On this page:


The AUTHENTICATE and AUTHORISE methods are available to merchants who are either:

  • Unable to fulfil the majority of orders in less than 6 days, or
  • Sometimes unable to fulfil orders after 30 days or,
  • Do not know the exact amount of the transaction at the time the order is placed.

For example, when items are shipped and priced by weight, or items are affected by foreign exchange rates.

How Authenticate and Authorise Transactions Work

Unlike PAYMENT or DEFERRED transaction types:

  • AUTHENTICATE transactions do not obtain an authorisation at the time the order is placed.
  • The card and cardholder are validated using the 3D-Secure mechanism provided by the card-schemes and card issuing banks, and aim to authorise later.
Note: When using the AUTHENTICATE and AUTHORISE transaction type, the transaction is always REGISTERED because the transaction is not 3D-Secured.



The authenticate process is as follows:

  1. Your site must register the transaction with a TxType of AUTHENTICATE, and the customer is asked to enter their payment details directly on your website.
  2. We verify the card number and check the 3D-Secure directories if the card is part of the scheme. If the card is part of the scheme, you will need to follow the 3D Secure redirection process.
  3. Authentication takes place:
    1. When the customer passed authentication with their bank, we respond with a Status of AUTHENTICATED and a CAVV value is returned. You can store this if you want.
    2. If they have not passed authentication, your rule base is consulted to check if they can proceed for authorisation. If not, we will respond with a Status of REJECTED.
    3. If they failed authentication and your rule base allows them to proceed, we will respond with a Status of REGISTERED.

In all cases:

  • The customer’s card is never authorised.
  • There are no shadow transactions placed on the customer’s account.
  • Your acquiring bank is not contacted.

The customer’s card details and their associated authentication status are stored by Opayo. You must AUTHORISE or CANCEL the transaction within 90 days (a limit set by the card schemes) using either:


When you carry out an AUTHENTICATE transaction, we will perform a zero value authorisation (ZVA) against that card. This is to remain compliant with industry mandates. No funds will change hands at this point. You can still AUTHORISE the transaction (as below) for the amount you wish to take. See here for more details.
If you wish to register a token using an AUTHENTICATE , you may do so, but passing a value of 0 in the amount field - we will still carry out a ZVA in order to remain SCA compliant. No money will change hands until you elect to use that token, however. 
Important: For transactions made using the International Maestro card, you must AUTHORISE or CANCEL the transaction within 30 days.


When you are ready to fulfil the order, to charge the customer you must AUTHORISE the transaction.

You can:

  • Authorise for any amount up to 115% of the value of the original Authentication
  • Use any number of Authorise requests against an original Authentication.

When the total value of the authorisation does not exceed the 115% limit and the requests are inside the 90 days limit, the transactions will be processed by Opayo:

  • Your acquiring bank is contacted for an authorisation code.
  • AVS/CV2 checks are performed and rules applied as normal.

This allows you greater flexibility for partial shipments or variable purchase values. If the AUTHENTICATE transaction was AUTHENTICATED (as opposed to simply REGISTERED) all authorisations are fully 3D-Secured.

When you have completed all your Authorisations, or when you do not want to take any, you can CANCEL the AUTHENTICATE and prevent further Authorisations being made against the card. This happens automatically after 90 days.

Related Links