authorization.
What is a 6-digit approval authorization code?
A six-digit approval authorization code is a credit card authorization code that is sent by the issuing bank to the merchant when a transaction is attempted.
How do I find my 6-digit authorization code?
You can find your six-digit authorization code at the top of your receipt. If you are a merchant, your point-of-sale device will also record authorization codes.
What is the difference between authorization code and approval code?
The term “authorization code” and “approval code” are used interchangeably. Both terms refer to a two-to-six-digit code that appears when a merchant attempts a transaction.
What does an authorization code look like?
A credit card authorization code is typically a two to six digit-long alphanumeric code. Examples include 00, 01, 97, and 10002.
What is a wrong authorization code?
A wrong authorization code, commonly known as a decline code, appears when an issuing bank declines a transaction attempted by a merchant.
