Authorization and Transaction flow
Completing a purchase by tapping the point-of-sale (POS) terminal or entering card details through a payment gateway may seem straightforward, but the complexity of the process behind it is not always apparent to everyone.
Card transaction is a complex process which provides swift and secure solution for cardholders and merchants to find a way to complete purchase without the necessity of using physical currency. This process can be segmented into two phases: authorization and clearing&settlement. The simplified authorization process is outlined below.
| # | Action | Description |
|---|---|---|
 |
Card is issued. | Initially, the Issuer issues the card. The card is then associated with the cardholder and the account containing the balance that can be charged. |
 |
Purchase is initiated. | When the cardholder decides to make a purchase, such as buying goods or services, for example, a cup of coffee at their favorite coffee shop, the transaction is initiated by tapping the card on the payment terminal. |
 |
Authorization request is sent from the payment terminal. | The payment terminal then sends an authorization request to the Acquirer, the entity providing the payment solution to the coffee shop. |
 |
Authorization request is sent to the Card association. | The Acquirer confirms and forwards the authorization request to the Card association. |
 |
Authorization request is routed to the Issuer. | The Card association identifies the Issuer that issued the card, verifies the request, and sends it to the Issuer for the final confirmation. |
 |
Authorization response is sent back to the Card association. | Upon receiving the authorization request, the Issuer checks limits, restrictions, and the account balance linked to the card. If there is sufficient balance and no limits or restrictions are preventing the transaction from happening, the Issuer generates an Authorization response and sends it back to the Card association. The approved amount is subsequently reserved, creating a hold on the account balance. As a result, the cardholder is unable to utilize the entire account balance and the transaction is waiting to be settled. |
 |
Authorization response is routed to the Acquirer. | The Card association verifies and forwards the authorization response to the Acquirer. |
 |
Authorization response is delivered to the payment terminal. | After receiving the authorization response, the Acquirer transmits it to the payment terminal, which then displays the confirmation of the transaction. The cardholder is now able to collect and enjoy their purchased cup of coffee. |
When authorization phase is completed, hold is placed on the cardholder's account, and the goods are collected by the cardholder. Subsequently, the clearing and settlement phase is initiated. During the clearing and settlement phase, the Acquirer generates a clearing message, which serves as the basis for the settlement process. Following this, the Acquirer retrieves from the Card Association the transaction amounts associated with all approved transactions, and the Card Association debits the Issuer accordingly.
The Card Management System (CMS) becomes involved in this process at the Issuer level, where it collaborates with the Authorization core to oversee proper card management and transaction validations based on the established business rules in CPD or directly by the personalized card settings.
LightCMS and @Core Engine integrated overview
The CMS and Authorization core play integral roles in the transaction validation process, where they can be described as the Business validation layer. This layer offers to Issuer the ability to form their Card Products and allows its cardholders to personalize their cards according to their needs. CMS and Authorization core offers complex customization according to which the final transaction confirmation is decided, which is then communicated in the authorization response. The business validation layer can also be defined through the distinct services performed by the CMS and Authorization core.
Card management system provides:
- Card Management i.e. card issuance, blocking, revoking etc.
- Card product configuration
- Restrictions and limits customization
Authorization core system provides:
- Card settings, limits and restrictions execution
- Account balance check
- Authorization hold management
- Ability to work as Stand in processing
There can be recognized two additional validation layers provided by the Card processor. Card processor is responsible for the technical validation of the transaction, including tasks such as PIN/CVV/CVC verification, expiration date and card number validation, as well as cryptogram verification. Furthermore, the card processor can offer fraud validation to identify potential fraudulent scenarios and decline authorizations for transactions included within these scenarios.