Knowing the Credit Card Authorization Codes Can Help Avoid Chargebacks
Is there really that much you need to know about credit card transactions? After all, a cardholder slips a chip card into your POS terminal and, moments later, ‘approved’ or ‘denied’ pops up on the screen.
Pretty straightforward, right? Well, maybe not.
The authorization process is complex. Knowing the difference between credit card authorization codes can mean the difference between a successful transaction and losing money to fraud. Knowledge of credit card authorization codes can even help you fight back against chargebacks in some cases.
In this article, we’ll discuss what credit card authorization codes are and how they work. We’ll run down a list of standard credit card approval codes, and explain how to use them properly.
Recommended reading
- Authorization Holds: What are They & Why Are They Used?
- How To Fix A Declined Debit Card
- Credit Card Decline Codes: The Complete List for 2024
- What Are Transaction IDs? How They Help Stop Fraud
- Authorization Optimization: How to Raise Your Auth Rate
- What are AFT Transactions? How are They Different From OCTs?
What is an Authorization Code?
- Authorization Code
A credit card authorization code is an alphanumeric code, typically between 2-6 figures long, meant to indicate whether or not a credit card transaction has been approved. If a transaction has been declined, the authorization code will provide further details.
[noun]/* ô • THər • ə • zā • sh(ə)n • kōd/
When the cardholder’s card is swiped or their chip is inserted into your EMV reader, your POS terminal relays a digital fingerprint to the issuing bank for verification and permission to process. A few seconds later, approval or denial is rendered back to the terminal. If the cardholder has the appropriate funds available in their account, and the bank doesn’t detect any red flags, then the card should be deemed safe to process.
A credit card authorization code is the string of numbers that accompany either ‘accepted’ or ‘declined’ messages as part of the transaction process. This all happens in real-time, and the process rarely lasts longer than one minute.
Keep in mind, authorization doesn’t mean the transaction is guaranteed against fraud. It only means that the account in question exists, and that it has funds or credit available.
A customer signature will be required to process the transaction for credit purchases. In contrast, a debit card transaction requires a PIN (at least in the US). For online purchases, other verification methods like a card verification value (CVV) may be used.
How Do I Find the Authorization Code?
One of the most common questions about authorization codes is where merchants can find them. The approval or decline message gets transmitted to your terminal by the issuing bank and will appear on your POS dial and at the top or bottom of a printed receipt.
Authorization codes for credit cards generally inform the merchant of a transaction’s validity in real-time.
What the authorization code cannot do, is guarantee whether or not a transaction is fraudulent. With tools like machine learning and fraud scoring, banks and processors are getting better at detecting likely fraudulent transactions. Still, nothing is foolproof.
We recommend merchants use their best judgment to gauge suspicious cardholder activity. If something seems off, don’t process the transaction. The best way to accomplish this is to deploy a multilayer strategy to detect and prevent fraud.
What do Credit Card Authorization Codes Look Like?
Some payment processors use codes that are specific to their products alone. If so, you may see a 2-digit alpha-numeric code accompanied by an approval message. Processor-specific codes can be found on your POS terminal or accompanying processing guide.
The standard credit card authorization codes are:
00
Approval
85
Approval (in general disuse)
There are several reasons why a bank may deny authorization, though. Depending on the response code, you may need to request another form of payment, or cancel the transaction altogether. Common reasons for a decline code include:
- Lost or stolen card
- The cardholder has an active hold on their account
- The cardholder lacks the funds to complete the transaction
The bank may include additional instructions along with the credit card authorization code. Examples include:
Here’s the standard list of credit card denial codes:
Response Code | Description |
01 | Declined - Call Issuer |
04 | Declined - Pick Up Card |
05 | Declined - Do Not Honor |
10 | Declined - Partial Approval |
12 | Declined - Invalid Transaction |
13 | Declined - Card Amount Invalid |
14 | Declined - Card Number Invalid |
15 | Declined - No Such Issuer |
19 | Declined - Re-Enter |
51 | Declined - Insufficient Funds |
54 | Declined - Card Expired |
55 | Declined - Wrong PIN Entered by Card Holder |
57 | Declined - Service Not Allowed |
61 | Declined - Customer Exceeds Withdrawal Limit |
62 | Declined - Restricted SIC Code |
63 | Declined - Restricted |
65 | Declined - Customer Exceeds Activity Limit |
78 | Declined - No Account |
97 | Declined - CVV MisMatch |
Can you Charge a Credit Card Without Authorization?
