To elaborate, credit card payments work like this:
- The merchant contacts the payment processor and requests an authorization for a charge, with a follow-up capture later on if it clears.
- The processor contacts the issuing bank and asks for the authorization.
- The bank responds with whether it would allow the charge to go through. It attaches additional information, such as whether the information matched its records. Sometimes a bank will reject a charge because it believes it to be fraudulent, and sometimes it will authorize a charge even though all the information does not match.
- The processor examines the returned information.
- If the authorization was rejected, it returns that immediately to the merchant, and never attempts to actually capture the funds (as that would be guaranteed to fail).
- If the authorization was granted but the bank also said that some information was invalid (such as the address, phone number, CVV2/CVC code, or expiration date), the processor may reject the charge, and also never capture the funds. In this case, the bank is not notified; it simply never gets the actual charge. As a result, the payment essentially times out.
- If the authorization was granted and everything matches, a capture is made within 24 hours that instructs the issuing bank to actually transfer the funds. A smaller capture may also be made, or a slightly larger one, depending on the nature of the transaction. In the intervening time, the bank may, at its discretion, also choose to cancel the authorization, preventing the funds transfer.
In the case of 4b/4c, many issuing banks will report to the client there is a "pending" charge on the account. Since these "pending" charges may never be captured, they are listed separately, and there should be wording to that effect.
Merchants can also choose to separately authorize and capture charges themselves, extending step 4c. We use the simplified system, leaving it up to our processor and receiving an immediate yes-or-no answer to each charge attempt.