Payment authorisation process, from start to finish

Every time a customer taps a card, clicks pay now, or enters their details at checkout, a chain of decisions fires off in the background — and the whole thing wraps up in under two seconds. That speed is easy to take for granted until an authorisation fails and a sale disappears.

Understanding the payment authorization process is crucial for UK businesses that accept credit card payments in person or online since it has a direct impact on revenue, cash flow, and consumer trust.

This guide walks through how payment authorisation works step by step, who is involved, and why transactions get declined. It also covers how Wise Business helps simplify payment processing for companies that send, receive, and manage money across borders.

💡 Learn more about Wise Business

What is Payment Authorisation?

Payment authorisation is the step where a card issuer, usually a bank, confirms that a customer's credit or debit card is valid and has enough funds or available credit to cover a transaction.¹ It is the green light that allows a sale to proceed.

Authorisation is not the same as actually moving money. Three distinct stages make up the full credit card processing cycle:

• Authorisation: the issuing bank checks the card and approves (or declines) the transaction. A temporary hold is placed on the customer's account for the approved amount.²
• Capture: the merchant's acquiring bank requests the authorised funds. Most card authorisations expire within 5 to 10 days, so capture typically happens before that window closes.²
• Settlement: the funds physically move from the customer's issuing bank to the merchant's acquiring bank, and eventually into the merchant's account.²

A transaction can be authorised and never settled: for example, if the order is cancelled before capture. That distinction matters for cash flow forecasting and reconciliation.

What is the payment authorisation process, step by step?

The payment authorisation process involves several parties exchanging information in a matter of seconds. Here is how it unfolds.

Step 1: The customer initiates the payment

The process starts when a customer presents a credit or debit card for payment — either by tapping at a point-of-sale terminal, entering card details on a website, or using a stored card for an online payment.¹

Step 2: The payment gateway encrypts and transmits the data

The merchant's payment gateway collects the card details, encrypts them, and sends an authorisation request to the payment processor.³ This request includes the card number, expiry date, transaction amount, and any fraud-detection data such as 3D Secure results.

Step 3: The payment processor routes the request

The payment processor receives the authorisation request and forwards it to the relevant card network — Visa, Mastercard, or American Express — based on the card type.¹

Step 4: The card network contacts the issuing bank

The card network routes the request to the issuing bank, which is the bank that issued the customer's card. The issuing bank runs a series of checks:¹

• Is the card valid and not reported lost or stolen?
• Does the account have sufficient funds or available credit?
• Does the transaction trigger any fraud detection rules?

Step 5: The issuing bank approves or declines

If everything checks out, the issuing bank sends an approval code back through the card network to the acquiring bank and then to the merchant.² If something fails — insufficient funds, suspected fraud, expired card — a decline code is returned instead.

Step 6: The merchant receives the response

The payment gateway displays the result to the merchant and customer. An approved transaction means the sale can proceed and an authorisation hold is placed on the customer's account. A declined transaction prompts the customer to try a different payment method.¹

The entire payment authorisation process typically completes in under two seconds.

Who is involved in payment authorisation?

Payment authorisation involves several parties working together behind the scenes to approve or decline a transaction in seconds. Each one plays a different role in verifying the payment details, checking available funds, and helping the transaction move securely from customer to business.

The Cardholder

The cardholder is the customer making the purchase. They initiate the transaction by presenting their credit or debit card details, either physically or online.

The Merchant and Acquiring Bank

The merchant is the business selling goods or services. The acquiring bank (also called the merchant acquirer) is the financial institution that processes card payments on behalf of the merchant.² It receives the authorisation request from the payment gateway and communicates with the card network to get approval from the issuing bank.

Merchants typically access acquiring services through a payment processor or merchant service provider, which bundles the technology of payment gateways, processing, and settlement into a single platform.

Wise payment gateway

Made for ecommerce with low fees and local currencies. Coming soon.

Register for updates

The Card Network (e.g., Visa, Mastercard)

Card networks act as the communication layer between the acquiring bank and the issuing bank.² They route authorisation requests, enforce processing rules, and set interchange fees. In the UK, Visa and Mastercard handle the vast majority of debit and credit card transactions.

