Authorization Code

An authorization code is a numerical or alphanumerical code sent directly by a credit card issuer or issuing bank that is uniquely ascribed to a sales transaction as verification that the completed sale has been authorized.

During the time of sale, it is always returned by the credit card issuing bank in the form of an electronic message sent to a merchant’s Point Of Sale (POS) equipment that indicates approval or denial of the transaction, which is displayed on a media screen to a sales representative supervising the overall transaction. The authorization code is also always included on the merchant sales draft in printed form.

In the case of a physical sales transaction, it effectively validates payment to the merchant when the customer additionally signs his or her full name on the transaction receipt, copies of which are retained by both the merchant and the customer, as well as electronically recorded by the credit card processing service provider, the issuing bank, the merchant bank account and the customer bank account.

In the case of a telephone or electronic (e-commerce) sales transaction, in lieu of a signature, primary verification – such as full name, card type, account number, expiration date – and alternative verification is required, such as an AVS code (see below) and a CVC code found on the card itself. Once these are collected and approved, an Authorization Code is issued. Since the Authorization Code serves as the primary proof of overall authorization, it is a clear record that tracks the transaction and also protects the merchant, the issuing bank and the customer who initiated the sales transaction.

Authorization is the process of checking for available credit in the credit card holder’s credit card account. Although the sale is finalized, no money changes hands between a merchant and a customer at this point. A positive authorization, however, reduces the cardholder’s available credit and reserves the funds for settlement. This settlement actually deducts the funds from the cardholder’s account, while transferring those funds to the merchant’s account.

When Authorization Codes are rendered during a negative commercial authorization, the sale may simply be denied for lack of available credit in the customer’s account. A customer’s credit card may also be destroyed (typically cut up) and/or their account closed by a merchant if payments to the account have been defaulted upon. It is a potential consequence of the transaction that renders Authorization Numbers.

As a merchant, the optimum way to validate a customer credit card is to authorize the transaction with your own merchant bank. This can be done electronically online, in person or by telephone. The authorization not only verifies that the credit card account number is indeed valid, but also that the account is still currently active.

When the bank provides you with an Authorization Code or number, it is your assurance that the merchant will be paid for the sales transaction. If you proceed with the sale without bank authorization, the merchant assumes the risk of loss should the credit card transaction be declined by the bank. Instead of a credit to the merchant’s account, the bank will notify the merchant that the transaction was denied.


An Authorization Code is generally a five or six character code sent by the issuing bank indicated at the end of either a Successful Sales Transaction Response or a Declined Sales Transaction Response in the course of a typical merchant credit card transaction.

Below is what a typical response looks like:

Successful Sales Transaction Response:
3|522222|Authorization Approved|Y|123456-1

Declined Sales Transaction Response:
0|ND|Invalid Card||123456-1 (Note that no AVS field shows up on declined transactions)

The numbers that are in bold print above indicate the authorization code, regardless of whether the transaction is either approved or declined.


The Authorization Code is not to be confused for what is known as Merchant Identification Number (MID). A MID number is provided by a merchant bank to identify the merchant in a traditional live retail or service transaction or an online e-commerce transaction. This number does not change as an Authorization Code must per individual transactions.

Another important code in all merchant credit card transactions is the Address Verification Code or AVS Code, which signifies matches in the card holder’s address of record against the one provided with a form of common identification, such as a state-issued driver’s license. While this address may not match the credit card billing address, it may support another form of identification that does.

CVV or Card Validation Value (or in some cases, CVC or Card Validation Code) is an authentication procedure established by credit card companies to further efforts towards reducing fraud on internet sales transactions. It consists of requiring a cardholder to enter the CVV number in at transaction time to verify that the card is on hand. The CVV code is a security feature for “card not present” transactions and now appears on most major credit and debit cards. This feature is a three- or four-digit code which provides a cryptographic check of the information embossed on the card. Therefore, the CVV code is not part of the card number itself.

A Payment Gateway code is one that transmits a customer’s order to and from a merchant’s bank’s transaction-authorizing agent, usually a MAP (merchant account provider).