Every online order comes with a story, and it starts with a split-second choice at checkout: Should the transaction move forward or be stopped? That call ultimately requires an understanding of the approval vs. authorization transaction process. The bank decides whether to authorize the transaction, and the merchant decides whether to approve it. So what does each step really mean and what happens behind the scenes during the decision process? And how can merchants use better data to influence the bank’s authorization choice while making smarter approval calls on your own? Let’s take a look.
TL;DR
- Every online sale involves a critical two-step check: Authorization (by the bank) and Approval (by the merchant).
- The bank only checks if the transaction can happen (funds available); the merchant must check if it should happen (low fraud risk).
- Banks often decline good customers (false declines) or let sophisticated fraud through because they lack crucial data.
- Merchants get stuck paying fees and losing sales as a result.
- The key to increasing revenue is using pre-authorization to give banks the extra data they need to approve more good orders.
What is a transaction authorization?
A transaction authorization occurs when the issuing bank approves a payment after the shopper clicks “Pay”.
How does a transaction authorization work?
Once the transaction request is sent through the merchant’s gateway and the card network, the issuing bank runs checks to confirm:
- The card is not expired or frozen
- The card hasn’t been reported lost or stolen
- The funds are available
- The transaction isn’t being attempted from a flagged location
- The transaction passes any of the bank’s other built-in fraud filters
If the checks don’t raise any alarm bells, the bank places a temporary hold on the shopper’s funds. It then sends an authorization code back to the merchant which signals that the order can move forward. The reserved funds are ready to be captured once the merchant fulfills the purchase and initiates settlement. However, if the checks uncover any red flags, the transaction is declined.
| Example: A shopper wants to buy a $1,200 designer handbag. The issuing bank runs its standard checks when it receives the transaction request. The checks confirm the card is valid, but there’s only $1,000 available in the account. Because there aren’t enough funds to cover the purchase, the authorization request is declined. The bank never issues an authorization code so the transaction doesn’t move forward to the merchant. |
What is a transaction approval?
Authorization occurs on the bank’s side, but approval is processed on the merchant’s side. After receiving the bank’s authorization code, the merchant decides whether to approve or decline the transaction.
How does a transaction approval work?
Liability shifts to the merchant at this stage, so approvals are often guided by a deeper fraud review, with operational factors — like if an item is still in stock — also playing a role. If the order clears your review or your fraud management solution’s checks, the merchant approves it, fulfills the purchase and captures the funds. If the merchant voids the transaction or misses the capture window, the authorization hold expires and the funds return to the customer.
Example: A customer places an order for a $150 pair of sneakers. The issuing bank runs its basic checks (confirming the card is valid, funds are available and no obvious red flags appear) and then returns an authorization code. From there, your fraud system takes a closer look. It reviews the shipping and billing details, device information, geolocation and purchase history. Everything checks out, so you approve the transaction.
Approval vs. authorization transactions: Understanding the differences
In short, authorization is the bank confirming the transaction can happen while approval is the merchant confirming the transaction should happen.
| Approval | Authorization | |
| Who decides | The merchant | The credit card’s issuing bank |
| What happens | Merchant decides whether or not to capture funds and fulfill the order | Bank authorizes or declines the transaction; if authorized, a temporary hold is placed on the funds and a code is sent to the merchant |
| Decision factors | Deeper fraud signals, risk and internal operational controls | Basic fraud check results, card validity and available funds |
| When it typically happens | After the bank authorizes the transaction | Right after the transaction request happens |
| Liability | Fraud liability shifts to the merchant once authorization is granted by the card issuer | Bank carries liability until authorization is issued |
| Decision result | Approve, decline or flag for manual review | Authorization code (if approved) or decline |
| Merchant impact | Directly affects conversion, fraud losses and customer experience | False declines here can block good customers and stop sales before they reach the merchant, affecting customer experience |
How to measure transaction authorization and approval results?
Once you understand the differences between authorization and approval, the next step is measuring how each process is working.
Authorization rate
The authorization rate is the percentage of transactions successfully authorized by issuers (i.e. those that received an authorization code). While a good bank authorization rate sits at around 85%, even a modest 1% to 2% lift can have a big impact on your bottom line over time.
For example, say you’re an online footwear retailer. You process 250,000 online orders a month with an average order value of $80. If your authorization rate goes up by just 1%, that’s 2,500 more customers whose orders go through. At $80 each, that’s an extra $200,000 in monthly revenue.
Approval rate
The approval rate measures the share of bank-authorized transactions that you, the merchant, move forward with. A healthy approval rate is highly variable, depending on vertical, product mix and risk appetite, but if your approval rate falls out of the mid-to-upper 90% range, it may signal overly strict fraud filters or too many orders stuck in manual review.
Chargeback rate
The chargeback rate tracks the percentage of approved transactions that later come back as fraud disputes. While banks stop the obvious risks during authorization, more sophisticated fraud attempts can slip through and land in your review process. If those risks aren’t caught before you approve the sale, the fraud liability (and the chargeback) falls on you.
A higher chargeback rate signals shortcomings in your defenses that are allowing fraudulent orders to pass through. A lower chargeback rate shows your approval process is doing its job — stopping fraud before it turns into disputes or lost revenue. A zero or incredibly low chargeback rate, on the other hand, often indicates that your fraud filters and strategies are overly aggressive. In that case, you’re almost certainly rejecting good customers and turning away their orders.
