If a customer calls asking, “Why was my credit card billed even though the transaction was declined", this is almost always due to fraud prevention features. In these scenarios, the payment gateway (TriPOS or Authorize.NET) actually didn’t bill the customer’s card. Instead, an authorization has been placed on their card. If the customer uses a debit card, this will function very similarly to a charge, since authorizations do lower their spending limit.
These types of authorizations typically happen when the transaction doesn't pass the Address Verification (AVS) and/or Card Verification (CVV) rules. These rules are instituted to help protect your merchant account from fraudulent transactions (and to possibly help win chargeback disputes).
In this scenario, the payment gateway has sent a request to the card-issuing bank (or credit card company) to charge the customer’s card. Initially, the bank approves the authorization. However, during the next step in the authorization process, the AVS or CVV rules failed, so the transaction is declined.
Although these types of authorizations and holds can frustrate your customer, the process is designed to protect you, the merchant. More information about the process involved in authorizations and how to discuss this with customers is outlined in more detail below.
How the Payment Gateway Handles AVS and CVV Authorizations and Declines
The Customer Enters Their Card Information and the Payment is Authorized
First, when a customer submits a transaction, the bank authorizes the card for the amount requested. The issuing bank verifies it is a valid card number and funds are available. If funds are available, this authorization is approved regardless of what the AVS/CVV response from the bank is.
The AVS & CVV Rules Kick in for Added Fraud Security for the Merchant
Second, the bank verifies the address and CVV code by sending an AVS code and/or CVV error code back to the gateway.
The Payment is Either Captured or Authorized
There is a difference between a gateway authorization and a capture. Typically, a transaction will be authorized and captured at the same time (think in-store transactions). However, if the card-issuing bank or credit card company returns a NO MATCH for AVS or CVV, the gateway will not capture the authorization. So, if the CVV or AVS fails after the authorization, the customer will see the “authorization” on their card and you will see a “declined” transaction in your transaction reports.
The Authorized Payment will be Captured During the Appropriate Time, or the Authorized Hold will be Lifted in 5-10 Business Days
Authorizations reserve the funds for the merchant for 5-10 business days. For example, when you check into a hotel on Friday night, the hotel authorizes funds on your card, but they don’t capture them until you check out. That’s why hotels have signs at the front-desk that state “Do Not Use Your DEBIT Card for Check-In”. What your customer sees on their online statement is a “pending charge” (i.e. authorization). This will automatically fall off their account in 5-10 business days depending on the card issuing bank. The funds were never captured because the gateway filtered transactions that don’t meet your AVS or CVV rules.
How to Discuss this Process with Your Customers
If a customer complains about a declined transaction like the one described above, explain to them that you use verification measures to help protect yourself from fraud and chargebacks. Unfortunately, the gateway doesn't get the AVS/CVV response until after the authorization is processed (this is just the nature of online credit card processing). The authorization should be lifted automatically in 5-10 business days. You can assure your customer if this isn’t the case after a few weeks, you’ll be happy to contact your merchant services provider and resolve the issue.
To avoid this happening again, with you or other online merchants, recommend that the customer contact their card-issuing bank or credit card company to verify or update their billing address and/or CVV code (3 to 4 digits on the back of the card). AVS mismatch errors only happen when the billing address for the account does not match what is provided when checking out. This can even be caused by putting an apartment number in a different field than what was provided to their bank, or omitting it entirely.
Although your customer may request a refund, it’s not possible to process a “refund” or “chargeback” on an authorization like this because there isn't any transaction to reverse, as it was rejected for no AVS/CVV match. The authorization, and the funds associated with it, are being held by the card-issuing bank or credit card company and it is up to them, not you or the gateway, to release the funds back to the customer.
Hopefully the customer will understand if you explain this process. To actually bill the customer and process payment, you will need to obtain the correct Address or CVV and run a new sale. You can also have the customer go through the checkout process again with the correct information or a different card.