Here’s where credit card authorization codes get tricky.
Let’s say your internet is down, and your POS terminals aren’t able to connect with the host. You have to manually enter a transaction. What do you do then?
It is illegal for merchants to charge a credit card without the cardholder’s permission. However, there are many scenarios in which a merchant can get permission without requesting authorization through an approved POS terminal:
Authorization Forms
If a customer makes an order over the phone, the bank will need the cardholder’s express permission to process payment. In these cases, an authorization form will require the date, buyer’s address, phone number, and a signature approving the transaction.
One-Time Authorization
Authorization isn’t necessarily needed for every purchase. If a transaction is recurring, like a subscription service, you’ll only need authorization for the initial payment. Ongoing payments, as in charging a customer a pre-agreed amount every 30 days after the original approval, do not require their own credit card authorization code.
Signature Verification
Technically, most credit card transactions are supposed to require some form of photo identification to process payment. However, according to Visa and Mastercard specifically, the signature on the back of a card provides your authorization, and that signature will be compared to others on file.
What About Online Purchases?
Online purchases require authorization, just like any purchase. However, they don’t require physical authorization via a POS terminal.
Digital signatures or buttons that prod a buyer to ‘approve the purchase’ supply the necessary verification to the bank. As the merchant, you’re then responsible for deploying fraud detection technologies like CVV verification and Address Service Service (AVS) to prevent fraud. If the buyer has two-party verification enabled, they will have to complete that process to make a purchase, too.
Remember: authorization codes for credit cards are not meant to eliminate fraud. They merely verify that the cardholder’s account is in good standing, and that there are funds available.
Yes, credit card authorization codes do expire. If you do not complete the transaction within a timely manner, you may lose your authorization and need to request it again. If the final price of a purchase is not known at the time of the initial transaction (restaurants, hotels, card rentals,etc.), then you should request an anauthorization hold.
Authorization-Related Chargebacks
All the major card networks use chargeback reason codes to convey the reason for a chargeback. Some of these reason codes are specifically designated to apply to authorization-related issues. Visa, for example, has reason codes:
The most important point to help avoid authorization-related chargebacks is to never push through transactions that have been declined. You should reattempt a transaction only when the declined authorization code tells you you can. Otherwise, you should pass on the sale. In fact, there are even some situations in which you should reverse an authorization after receiving a positive message.
A few best practices that every merchant can follow to limit errors and the opportunity for authorization-related chargebacks include:
- Always authorizing every transaction in accordance with card network rules.
- Obtaining authorization on the same day as the transaction
- Not including tips or other adjustments on a previously-authorized amount.
- Discontinuing a transaction if the card has been declined.
- Asking for another form of payment after a card decline.
- Checking the Card Recovery Bulletin (CRB) when required.
Other Chargeback Questions?
Seeking a credit card authorization code can be a deceptively-complicated matter. There are a number of pitfalls that can lead you to reject a legitimate purchase…or even worse, accept a purchase that you should have rejected.
Not to worry: the experts at Chargebacks911® have your back.
Chargebacks911 offers the most comprehensive chargeback management services and products available. Our transparent, end-to-end solutions go beyond prevention to revenue recovery and future growth.
Whatever you need to help in the fight against chargebacks, we’ve got it. Contact us today for a free demo.