top | item 45471498

(no title)

There is no rule that there has to be a single payment per authorization, if you read for example mastercard API https://in.gateway.mastercard.com/api/documentation/integrat... it says you can partially capture, you can extend authorization. So for all you know when you buy at amazon it just updates the authorization and charges you later but keeps authorization going and amazon might just check if they have auth token for your card and if they do system allows you to continue and to you it seems instant.

discuss

avianlyric|4 months ago

It’s a lot more complicated and nuanced than that. The API docs you link too are for an API that covers a tiny fraction of what can be expressed in the actual ISO 8583 messages which are the real “API” of the card networks. The docs for those are hundreds of pages long.

Plus you need to analyse how the different messages types and sequence of messages interact with the transaction processing rules, which are also hundreds of pages long.

Suffice to say, the entire system is insanely complicated, and just about everyone out there implements it all incorrectly, with the whole system on working because partners are only allowed to complain about the insanity if they actually loose money. Until that point they’re expected to just handle everything as best they can.

ifwinterco|4 months ago

That would make sense, and I guess if you tried something suspicious (larger order to a new address), you would get the full auth flow