The purpose of authorization services is to support authorization and verification across payment types. An authorization requires the execution of many different functions.
- Account balance checking
- Limits checking
- PIN verification
- Scriptable logic that can be invoked to perform authorizations.
- Sscripts for specific types of transactions
- Which scripts should be executed
Depending on the type of transaction, authorization requires the execution of many different functions including but not limited to Pin Verification, Limit Checking, Account Balance Checking, Memo Post to hold funds.
Implementation of Authorization Services must include scriptable logic that can be invoked to perform authorization.
Authorization scripts may be developed to authorize a specific type of transaction; use of information about the acquirer routing, destination routing and data from the transaction such as account type, user authentication method to determine which scripts should be executed.
Customers should have the ability to configure Authorization Services to the specific granularity they desire; course grained for implementation of common scripts or fine grained to implement transaction specific scripts.
The architecture of the Authorization Services must deliver on its four most important non-functional requirements:
- Scalability: Apply as described in the Channel Services.
- Availability: Apply as described in the Channel Services.
- Flexibility/Configurability: Authorization actions are different by transaction type and require the
Authorization Service to support Flexibility/Configurability non-functional requirements to determine what authorization
and/or verification actions must be completed.
Authorization Services must support Flexible/Configurable environment utilizing scriptable authorization logic.
- Traceability/Supportability: The Authorization Services architecture must support an infrastructure
to trace authorization steps;
Supportability will be enhanced by the ability to trace authorization steps in the service.
Authorization Services in Retail Financial Transactions
Authorization of retail financial transactions are currently completed by the cardholder’s issuing institution, payment network or acquiring institution.
The authorization and processing of retail payments by the networks are accomplished using single or dual message mechanisms.
The mechanism used has impacts on reconciliation and settlement processing that is explained in the following sections.
During authorization the card issuer performs the following common steps:
- Performs edit checks,
- Verifies cardholder entered PIN,
- Verifies card expiration date,
- Checks card status,
- Checks limits and balances,
- Performs real-time fraud detection scoring and
- Places a hold on funds for the amount of the transaction.
The stand-in authorizer will perform a subset of the issuer’s authorization steps described above as agreed between the issuer and the stand-in authorizer.
Example: Implementation of floor limits to determine acceptance or denial of a transaction based on the transaction amount.