Mutt
Professional
- Messages
- 1,459
- Reaction score
- 1,251
- Points
- 113
In a number of cases, when making a payment transaction with a bank plastic card, it is required to receive "good" from the issuing bank for its successful completion - to go through the authorization procedure.
This applies to those cases when the customer uses a magnetic card to pay or when the purchase amount exceeds the amount of a one-time limit provided for one operation. Since the magnetic card does not contain information about the state of the account on its board, you need to obtain permission from the bank to make a payment.
At its core, authorization of a bank card is a process of granting a remote permission by the issuing bank to conduct a specific operation using this payment card.
Authorization methods
There are two ways to log in:
Voice - when the seller contacts the bank performing operations with the card (acquiring bank) or the acquirer center by phone. Currently, with the development of communications, it is practically not used;
Automatic, i.e. by requesting permission for the operation through the POS terminal to the acquiring bank.
The acquirer sends the request (transaction) to the center that is authorized to authorize it. Usually, such a center is the issuing bank, but the issuer can transfer the right to conduct authorization to the acquiring bank or processing data center that provides such services.
The bank often acts as an acquirer and issuer. For example, if Sberbank (issuer) plastic is paid for a purchase through a POS terminal of the same bank (acquiring), then Sberbank will send a request for authorization to its data center and make a decision.
Types of authorization modes
Online authorization (direct, for example, at the time of payment by card);
Offline authorization (deferred).
Online authorization algorithm:
1. Submitting a request for authorization (using one of the above methods).
2. Processing by the authorization center of the information received from the outlet. The data in its database are taken into account: information about the cardholder, the limit and other possible restrictions.
3. The authorization center makes a decision to carry out the transaction. If the analysis of the available data confirms the possibility of making a payment (passes through the limits, etc.), then its transaction is approved, while the card limit is reduced in proportion to the completed transaction. In the event that information is revealed that indicates that the card is in the stop list or the balance of funds is not enough to complete the transaction, the client is denied the transaction.
In case of voice authorization, consent to the operation is the provision of an authorization code.
4. Making a check.
During voice authorization, the seller, after making sure that the operation can be carried out, draws up a check (slip), in which the card data must be entered (this is done using an imprinter) and an authorization code (without this code, the check will not be accepted for payment by the bank) acquirer).
If the transaction is carried out in automatic mode, then a receipt is printed out with the data of the completed transaction and indicating that the payment was made using the card.
5. Reimbursement of the transaction value to the outlet.
The acquiring bank is responsible for transferring funds to the seller's current account. In the event that all authorization rules were not followed during the transaction, the payment system has legal grounds not to reimburse the acquirer for the transaction.
This online authorization procedure is the most established and widespread. It has several advantages and disadvantages. The issuing bank processes transactions in a real time period and can manage the accounts of cardholders, respond promptly to an unforeseen situation and block cards (including when they are stolen or lost). The time interval from depositing funds to the account and until they are received in the database is minimized.
As for the shortcomings of this system, this authorization cannot be called fast, it presupposes the preservation of checks, and the actual withdrawal of funds is carried out later than the direct execution of the transaction.
In addition, the online mode directly depends on the connection speed of communication systems (often cellular communication is used for data exchange), and in the event of a malfunction in the processing center or no connection, further transactions at all points of sale will be impossible until the latter are fully restored.
With the advent of smart cards (with a chip), offline authorization became possible. All information necessary for a transaction is stored directly in the card memory (data on the limit balance and information on the latest payment transactions). At the point of sale, special intelligent POS terminals with a large memory capacity must be used. They accumulate transactions (card payments during the day), which are transferred to the acquiring bank or processing center at the end of the working day. The terminals are also loaded with a stop list with a database on payment cards prohibited for acceptance, which is periodically updated.
Algorithm for authorization in offline
This system allows making calculations even in the event of a malfunction of the central computer and communication (the data can be collected on an external medium by a representative of the acquirer). The only disadvantage for the client is the longer interval between depositing funds to the account and their receipt in the database.
