Authorization, Capture, and Settlement: Payment Lifecycle for Operators
An approved authorization is a hold, not settled money. The operator guide to the card lifecycle: authorization, capture, clearing, settlement — and the gaps.
"Approved" is a promise, not a payment. This is the operator guide to what happens after a card payment: authorization holds, capture windows, full vs partial capture, incremental auth, reversals vs refunds, and why settlement does not equal capture.
An approved authorization is not settled money — it is a hold. The card lifecycle runs authentication (optional, e.g. 3DS, before auth) → authorization (the issuer earmarks funds and approves or declines) → capture (you claim some or all of the approved amount) → clearing and settlement (funds actually move and land in your account, often days later). Holds expire if you do not capture within a window that varies by scheme, card type, acquirer, region, and merchant category. You can capture fully or partially, raise a hold with incremental authorization where supported, reverse or void an uncaptured auth to release the hold, and refund only after capture. Most operator pain lives in the gaps: auth approved but capture failed, holds expiring before fulfillment, duplicate captures, and settlement not matching what you captured.
The checkout screen says “approved,” and the operator assumes the money is theirs. It isn’t. An approval is the issuer confirming the funds exist and earmarking them — a promise to pay, not a payment. Nothing has settled. The cardholder’s available balance dropped, but your bank account has not moved, and depending on what you do next, it may never move at all.
That gap — between the green “approved” and money actually in your account — is where a surprising amount of operational pain lives. Holds expire before you ship. Captures fail silently after an approval. The same order gets captured twice. The amount that settles doesn’t match what you captured. None of these are exotic edge cases; they are the routine failure modes of running card payments, and every one of them lives in the steps that happen after the customer sees “approved.”
This guide is the mechanics of those steps. It is a companion to the payment-stack actors guide, which maps who does what — issuer, acquirer, gateway, PSP, and who holds your money. That guide owns the actor map and the custody question; this one owns the lifecycle: what happens, in what order, from authentication through settlement, and why “approved” does not mean “paid.”
The lifecycle: authentication → authorization → capture → clearing → settlement
A card payment is not one event. It is a sequence, and the steps are genuinely different operations with different effects on money. Conflating them — especially treating authorization as settlement — is the root of most of the confusion.
- Authentication (optional): proving the cardholder is who they say they are, typically via 3DS2. It runs before authorization and is distinct from it — authentication verifies identity; authorization checks funds. It can carry a fraud-liability effect, but that is scheme- and contract-defined; this guide only draws the line and defers the depth to the authentication tax.
- Authorization: the issuer earmarks funds and returns an approve or decline. This is the authorization — a hold, not a transfer.
- Capture: you claim some or all of the approved amount. This is the instruction that money should actually move. Without a capture, an approval eventually expires and nothing is ever charged.
- Clearing: the captured transactions are exchanged and reconciled between acquirer and issuer through the network.
- Settlement: funds actually move and land in your account. This is settlement — usually batched, and usually a day or several days after capture.
The single distinction to hold: authentication ≠ authorization ≠ capture ≠ settlement. Each is a separate step, and money is only earmarked at authorization, instructed to move at capture, and actually moved at clearing and settlement.
| Step | What happens | Does money move? | Notes |
|---|---|---|---|
| Authentication | Cardholder identity is verified (e.g. 3DS2), before authorization | No | Optional; distinct from authorization; can carry a scheme- and contract-defined liability effect |
| Authorization | Issuer checks funds/account status and approves or declines, earmarking the amount | No — funds are held, not transferred | ”Approved” is a promise to pay; the hold reduces available credit |
| Capture | Merchant claims some or all of the approved amount | Initiates the movement | No capture, no charge; an uncaptured auth expires |
| Clearing | Captured transactions exchanged and reconciled between acquirer and issuer via the network | In transit | Usually batched; the bridge between capture and settlement |
| Settlement | Funds land in your account, net of fees and adjustments | Yes — this is “paid” | Timing varies; the settled amount may not equal the captured amount |
Why “approved” does not mean money has moved
The core teaching of this guide fits in one sentence: an authorization is a hold on the issuer’s side, not a transfer to you. When the issuer approves, it confirms the funds are there and reduces the cardholder’s available balance by the authorized amount. That is all. No money has left the cardholder’s account, and certainly none has reached yours.
