Explainer: How charge card transactions work

Re: The Obama online contribution controversy,^[1] a lot of people are doing a lot of unformed– and erroneous– theorizing about the way authentication of charge card transactions work, and who is left holding the bag if they fail or are fraudulent.  If you really want to know the nuts and bolts, go read this explanation by “Wind Rider.”

Additional geeky pedantry after the jump.

In his explanation, there is one statement that may not be completely clear if you’re not in the business:

[During the authentication process] ...the results (either they match what's on file for the account, or they don't) [are] sent back to the business in question - a simple 1 or 0, yes or no.

What this means is that authentication works like this:

Merchant:  Here’s a card number/expiration date pair.
Card Co.:  OK so far.
Merchant:  Here are the billing address, billing zip code, and security code.
Card Co.:  Here’s what matches: <everything | nothing | only ____>
Want to continue processing the charge or cancel it?

The important fact here is that the Card Co. never gives the Merchant the correct validation data, it only says whether the Merchant’s answer is right. As:

Me:  What’s the animal I’m thinking of?
You:  Is it a cat?
Me:  No.

rather than:

Me:  What’s the animal I’m thinking of?
You:  Is it a cat?
Me:  No, a platypus.

Under normal (e.g. not court-ordered) circumstances, there is no way for the card acceptor to generate addresses if all he has is a list of card numbers/expiration dates.

(I’ll mention here that I run my own bricks-and-mortar business, one that accepts both in-person and telephone-order charge transactions. His comment accurately describes the way our system works, and the rules under which we operate.)

-----

Posted by: Old Grouch in Linkage at 15:58:38 GMT | No Comments | Add Comment
Post contains 319 words, total size 4 kb.