On this page:
Overview
The AUTHENTICATE and AUTHORISE methods are available to merchants who are either:
- Unable to fulfil the majority of orders in less than 6 days, or
- Sometimes unable to fulfil orders after 30 days or,
- Do not know the exact amount of the transaction at the time the order is placed.
For example, when items are shipped and priced by weight, or items are affected by foreign exchange rates.
How Authenticate and Authorise Transactions Work
Unlike PAYMENT or DEFERRED transaction types:
- AUTHENTICATE transactions do not obtain an authorisation at the time the order is placed.
- The card and cardholder are validated using the 3D-Secure mechanism provided by the card-schemes and card issuing banks, and aim to authorise later.
Authenticate
The authenticate process is as follows:
- Your site must register the transaction with a TxType of AUTHENTICATE, and the customer is asked to enter their payment details directly on your website.
- We verify the card number and check the 3D-Secure directories if the card is part of the scheme. If the card is part of the scheme, you will need to follow the 3D Secure redirection process.
- Authentication takes place:
- When the customer passed authentication with their bank, we respond with a Status of AUTHENTICATED and a CAVV value is returned. You can store this if you want.
- If they have not passed authentication, your rule base is consulted to check if they can proceed for authorisation. If not, we will respond with a Status of REJECTED.
- If they failed authentication and your rule base allows them to proceed, we will respond with a Status of REGISTERED.
In all cases:
- The customer’s card is never authorised.
- There are no shadow transactions placed on the customer’s account.
- Your acquiring bank is not contacted.
The customer’s card details and their associated authentication status are stored by Opayo. You must AUTHORISE or CANCEL the transaction within 90 days (a limit set by the card schemes) using either:
- MyOpayo, or
- The Shared API.
Authorise
When you are ready to fulfil the order, to charge the customer you must AUTHORISE the transaction.
You can:
- Authorise for any amount up to 115% of the value of the original Authentication
- Use any number of Authorise requests against an original Authentication.
When the total value of the authorisation does not exceed the 115% limit and the requests are inside the 90 days limit, the transactions will be processed by Opayo:
- Your acquiring bank is contacted for an authorisation code.
- AVS/CV2 checks are performed and rules applied as normal.
This allows you greater flexibility for partial shipments or variable purchase values. If the AUTHENTICATE transaction was AUTHENTICATED (as opposed to simply REGISTERED) all authorisations are fully 3D-Secured.
When you have completed all your Authorisations, or when you do not want to take any, you can CANCEL the AUTHENTICATE and prevent further Authorisations being made against the card. This happens automatically after 90 days.
Related Links