Money begins moving only when you capture, which feeds the transaction into clearing, and it actually arrives at settlement — typically days later. Until then, “approved” is an IOU from the issuer that you have a few days to act on. If you never capture, the hold simply lapses and the IOU evaporates; the customer was never charged.
This is also why the custody question matters, and why it lives in the companion guide. In the gap between capture and settlement, your money is sitting in someone else’s account — the acquirer’s or the PSP’s — and they control when it reaches you. The payment-stack actors guide owns that custody point in full; here it is enough to know that “approved” and “settled” are separated by both time and a custodian who is not you.
Authorization holds, capture windows, and expiry
An authorization hold is not permanent. It reduces the cardholder’s available credit or balance for the authorized amount, and it survives only for a limited window. If you do not capture within that window, the authorization expires: the hold is released back to the cardholder, and a late capture attempt may fail outright, or succeed only as a weaker, more expensive transaction (a downgrade that can cost interchange and, where applicable, lose a guarantee or liability protection tied to the original authorization).
The hard caveat lives here, and it is non-negotiable: capture windows vary by scheme, card type, acquirer, PSP, region, and merchant category — there is no universal number, so never hardcode one. When a provider documents a default, treat it as that provider’s example, not a rule. Stripe, for instance, documents card-not-present holds of seven days for Mastercard, American Express, and Discover and five to seven days for Visa, with different windows for card-present transactions and other payment methods — but those are Stripe’s documented defaults, cited here as a provider example and explicitly not a scheme-wide guarantee. Your own window depends on your scheme mix, card types, acquirer, region, and MCC, and it is a number you confirm with your provider, not one you read off an article.
The operational takeaway: track the capture window that actually applies to your transactions, per scheme and per provider, and capture (or re-authorize) before it lapses.
Full vs partial capture
You do not have to capture the full authorized amount. You can capture less — a partial capture — which is the right move when you ship part of an order, fulfill part of a basket, or find an item is out of stock after authorizing the full cart. With many providers, a single partial capture automatically releases the unclaimed remainder of the hold; the exact behavior, and whether multiple captures against one authorization are allowed, varies by provider, so confirm it rather than assuming.
Mind the distinction with partial authorization, which is a different thing entirely. Partial authorization is the issuer approving less than you requested — typically because the card has insufficient funds to cover the full amount. Partial capture is you claiming less than the issuer authorized. One is an issuer decision on the way in; the other is a merchant decision on the way out. They are easy to conflate and operationally unrelated.
Incremental authorization
The opposite case — the final amount grows after the initial auth — is handled by incremental authorization. Instead of running a second, disconnected authorization (which can leave two holds on the card and complicate the eventual capture), incremental authorization raises the existing hold so the final capture stays within an authorized amount.
This is the pattern for open-ended charges: hotel stays where the guest adds nights or room service, car rentals with fuel and mileage, rideshare fares, bar tabs, and fuel pumps that authorize an estimate before the pump total is known. The caveat is the same shape as everywhere else: support varies by scheme, card type, merchant category, and acquirer or PSP, and incremental authorization is not universally available. Some networks restrict it to specific merchant categories. Confirm support with your provider before building a flow that depends on it.
Reversals, voids, and refunds
These three get conflated constantly, and the distinction is operationally load-bearing. An authorization reversal or a void releases an uncaptured hold — no money has moved, so nothing is returned to the cardholder; the earmark is simply dropped and the available balance restored. The two terms overlap heavily and many providers use them interchangeably for the same pre-capture intent.
A refund is a different operation: it returns funds that were already captured and settled. That is a new money movement — money going back out — not the cancellation of a hold. The difference matters for timing (a reversal restores available balance quickly; a refund can take days to land), for customer experience (a phantom hold after a cancellation is a support ticket waiting to happen), and for cost.
| Operation | What it acts on | Money movement |
|---|---|---|
| Reversal | An uncaptured authorization hold | None — the hold is released |
| Void | An uncaptured authorization hold (overlaps with reversal) | None — the hold is released |
| Refund | Funds already captured and settled | A new movement — money goes back out |
The rule of thumb: before capture, reverse or void; after capture, refund. Picking the wrong one either fails or costs you unnecessarily.
Delayed capture and fulfillment
For physical goods, the natural pattern is authorize at order, capture at ship. You authorize when the customer places the order to confirm the funds and reserve them, and you capture when the goods actually leave — because capturing before fulfillment can mean charging for something you cannot ship, and many card-scheme expectations favor capturing at fulfillment for physical goods.
