The Green Sheet Online Edition
March 14, 2016 • Issue 16:03:01
The payment 'auth' dilemma
In the payments industry, acronyms and terminology come in abundance. Indeed, payment lingo is so complex, the vernacular warrants a glossary. Also, many terms sound similar, and sometimes these terms are so closely aligned, even seasoned industry professionals get them turned around.
"Authentication" and "authorization" are two essential payment terms that often are confused inside and outside of the industry. They sound remarkably alike, and they have a corresponding relationship, so they are easy to mix up. They are also commonly used by a multitude of professionals within the industry ranging from integration specialists to sales and customer service representatives. This heightens the chances of misrepresentation to customers.
The impact inside the industry is limited, as most professionals will learn to distinguish between term definitions as they become more seasoned. However, because an ongoing and significant number of new people cycling into the industry also interact with customers, partners and peers, education is paramount.
"Merchants really need an education on the differences between what it means to authenticate an individual's credentials and how a transaction authorization process works," Jeff Wolff, Owner of Endless Prints, a brick-and-mortar and online, global brand merchandising company told The Green Sheet. "As the seller, we want to be able to explain to customers why a transaction might get hung up, what level of security is involved and even how the electronic payment process flows," he said. "We need to assure them the purchase is safe, and we look to our providers to help us understand how to talk about these things."
According to Wikipedia, transaction authentication, "generally refers to the Internet-based security method of securely identifying a user." The easiest way to remember authentication is to associate it with validating an individual's credentials through a form of identification (ID), or in the case of a card-based transaction, by verifying the authenticity of the card itself.
Authentication happens at a number of levels, and it can include in-person as well as digital validation. For example, a clerk might authenticate a cardholder and his or her card by checking a form of personal ID. Cardholder signature and personal identification number are also popular forms of authentication used to prove that individuals and their payment methods are authentic. During any given transaction, the card number and its connection to the cardholder's issuer are also validated through a payment gateway to verify the relationship's authenticity.
Today, most technologies use two-factor or three-factor authentication at the transaction level to ensure a person's identity is sound. These essentially include a preset series of authentication hoops all purchasers must get through to prove they are who they say they are and that they are using an authenticated method of payment.
In payment terms, authorization pertains to the actual purchase transaction. There are many different levels of authorization a single payment might go through, including a pre-authorization screening process some merchants require cards or checks to pass before they process the final transaction. For example, merchants in the hospitality, travel, transportation and online retail arenas will often use the pre-authorization process to determine the level of risk associated with a transaction or to validate the necessary funds are available to set aside to cover the transaction.
Real-time transaction authorization is a complex process involving many different authorizing parties. The payment gateway supporting a merchant's processing account is the messenger that carries the transaction through the process of authorization. The gateway also has other important functions, such as capturing the card data and encrypting it. In a matter of seconds, card authorizations are gathered in a sequence from the merchant bank, the credit card network and the card issuer. If one of those authorization points fails, the transaction is declined.
As new technical, sales and service professionals enter the payments industry, Wolff suggests they take a 101 course on the steps of processing a transaction and the terms assigned to them. "If industry reps could make a point to learn these differences and then educate us, it would minimize a great deal of confusion in the POS marketplace," he said.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.