How Authorization Hold Works
An authorization hold is the first step in the two-stage authorization and capture payment flow used by major card networks worldwide. When a customer pays by card, the merchant's acquiring bank sends a request to the issuing bank, which validates the card details, checks available funds, and temporarily reserves the requested amount. No money moves at this point — the hold freezes a portion of the cardholder's available balance while the merchant processes and fulfills the order.
Customer Initiates Payment
The cardholder presents a credit or debit card at checkout, online or in person. The payment terminal or gateway tokenizes card data and forwards it to the merchant's acquiring bank for processing.
Authorization Request Routed
The acquirer routes the authorization request through the relevant card network — Visa, Mastercard, Amex, or Discover — to the cardholder's issuing bank. The request includes the merchant ID, transaction amount, and card credentials.
Issuing Bank Places the Hold
The issuing bank verifies the card is active and in good standing, confirms sufficient funds or available credit, and reserves the requested amount. An authorization code is returned to the merchant as proof the hold is active.
Merchant Fulfills the Order
The merchant ships goods, checks in a hotel guest, or completes a service. The hold remains active throughout this period, keeping the reserved funds unavailable to the cardholder.
Capture Submitted
The merchant submits a capture request — at shipment, service completion, or checkout close — for the final transaction amount. The captured amount must be equal to or less than the authorized amount unless an incremental authorization has been obtained.
Settlement and Fund Transfer
The card network routes the captured transaction through the settlement cycle. Funds transfer from the cardholder's issuing bank to the merchant's acquiring bank, typically posting within one to three business days.
Why Authorization Hold Matters
Authorization holds are a core risk management mechanism for merchants, card networks, and issuers — but they are also a persistent source of friction, revenue loss, and cardholder disputes when not managed carefully. Getting hold lifecycle management right has a direct and measurable impact on authorization rates, customer experience, and captured revenue.
Hold expiry creates silent revenue leakage. Visa's authorization hold window for card-not-present transactions is 7 days; Mastercard's is up to 30 days; American Express typically allows 7 days. A 2022 analysis by payment advisory firm CMSPI found that merchants with extended fulfillment windows — such as made-to-order retailers or pre-order businesses — lose an estimated 0.5–1.5% of annual revenue to captures against expired holds that result in settlement declines, a failure mode that rarely surfaces clearly in standard reporting.
Expired holds contribute significantly to false declines. Javelin Strategy & Research data indicates that false declines cost U.S. merchants over $443 billion in lost sales annually, with authorization expirations contributing meaningfully to that figure. A hold that expires before capture forces the merchant to re-authorize — and if the cardholder's balance has changed since the original hold, the second attempt may fail entirely, permanently losing the sale.
Cardholders notice and complain about holds. A 2023 J.D. Power payments survey found that 1 in 4 cardholders who saw an unexplained pending hold on their account contacted their bank to dispute it, generating unnecessary chargeback risk for merchants even when no error had occurred and no funds were ultimately transferred.
Hold ≠ Charge
Cardholders often mistake an authorization hold for a completed charge. The hold appears as "pending" on their bank statement; the actual debit or posting occurs only after capture and settlement complete. Clear post-purchase communication — confirming when a card will actually be charged — reduces confusion and dispute rates.
Authorization Hold vs. Capture
Authorization hold and capture are two halves of the same transaction lifecycle, but they are distinct actions with different implications for fund movement, error handling, and dispute risk. Conflating them in integrations or operations leads to overcapture violations, settlement declines, and avoidable chargebacks.
| Attribute | Authorization Hold | Capture |
|---|---|---|
| Timing | Occurs at checkout or point of sale | Occurs at shipment, service delivery, or close |
| Fund movement | No transfer; funds reserved only | Funds move from cardholder to merchant |
| Reversal method | Void or automatic expiry | Refund required after capture |
| Amount flexibility | Sets the ceiling for capture | Can be ≤ authorized amount (partial capture) |
| Cardholder impact | Reduces available balance; shows as pending | Posts as a completed transaction |
| Expiry risk | Yes — network rules govern expiry window | No expiry once successfully captured |
| Error consequence | Expired hold → capture decline at settlement | Overcapture without incremental auth → overcapture dispute |
Types of Authorization Hold
Not all authorization holds work the same way. Card networks recognize several distinct hold variants designed for specific merchant categories and transaction flows, each governed by its own rules around permitted amounts, duration, and modification rights.
Standard hold — The most common type, used by retail, e-commerce, and subscription businesses. The merchant requests authorization for the exact purchase amount, and the captured amount is expected to match. Any reduction (partial capture) is generally permitted; any increase requires incremental authorization.
Estimated hold — Used by hotels, car rental companies, and fuel merchants where the final transaction amount is unknown at the time of authorization. The merchant places a hold for a projected amount — the room rate plus estimated incidentals, for example. This is closely related to pre-authorization, and Visa and Mastercard publish specific merchant category code (MCC) rules governing how large estimated holds can be relative to the expected final charge.