The risk in this pattern is the window. If fulfillment takes longer than the authorization survives, the hold expires before you capture. When that happens, you re-authorize — run a fresh authorization before capturing — because the original hold is gone and a late capture against it may fail or downgrade. The longer your fulfillment time, the more this matters: a same-day-ship merchant rarely brushes the window; a made-to-order or backorder merchant lives against it and needs a deliberate re-auth path.
Settlement and reconciliation
Capture is not settlement. Capturing instructs the money to move; settlement is when it lands. Captured transactions are typically batched and settled together on the provider’s schedule, and the timing varies — by provider, region, and your contract — so, as everywhere in this guide, do not assume a universal number.
The subtler trap is that the amount you captured may not equal the amount that settles. Fees, FX conversion, scheme costs, refunds, chargebacks, and other adjustments are netted out between capture and settlement, so the deposit in your account is a net figure, not a clean sum of your captures. Reconciling captured-versus-settled is a real operational job, and when the two do not line up, the cause is usually one of those adjustments — or a genuine break.
This guide deliberately stops at the concept that settlement ≠ capture. The taxonomy of what breaks and how to triage it lives in the PSP reconciliation failure runbook, and the structure of the settlement files themselves — how to read what Stripe or Adyen actually sends you — lives in the Stripe/Adyen settlement-file reference. The cash-flow cost of the days your money spends in transit between capture and settlement is quantified in the working-capital cost of payments.
Common operator failure modes
The recurring ways the lifecycle bites operators, with the usual cause and the move. This is operator synthesis — calibrate it to your own provider and contracts.
| Failure | Cause | What to do |
|---|---|---|
| Auth approved but capture failed | Capture call errored, was never sent, or hit an expired/invalid hold | Alert on auth-without-capture; retry or re-authorize; never assume an approval became a charge |
| Auth expired before fulfillment | Fulfillment took longer than the capture window | Track the window per scheme/provider; re-authorize before capturing late orders |
| Duplicate auth or duplicate capture | Retries or double-submits without idempotency | Use idempotency keys on auth and capture; dedupe before sending |
| Partial shipment / partial capture confusion | Capturing the full amount when only part shipped, or mishandling the remainder | Capture only what shipped; understand whether your provider releases the remainder automatically |
| Incremental auth not supported or misconfigured | Relying on incremental auth where the scheme/MCC/provider does not support it | Confirm support per scheme/MCC; have a fallback (re-auth) when it is unavailable |
| Customer sees a hold after cancellation | Reversal/void not sent on cancellation, leaving the hold in place | Send a reversal or void promptly on every cancellation; monitor reversal latency |
| Settlement does not match the captured amount | Fees, FX, refunds, chargebacks, and adjustments netted out — or a genuine break | Reconcile captured vs settled; triage breaks via the reconciliation runbook |
What to monitor
The lifecycle gives you a clean set of metrics. Watch these and most of the failure modes above surface before a customer or your finance team finds them:
- Capture success rate — the share of authorizations that result in a successful capture; a drop flags the auth-approved-but-capture-failed problem.
- Auth-to-capture time — how long between approval and capture, against your applicable window; rising time means rising expiry risk.
- Expired-auth rate — authorizations that lapsed before capture; directly measures the fulfillment-window mismatch.
- Reversal latency — time from cancellation to reversal sent; this is the customer-hold-after-cancel metric.
- Capture-vs-settlement variance — the gap between what you captured and what settled, beyond expected fees; spikes flag reconciliation breaks.
- Duplicate-capture incidents — counts of double captures or double auths; should be near zero if idempotency is working.
Operator checklist
Practical items to settle before you build, not after the first incident:
- Separate authorization and capture deliberately — decide where auto-capture is fine and where you need a manual capture step (physical goods, delayed fulfillment), rather than defaulting into one mode.
- Track capture windows per scheme and provider — store the window that applies to your transactions and act before it lapses; never hardcode a single universal number.
- Send reversals promptly on cancellation — wire a reversal or void into every cancellation path so customers do not sit on phantom holds.
- Use idempotency keys — on both authorization and capture, to prevent duplicate holds and duplicate charges from retries.
- Reconcile captured vs settled — match every capture to its settlement and net out fees/FX/adjustments; investigate anything left over.