The Issuing Bank

The issuing bank is the customer's bank or the institution that issued their card and manages their account.¹ It makes the final decision on whether to approve or decline the transaction based on available funds, card validity, and fraud risk.

Why does payment authorisation fail?

When a payment authorisation is declined, the issuing bank returns a response code indicating the reason. Here are the most common causes.

• Insufficient Funds: The most straightforward decline: the customer's account does not have enough money or available credit to cover the transaction amount.² Some banks offer overdraft protection, but it is not universal and often comes with fees.
• Card Information Errors or Expiration: Incorrect card numbers, wrong CVV codes, mismatched billing addresses, or an expired card will all trigger a decline.² This is more common with online payments, where customers manually enter their details and there is more room for typos.
• Fraud Detection Mechanisms: Issuing banks use fraud detection algorithms that flag unusual activity, like a large purchase in a new location, multiple rapid transactions, or when a card is reported lost or stolen.¹ If the transaction looks suspicious, the bank declines it as a precaution. Strong Customer Authentication (SCA) requirements under PSD2 in the UK and Europe add an extra verification layer for many online payments.⁴
• Connection Issues: Technical problems between the payment gateway, payment processor, card network, or issuing bank can interrupt the authorisation process. These are less common but can cause temporary declines, especially during peak traffic periods.³

Manage business payments the smart way, with Wise Business

While the payment authorisation process governs how card payments are approved, businesses also need efficient ways to send money, get paid, and manage funds — particularly when dealing with international suppliers, clients, or contractors.

Wise Business offers a multi-currency account that lets UK businesses hold, send, and receive money in 40+ currencies. Payments are converted at the mid-market exchange rate*, with transparent fees shown upfront.

A few features that make it practical for managing business payments:

• Local account details. Get account details in 8+ to receive payments like a local without the delays and intermediary fees that come with traditional international wire transfers.
• Batch payments. Pay up to 1,000 recipients in a single upload using a CSV file. Useful for supplier runs, contractor payouts, or payroll across borders.
• Wise Business debit cards. Issue physical and digital cards for the team to spend in 40+ currencies across 150+ countries and territories. Each card transaction goes through a real-time authorisation check against the available balance in the account.
• Accounting integrations. Sync with Xero, QuickBooks, and other platforms to keep reconciliation simple.

Whether a business is receiving online payments from international clients or sending money to suppliers in 140+ countries, Wise Business provides the tools to handle payment processing without unnecessary complexity.

Be Smart, Get Wise.

Get started with Wise Business 🚀

FAQs

What is the difference between authorisation and authentication?

Authorisation is the issuing bank's decision to approve or decline a transaction based on available funds and card validity. Authentication is the process of verifying the cardholder's identity — for example, through 3D Secure, biometrics, or a one-time passcode sent to their phone. Authentication typically happens before authorisation. In the UK and across Europe, PSD2 regulations require Strong Customer Authentication for most online payments, adding an extra layer of identity verification before the authorisation request is sent.

How long does a payment authorisation last?

Most standard authorisations expire within 5 to 10 days if the merchant does not capture the funds. For Visa and Mastercard, extended authorisation periods can last up to 30 days depending on the merchant category — hotels and car rental companies, for example, often hold authorisations longer.⁵ Once an authorisation expires, the hold on the customer's account is released and the merchant would need to submit a new authorisation to collect payment.

What happens after a payment is authorised?

After authorisation, the merchant captures the transaction — this tells the acquiring bank to request the funds from the issuing bank. Settlement follows, which is when the money actually moves between banks. For most merchants, settlement happens within one to three business days after capture.

What is an authorisation hold?

An authorisation hold is a temporary reduction in the customer's available balance or credit limit. It is placed by the issuing bank when a transaction is authorised, reserving the approved amount so the customer cannot spend those funds elsewhere before the merchant captures the payment. Authorisation holds are common at hotels, petrol stations, and delivery apps where the final transaction amount may differ from the initial estimate. The hold is released once the transaction is captured and settled, or if the authorisation expires.

---

Sources used:

1. Primer — What is Payment Authorization and How Does it Work?
2. Stripe — Card Authorisation Explained: How It Works and What Businesses Need to Know
3. TechnologyAdvice — Payment Authorization: Overview, Definition & Process
4. Visa — Strong Customer Authentication

Sources last checked: 18th May 2026