Incremental authorization — When the expected final charge grows beyond the original hold (a hotel guest extends their stay, a restaurant customer adds a large tip), the merchant submits an incremental authorization to increase the reserved amount on top of the existing hold. Visa formalized incremental authorization rules in 2019 as part of its Hospitality and Lodging compliance program.
Security deposit hold — Car rental companies and some service businesses place a separate hold for a damage or security deposit, independent of the base service charge. This hold may remain active for days or weeks after the primary transaction settles, depending on damage assessment timelines.
Recurring billing hold — For subscription merchants, a verification hold may be placed one to three days before the billing date to confirm the card is still valid and has sufficient funds, reducing soft declines on the actual charge.
Best Practices
Authorization hold management spans both merchant operations and developer integrations, and failure modes look different at each layer. Addressing both is required to minimize revenue loss and customer friction.
For Merchants
- Capture within the network window. Align capture timing with each card network's hold expiry. For standard e-commerce with same-day or next-day shipping, capture at shipment. For made-to-order goods with fulfillment times beyond 7 days, re-authorize closer to shipment or switch to a delayed capture model with transparent customer communication.
- Void holds on cancellations the same day. When an order is cancelled or a guest checks out early, submit a void request immediately. Delayed releases generate cardholder complaints, drive bank dispute calls, and increase chargeback risk — even when no funds have been collected.
- Use incremental authorization for variable-amount categories. If you operate in hospitality, car rental, or food service, build incremental authorization workflows into your operations rather than relying on the original hold amount to cover the final charge.
- Monitor hold-to-capture ratios in reporting. Track the gap between authorized amounts and final captured amounts by transaction cohort. Systematic gaps signal process breakdowns or integration misconfigurations that erode margin over time.
For Developers
- Store authorization codes with expiry metadata. When you receive an authorization response, calculate and persist the expiry timestamp alongside the authorization code based on network rules and, where available, issuer response fields. Trigger a re-authorization workflow automatically for orders approaching the expiry window.
- Handle partial captures explicitly. Your payment integration should support capturing less than the authorized amount — for example, when an item goes out of stock after authorization. Confirm that your processor supports partial capture without voiding the full hold, and build that path deliberately.
- Implement idempotent void requests. Network timeouts on void or cancellation requests can cause duplicate attempts. Use idempotency keys on all void calls to prevent accidental double-voids that could interfere with subsequent capture submissions.
- Test expiry scenarios in staging. Most payment sandboxes allow simulation of expired authorization codes. Build and test the full re-authorization path before going live — it is rarely exercised in normal flows but critical when fulfillment timelines are tight.
Common Mistakes
Authorization hold errors are among the most operationally expensive mistakes in card payment processing because they typically generate no immediate error alert — the failure surfaces later, at settlement or in a chargeback report, often weeks after the original transaction.
1. Capturing against an expired authorization code. The most prevalent error for merchants with multi-day fulfillment. Expired holds generate settlement declines that rarely appear clearly labeled in transaction reports, creating revenue leakage that compounds over time without obvious attribution.
2. Capturing more than the authorized amount without incremental authorization. Attempting to capture an amount that exceeds the hold — without first submitting an incremental authorization — typically results in a hard decline at settlement or triggers an overcapture dispute. Card networks treat the overage as a rules violation, and issuers can charge it back to the merchant.
3. Failing to void holds on cancelled transactions. When an order is cancelled but the hold is not voided, the cardholder sees a pending charge for a purchase that will never complete. This drives inbound support volume, bank dispute calls, and chargebacks — costs the merchant bears without receiving any revenue in return.
4. Applying incorrect estimated hold amounts. Underestimating in hospitality or car rental can leave a merchant unable to cover final charges if the cardholder's available balance drops between check-in and checkout. Overestimating aggressively risks customer complaints, card network scrutiny, and potential fines for excessive holds.
5. Treating all card networks as identical. Visa, Mastercard, Amex, and Discover have different hold durations and incremental authorization requirements. Using Mastercard's 30-day window as a blanket assumption will produce failures on Visa and Amex transactions, and different MCC categories carry their own overlapping rules that compound the complexity.
Authorization Hold and Tagada
Managing authorization holds across multiple acquirers, processors, and card networks introduces integration complexity that scales poorly when handled at the application layer. Tagada's payment orchestration platform centralizes hold lifecycle management across your entire acquiring stack, removing the need to build and maintain network-specific expiry logic inside your own codebase.
Orchestrate holds across multiple acquirers with Tagada
With Tagada, you can configure capture timing rules per acquirer and per merchant category, trigger automatic re-authorization workflows for orders approaching network expiry windows, and route incremental authorization requests to the correct downstream processor — all without changes to your checkout integration. This is particularly valuable for merchants with variable fulfillment timelines or multi-market operations where hold rules, currencies, and acquirer behaviors differ by geography.