8. Opayo servers request card authorisation

On this page:


Card authorisation is requested as follows:

  1. Our Opayo servers format a bank-specific authorisation request to pass to your merchant acquirer over the private banking network. The call includes the 3D-Secure authentication values when present.
  2. A response is obtained directly from the issuing bank by the acquiring bank within a few seconds. It contains an authorisation code or a declined message.
  3. Meanwhile, the script on your server awaits a response from our servers.

    Fraud Screening

    When AVS/CV2 fraud checks are performed, the results are compared to any rule bases you have set up. Refer to our Fraud Prevention Guide on your regional Opayo website.

    If the bank authorises the transaction and the card fails the fraud screening rules you have set, Opayo will immediately:

    • Reverse the authorisation with the bank
    • Request the shadow on the card for this transaction is cleared
    • Prepare a REJECTED response
    Note: Some card issuing banks may decline the reversal and leave an authorisation shadow on the card for up to 10 working days. The transaction will not be settled by Opayo and will appear as a failed transaction in MyOpayo. Your customer may find that the funds have been taken before their bank clears the shadow after a period of time set by them.

    Our Response

    Depending on the response from the acquirer, the Opayo gateway prepares and sends a response to you with a Status of:

    • OK with an authorisation code.
    • NOTAUTHED when the bank declined the transaction.
    • ERROR when something has gone wrong. This is rare and usually indicates a connectivity issue.)



    ❮ Back to Step 7.Next: Step 9. ❯