Though tracking these rates shows you how the authorization and approval processes are performing today, numbers alone don’t paint the full picture. They don’t explain why outcomes look the way they do. Closing that divide begins with understanding where traditional bank authorization processes fall short — and what that means for your business.
How traditional transaction authorization processes impact merchants
Issuing banks make fast authorization calls, but they do it with limited visibility. They can confirm basic details, but they lack the context that comes from richer signals merchants see. Because of this, they can’t see the full story behind the transaction. Without access to deeper data during the authorization process, banks can turn away legitimate orders. And you’re responsible for any fees tied to declined authorizations.
Fees on doomed transactions
Even when fraud is obvious, the transaction still travels from the processor to the bank for authorization, and each step adds authorization fees. In card-testing attacks, for instance, fraudsters run thousands of small transactions to check if stolen cards are valid. Although each attempt only costs a few cents, together they can quickly stack up into a significant bill that you’re left to cover.
Sophisticated fraud can still get through
Authorization protects against basic fraud signals, but it doesn’t account for more complex attacks like account takeovers (ATOs) or triangulation fraud. Those transactions can make it through to fulfillment, leaving you responsible for the chargeback fees and operational costs that follow.
False declines block good customers
Some declines stop true fraud, but others mistakenly block loyal shoppers. In fact, according to Signifyd data, 15% of orders are falsely declined for authorization by banks. Why? Without enough context to separate good from bad, issuers err on the side of caution, causing merchants to lose sales from trustworthy customers.
Lower authorization rates reduce revenue
Card-not-present (CNP) transactions are considered riskier since there’s no physical card or cardholder present, leading banks to apply stricter rules across the board. As a result, authorization rates for online transactions are roughly 10 percentage points lower than for in-store transactions. For ecommerce merchants, that difference can mean thousands of declined orders every month and millions in revenue lost to transactions that should have been approved.
All of these challenges point to the same underlying gap: Each bank’s transaction authorization decisions are based on thin data. Without more insight, it’s difficult to consistently separate trusted shoppers from bad actors. On the bright side, introducing processes like pre-authorization can help.
How pre-authorization fills gaps in bank decision processes
Pre-authorization acts as a bridge between the limited checks banks perform and the richer context merchants can provide. Instead of sending transactions to the bank with limited details, merchants can route them through a payment optimization solution, like Signifyd’s Authorization Rate Optimization, to enrich the data upfront. Doing so allows you and issuers to:
- Stop obvious fraud early: Ecommerce transactions that never had a chance of being approved, like those containing enough red flags to be deemed fraudulent by machine learning (ML) models, are identified before reaching the bank’s authorization process. By filtering them out upfront, you avoid paying authorization fees on transactions that are destined to fail.
- Gain a deeper understanding of the risk level involved with each order: Pre-authorization layers in data points banks can’t see on their own, including order history, device type and shopper behavior. This added context helps reassure issuers that orders that appear risky with the barest of data are actually legitimate orders.
- Send cleaner traffic to banks: By holding back risky transactions, merchants build issuer trust by only sending through safer orders. Over time, this creates a halo effect: the more consistently clean traffic issuers see, the more CNP transactions they approve.
- Share richer data upfront: Though issuers have deep insights into their cardholders’ spending habits, they only see limited fields like merchant ID, timestamp and dollar amount when it comes to single transactions. That lack of context can cause issuers to err on the side of caution and decline good orders. By running orders through a Payment Optimization Platform like Signifyd’s, you can share deeper signals — like risk scores and liability acceptance — that provide issuers with the additional context they need to confidently reel in their fraud controls.
- Protect the customer experience: When fraud checks happen only after authorization, bots and bulk resellers can still scoop up limited products, leaving real customers empty-handed. Pre-authorization stops those unwanted buyers earlier, keeping more high-demand items in-stock for real customers.
At the end of the day, pre-authorization changes the story at checkout by filling in the missing pieces banks can’t see. Instead of paying fees on fraud that never should have reached authorization, you stop it early. Honest shoppers get approved more often. And issuers get the context they need to greenlight the right transactions.
Turn more authorizations into approvals with Signifyd
Every approved or declined online order tells its own tale — and it ends with the choices made at checkout. The question is if those choices add friction and fees, let bad actors slip through or open the door to more good customers and revenue.
With Signifyd’s Authorization Rate Optimization solution, you can filter fraud out early, send cleaner traffic to banks and give issuers the confidence to raise authorization rates by up to 3%.
Curious about what your checkout story could look like See how Adorama reached a 97% approval rate while keeping fraud in check with Signifyd.
FAQs
What is the difference between authorization and approval?
The difference between authorization and approval is who makes the decision and what it covers. Authorization is the issuing bank’s call on whether the card-not-present (CNP) transaction can move forward. Approval, on the other hand, is the merchant’s decision on if the transaction should progress on through fulfillment, capture and settlement after receiving that authorization code.
Can a transaction be approved but not authorized?
No. Approval is only possible after a bank authorizes the transaction. If the authorization is declined, the merchant cannot approve the transaction.
Photo by Getty Images
Looking to optimize your authorization rate? Let’s talk.
