What Is Credit Card Authentication?
Credit card authentication is the process of confirming that a person who is attempting to use a credit card for a transaction is who they say they are and that they are authorized to use the card. It is not the same as credit card authorization, which also verifies other information, such as that the card account has a sufficient credit line to cover the transaction. Both authentication and authorization are tools in the battle against credit card fraud.
Key Takeaways
- Every credit card transaction is authenticated and authorized (or declined) by the bank or other financial institution that issued the card.
- Authentication is the step in which the merchant verifies that the cardholder is who they say they are.
- The authorization process includes a determination of whether the cardholder has sufficient funds to cover the transaction.
How Credit Card Authentication Works
Credit card authentication can take a number of forms. For example, a merchant (or their computer system) might request such information as a driver's license number, address, or last four digits of a Social Security number.
The credit card authentication process can differ depending on whether the transaction is a card-present transaction (such as in a retail store) or a car-not-present transaction (such as at an online store).
In the first instance, the merchant might request to see a driver's license or require that the card user provide a signature or PIN number during the transaction. In the second, the customer might be asked to type in their card's CVV or CID number. CVV stands for card verification value, while CID stands for card identification. These days, most cards have one or the other, depending on the card issuer or network, such as Mastercard, Visa, or American Express.
CVVs are three-digit numbers, typically found on the back of the card, while CIDs have four digits and appear on the front. These numbers are also embedded in the small, square microchip, called an EMV chip, that's on the front of most cards today. The CVV and CID help to verify the user's identity through the card issuer's use of the Luhn algorithm computation.
The idea behind these codes is that even if a thief has obtained someone's credit card number, they don't have the physical card in their possession. Without the card, they will be unable to provide the code if they are asked for it. Without the code, the merchant can reject the transaction.
For security purposes, online and mobile transactions may also require additional authentication, referred to as multi-factor authentication.
How Multi-Factor Authentication Works
Multi-factor authentication, sometimes called two-factor authentication, provides an extra layer of security to online and mobile transactions by requiring more than one authentication step. For example, a customer might type in their name and password, after which the company at the other end will send a one-time code to their cell phone, which they'll then need to type in to obtain access to the site. Multi-factor authentication is often used by banks and other businesses for online transactions including online bill-paying.
Credit Card Authentication vs. Credit Card Authorization
Credit card authentication and authorization are both early steps in a credit card transaction. While the purpose of authentication is simply to determine whether a cardholder isn't misrepresenting themselves (in other words that they are the authentic cardholder), authorization is the process by which the cardholder's bank authorizes the merchant to proceed with the transaction. It's also referred to as payment authorization.
Both authentication and authorization happen electronically through computer networks and involve a number of parties, such as the cardholder, the merchant (whose sales terminal transmits the cardholder information), the merchant's payment processor, the card network, and the bank or other financial institution that issued the card.
Ultimately the card issuer will determine whether or not the transaction can go forward, based on whether the cardholder has sufficient credit available on the card (the card's credit line) to cover it. If it approves the transaction it will reply with an authorization code; if not, it will supply an error code indicating the reason the transaction has been denied. Sometimes, the Consumer Financial Protection Bureau notes, credit cards will be declined simply due to technical glitches; in that case the cardholder may want to call the issuer to find out more.
As any card user knows, this fairly elaborate series of steps are typically completed in a matter of seconds.
How Are Debit Cards Authenticated?
The authentication process is much the same for debit cards as with credit cards. A key difference is in the authorization process. With a credit card, the issuing bank determines whether the cardholder has enough borrowing power on that card to cover the transaction, while with a debit card the bank checks whether they actually have that much cash in their account.
How Can Consumers Protect Against Credit Card Fraud?
In addition to the steps taken by merchants, banks, and credit card networks to prevent credit card fraud, there are a number of things that consumers can do to reduce their odds of becoming victims. For starters, keep an eye on your cards and alert the issuer promptly if you lose them or believe they've been stolen. Be careful who you share your card numbers and any other information (such as your Social Security number) with. Check your monthly credit card statements for any suspicious charges and your credit reports periodically for any accounts you don't recognize. If you're discarding an expired card, shred it or chop it up with scissors. Because the new EMV chips on many cards can be hard to cut through, the Federal Trade Commission suggests, "You may want to destroy the chip by smashing it into pieces with a hammer."
Should You Sign the Back of Your Credit Card?
At one time store clerks would frequently compare the signature on your card to the one you just signed on your credit card receipt as a way of authenticating you. That's less common today because of newer security procedures. However, most experts say it's worth signing your card because some merchants will still check to see whether it is signed. Technically many credit cards are not valid unless they're signed, which could give the merchant a reason to reject it.
The Bottom Line
Credit card authentication is one of the many almost-instantaneous steps in credit card transactions today and helps protect merchants, banks, and the cardholders themselves against fraud.