This applies to those cases when the customer uses a magnetic card to pay or when the purchase amount exceeds the amount of a one-time limit provided for one operation. Since the magnetic card does not contain information about the state of the account on its board, you need to obtain permission from the bank to make a payment.
At its core, authorization of a bank card is a process of granting a remote permission by the issuing bank to conduct a specific operation using this payment card.
Authorization methods
There are two ways to log in:
Voice - when the seller contacts the bank performing operations with the card (acquiring bank) or the acquirer center by phone. Currently, with the development of communications, it is practically not used;
Automatic, i.e. by requesting permission for the operation through the POS terminal to the acquiring bank.
The acquirer sends the request (transaction) to the center that is authorized to authorize it. Usually, such a center is the issuing bank, but the issuer can transfer the right to conduct authorization to the acquiring bank or processing data center that provides such services.
The bank often acts as an acquirer and issuer. For example, if Sberbank (issuer) plastic is paid for a purchase through a POS terminal of the same bank (acquiring), then Sberbank will send a request for authorization to its data center and make a decision.
Types of authorization modes
Online authorization (direct, for example, at the time of payment by card);
Offline authorization (deferred).
Online authorization algorithm:
1. Submitting a request for authorization (using one of the above methods).
2. Processing by the authorization center of the information received from the outlet. The data in its database are taken into account: information about the cardholder, the limit and other possible restrictions.
3. The authorization center makes a decision to carry out the transaction. If the analysis of the available data confirms the possibility of making a payment (passes through the limits, etc.), then its transaction is approved, while the card limit is reduced in proportion to the completed transaction. In the event that information is revealed that indicates that the card is in the stop list or the balance of funds is not enough to complete the transaction, the client is denied the transaction.
In case of voice authorization, consent to the operation is the provision of an authorization code.
4. Making a check.
During voice authorization, the seller, after making sure that the operation can be carried out, draws up a check (slip), in which the card data must be entered (this is done using an imprinter) and an authorization code (without this code, the check will not be accepted for payment by the bank) acquirer).
If the transaction is carried out in automatic mode, then a receipt is printed out with the data of the completed transaction and indicating that the payment was made using the card.
5. Reimbursement of the transaction value to the outlet.
The acquiring bank is responsible for transferring funds to the seller's current account. In the event that all authorization rules were not followed during the transaction, the payment system has legal grounds not to reimburse the acquirer for the transaction.
This online authorization procedure is the most established and widespread. It has several advantages and disadvantages. The issuing bank processes transactions in a real time period and can manage the accounts of cardholders, respond promptly to an unforeseen situation and block cards (including when they are stolen or lost). The time interval from depositing funds to the account and until they are received in the database is minimized.
As for the shortcomings of this system, this authorization cannot be called fast, it presupposes the preservation of checks, and the actual withdrawal of funds is carried out later than the direct execution of the transaction.
In addition, the online mode directly depends on the connection speed of communication systems (often cellular communication is used for data exchange), and in the event of a malfunction in the processing center or no connection, further transactions at all points of sale will be impossible until the latter are fully restored.
With the advent of smart cards (with a chip), offline authorization became possible. All information necessary for a transaction is stored directly in the card memory (data on the limit balance and information on the latest payment transactions). At the point of sale, special intelligent POS terminals with a large memory capacity must be used. They accumulate transactions (card payments during the day), which are transferred to the acquiring bank or processing center at the end of the working day. The terminals are also loaded with a stop list with a database on payment cards prohibited for acceptance, which is periodically updated.
Algorithm for authorization in offline
- Placing the card into the terminal's reader;
- Information exchange and identification between the card and the terminal;
- Checking the limit and, if it is sufficient, the execution of the transaction by reducing the limit by the amount of the transaction;
- The terminal fixes information about the transaction and prints out the receipt;
- Transfer of information about the transactions accumulated for the day to the processing center (or acquiring bank) (once a day).
This system allows making calculations even in the event of a malfunction of the central computer and communication (the data can be collected on an external medium by a representative of the acquirer). The only disadvantage for the client is the longer interval between depositing funds to the account and their receipt in the database.
