For example, if you use your credit card to pay for gas at the pump, you will likely be prompted to input your billing address ZIP code. If you input the incorrect ZIP code, the authentication will fail, and the transaction will be declined. This is a form of credit card authentication to ensure—albeit imperfectly—that you, the individual presenting the card for payment, are the card owner.
How Credit Card Authentication Works
When you present your credit card to make a purchase, the merchant likely does not know if you are the actual cardholder. This is especially true for payments made online, in which neither you nor the card are ever seen by the merchant. This is where credit card authentication comes in. By putting in place authentication measures—even simple ones such as ZIP code verification at the gas pump or password input for an online purchase—merchants and credit card issuers can reduce credit card fraud. While no form of credit card authentication is completely fail-proof—a thief who stole your wallet could look at your driver’s license to know your ZIP code, and a hacker who obtained your credit card information could have obtained your passwords—authentication provides some security against fraudulent transactions.
Types of Credit Card Authentication
There are four possible methods for credit card authentication: knowledge, inherence, ownership, and user location.
Knowledge
Credit card authentication by knowledge is done by verifying that the customer knows something only the cardholder would know. For example, an online store may require you to input a password associated with your card that only you, the cardholder, would know before completing your credit card transaction.
Inherence
Credit card authentication by inherence is done by verifying the customer has attributes that are inherent to the cardholder and the cardholder only. For example, a merchant may use your biometric information, such as fingerprint, facial, palm, or voice recognition, to authenticate that you are, indeed, the cardholder.
Ownership
Credit card authentication by ownership (or possession) is done by verifying that the customer has something that only the cardholder would have. For example, an online store may require you to input a code sent to your mobile phone before completing your credit card transaction. Signing a receipt is another form of ownership-based authentication, although signature-based authentication is increasingly being viewed as an obsolete form of authentication.
User Location
Credit card authentication by location is done by comparing the location where a credit card is being used to the customer’s billing address or the vicinity where they usually use their credit card. For example, if you typically use your card in Texas, a charge on the card in Australia could fail to authenticate, in which case the transaction would be declined. As technology moves forward, so do credit card authentication methods. For example, signing credit card receipts and even password input are increasingly being viewed as obsolete forms of authentication, while advanced technologies, such as biometric identification, are increasingly being adopted.
Credit Card Authentication vs. Credit Card Authorization
Credit card authentication is not the same as credit card authorization. While authentication has to do with verifying a customer’s identity, authorization ensures the card itself is good to make the purchase for which it was presented. When a card issuer authorizes a transaction, it’s signaling to the merchant that the merchant will be paid.
