Get help using our products.
This is something banks really should explain to their customers. So:
Behind the scenes, card payments are processed in two steps. In the first step, the merchant seeks authorisation to charge the cart, while in the second step the merchant captures the payment.
Your bank does not (generally) reject transactions because of an incorrect security code or address. In fact, many banks only seem to care about the card number and expiry date.
Your bank will, however, tell the merchant, in the response to the authorisation step, whether the security code or address matched what they hold in their records. This only happens if the bank doesn’t reject the transaction itself (but see 2, above).
The merchant (or the intermediary through which they interact with the card networks, their processor) may at this point wish to reject the transaction — for example if the security code is wrong, they may feel that that makes accepting the transaction too much of a risk.
If a merchant or processor rejects a transaction at this stage, they can send a void request into the card system to tell the bank to drop the authorisation. However, not all banks and not all card networks support or act upon void requests. Authorisations will expire automatically after a few days anyway, so this is not typically a problem, but…
If you look at your online card transactions, your bank is very likely showing you everything that has been authorised. The justification for this is that your card limit is for the total amount authorised, not the total amount you have actually spent.
The upshot is that sometimes if your card is declined, your online account will show what appears to be a charge. If this happens, it should disappear over the next couple of days.
If you are uncertain about this, your bank should be able to help you. Please get in touch with them and they should be able to confirm that while a transaction is authorised, no funds have been captured.
Now, you might expect your bank to reject transactions with incorrect security codes or the wrong name or address automatically. In some cases that happens, but mostly with online transactions, assuming the card number and expiry date is correct, the bank will authorise a charge. Yes, even if you give your name as “Donald Duck” and your address as “Disney World, Florida”. Why are they so gung-ho? Because in the event of fraud, they aren’t the ones that lose money; in fact, they typically gain money, because in addition to taking back the funds from the merchant, they are entitled to the lion’s share of a “chargeback fee” that is levied to the merchant’s account (typically of the order of $10, €10 or £10 depending on where you are in the world). Yes, that’s right, your bank profits from online card fraud.
The one notable exception is where we’re talking about American Express. In that case, there’s no chargeback fee, but on the other hand there is also no process of appeal for the merchant.
Posted by alastair at 2017-Jan-23 17:01:08 UTC.