- Re-authorize on expiry — have an explicit path to run a fresh authorization when a hold lapses before fulfillment, instead of attempting a doomed late capture.
- Monitor the metrics above — capture success rate, auth-to-capture time, expired-auth rate, reversal latency, capture-vs-settlement variance, and duplicate incidents.
Scope note
Timing, capture windows, and feature support vary by scheme, card type, acquirer, PSP, region, merchant category, and contract — there is no universal number, and any specific window in this guide (such as the Stripe defaults) is cited as that provider’s documented example, not a scheme-wide rule. This is operational guidance, not legal advice, and it makes no liability claims on your behalf; the authentication liability effect mentioned under the lifecycle is scheme- and contract-defined and covered in 3DS2 and the authentication tax, not here.
This guide is also card-focused. Non-card rails — account-to-account transfers, wallets, real-time payment schemes — have different lifecycles and are out of scope. Verify the specifics that apply to your stack with your PSP and acquirer. For the levers that lift authorization rates — retries, network tokens, BIN-level tuning — see authorization optimization; for the revenue math of those rate gains, see auth-rate point economics. This guide owns the mechanics; those own the optimization.
Related references
- The Payment Stack: Issuer, Acquirer, Gateway, PSP — who does what, and who holds your money in the capture-to-settlement gap.
- Authorization Optimization — the levers that raise auth rates (retries, tokens, BIN tuning).
- Auth-Rate Point Economics — the revenue math of moving the authorization rate.
- 3DS2 and the Authentication Tax — the authentication step and its scheme- and contract-defined liability effect.
- PSP Reconciliation Failure Runbook — the break taxonomy and triage when settlement does not reconcile.
- Stripe/Adyen Settlement-File Reference — how to read the settlement files your provider sends.
- The Working-Capital Cost of Payments — the cash-flow cost of the float between capture and settlement.
For term definitions — authorization, capture, settlement, partial authorization, incremental authorization, authorization reversal, and void — see the Payments Glossary.
Sources & methodology (6)
Authorization and capture can be separated (capture_method=manual), which places a hold on the card; a partial capture automatically releases the remaining amount; and the authorization hold expires after a window that varies by network and transaction type — Stripe documents card-not-present holds of 7 days for Mastercard, American Express, and Discover and 5–7 days for Visa, with different windows for card-present and other payment methods
Vendor documentation; the specific expiry windows are Stripe's documented defaults cited as a provider example, explicitly not a universal scheme rule — windows vary by scheme, card type, acquirer, PSP, region, and MCC.
Checked:
Incremental authorization increases the authorized amount on a confirmed payment before capture, used when the total price changes or the customer adds goods or services; support depends on the network and, for some networks, is restricted to specific merchant categories such as hotels, car rentals, and passenger transport
Vendor documentation; cited for the incremental-authorization mechanism and that support and merchant-category eligibility vary by network — not universally available.
Checked:
By default Adyen captures payments automatically immediately after authorisation, but capture can be delayed or made manual; with a single partial capture the unclaimed remainder is automatically cancelled; and cancelling an authorisation releases the held funds back to the shopper's account, but only before capture — after capture you can no longer cancel
Vendor documentation; cited for auto-vs-manual capture, partial-capture behavior, and the cancel/reversal-before-capture distinction as a provider example, not a universal rule.
Checked:
Cancelling an authorisation releases the funds back to the shopper's bank account and is only possible before capture; if it is unclear whether the payment has been captured, a reversal is the appropriate operation rather than a cancellation
Vendor documentation; cited for the cancel/reversal-releases-an-uncaptured-hold distinction; exact endpoint behavior is provider-specific.
Checked:
The card payment process runs in two stages: authorization (the request routed from merchant to acquirer/processor, through the network to the issuer, with an approve/decline returned), then clearing and settlement (transactions reconciled with the acquirer/processor, routed via the networks, and settled against issuing and acquiring accounts) — establishing that authorization and clearing/settlement are distinct stages
Federal Reserve Bank of Philadelphia Payment Cards Center discussion paper; cited for the durable authorization-vs-clearing/settlement distinction, not for any fee figure or timing.
Checked:
The lifecycle and failure-mode tables, the monitoring set, and the operator checklist are PaymentBrief operator synthesis — operational framing to calibrate against your own provider, contracts, and market, not scheme rules or legal advice
Checked:
Source types explained in our Methodology.
By Shaun Toh · Director, Digital Payments · Razer