All card-not-present transactions must be authorized before they are processed. The authorization response will typically be an approval or decline. E-commerce merchants need to develop a process for handling transactions after the authorization response is received and apply it consistently.
Obtaining authorization for card-not-present transactions. Obtaining an authorization is part of the process of verifying the cardholder’s identity and the validity of the transaction. When you submit your authorization request, consider the following:
- Avoid using a $1 authorization to verify if the account is in good standing.
- If the transaction has failed Verified by Visa or MasterCard SecureCode authentication, do not submit it for authorization, but instead request an alternative payment method.
- Include the card’s expiration date in your authorization request, but do not submit requests if the card is expired or no expiration date is provided.
- Obtain the card’s security code and submit it with the authorization request. Card security codes are the three-digit numbers that are found in the signature panels on the back of Visa (CVV2), MasterCard (CVC 2) and Discover (CID) cards and the four-digit numbers that are found slightly above and to the right of the account numbers of American Express (CID) cards.
- Obtain the cardholder’s billing address. You can submit an address verification (AVS) request to the card issuer separately or as part of the authorization request. Either way, you will receive an AVS response code, separate from the authorization response code, which will tell you whether or not the address provided by your customer matches the one the issuer has on file for their cardholder.
Once you receive the authorization response from the card issuer, you should be prepared to proceed with the transaction accordingly. Consider incorporating the following best practices into your post-authorization procedures:
- For approved transactions, email your customer an order confirmation. To reduce customer disputes, include in the order confirmation details about the purchase. This will also enable you to verify the cardholder’s email address. If the email address turns out to be invalid, you should research the situation and determine whether or not the order is legitimate.
- For declined transactions, review the situation and take appropriate actions. Consider contacting your customer to obtain corrected information or an alternative payment that may allow you to complete the sale. The following procedures should be followed:
- Review authorization declines and contact customers to correct problems with their cards (e.g. wrong expiration date or card security code) or ask them for an alternative payment method.
- If the card information is corrected, make sure to obtain authorization approval from the card issuer before completing the sale.
- Regularly evaluate the success of your authorization decline review strategy and modify it, as needed.
- Monitor your transaction decline rates. This will help you identify potential problems in your post-authorization process. If the issues are adequately addressed, your approval rates and sales volumes will both increase, improving customer satisfaction in the process. In particular, you should:
- Track your order declines by reason on a daily basis.
- Separate transactions declined by the card issuer from those declined by you for suspected fraud or other reasons.
Image credit: Acteva.com.