The role of pre-and post-authorization checks in fighting payment fraud

Aladin Taleb

Product Manager, Optimization

6 min read

CONTENTS

Here’s the hard truth: you will never eliminate payment fraud. No business can. And those who try often learn the hard way—it comes at a cost.

As Galit Shani-Michel, VP of Payments at Forter, pointed out on the Payments Unfiltered podcast: "Managing fraud is not just about blocking fraudsters; it’s about ensuring your genuine customers aren’t wrongly flagged or inconvenienced."

This is the core paradox of fraud prevention: Tighten the rules too much, and you’ll drive away good customers, erode trust, damage the user experience, and ultimately lose revenue. We see it all the time: merchants implement strict fraud controls, only to watch false positives and customer churn spike.

But ignoring fraud isn’t an option either.

Only about 1% of a merchant’s payment volume can be fraudulent, and payment networks quickly penalize those who breach that threshold (see the rules here)—with higher fees, fines, monitoring programs, or even exclusion from card networks.

Payment Service Providers (PSPs) can also choose to exclude merchants with high fraud rates.

So, how do you strike the right balance? The answer lies in a layered fraud prevention strategy that includes pre-authorization and post-authorization fraud checks. These checks filter out fraudulent activity early, ensuring legitimate transactions aren’t blocked.

Pre-authorization fraud checks

Pre-auth fraud checks are the first line of defense, allowing merchants to assess risk before a transaction reaches the payment processor. Because authorizing a payment incurs costs—regardless of whether it’s later canceled or declined—merchants want to filter out as much fraud as possible at this stage.

However, pre-auth checks are limited in scope. Some key data points—such as CVV and AVS flags—are only available post-auth, meaning merchants must rely on alternative signals, including:

Device fingerprinting: Identifies anomalies in user devices and locations to detect suspicious activity.
Velocity checks: Flags unusual transaction frequency from a single user or device.
Behavioral analytics: Detects suspicious behaviors, such as rapid checkouts or mismatched billing/shipping addresses.
Blocklists& Allow Lists: Block known fraudsters while prioritizing trusted customers.
3D Secure (3DS): Adds an extra authentication step for high-risk transactions, requiring the customer to verify their identity.

These checks help prevent fraud and improve relationships with payment processors. A clean pre-auth transaction flow increases approval rates as processors develop confidence in a merchant’s fraud mitigation strategy. Conversely, if too much fraud reaches the processor, merchants risk increased fees—or worse, being dropped entirely.

Post-authorization fraud checks

Post-authorization fraud checks provide a richer data set, allowing merchants to make more informed risk decisions after an approved transaction. These checks use insights like:

CVV and AVS mismatch to verify the cardholder.
Transaction history and behavioral analysis to detect anomalies.
Other payment method-specific data if the customer used an alternative payment method, such as the account name if the customer used a bank transfer method.

If a fraud tool flags a transaction after it’s been authorized, you can cancel it, but the damage is already done—you still owe processing fees. Every authorized transaction comes at a cost, whether legitimate or not.

That’s the trade-off. Post-auth checks give you a second layer of defense but also mean paying for the privilege of catching fraud late. The upside? More sophisticated digital tools can analyze patterns, detect anomalies, and stop fraud that might have slipped through pre-auth checks.

Manual reviews: When human oversight matters

While merchants increasingly rely on automated, data-driven fraud analysis, manual reviews remain essential for handling high-value transactions or cases with ambiguous fraud signals.

Automated systems can detect patterns efficiently, but human oversight helps interpret edge cases where rigid algorithms might otherwise flag legitimate customers. For instance, we've seen a case where a customer who placed a €10,000 order was flagged as fraudulent when, in fact, they were a legitimate customer.

By strategically deploying manual reviews, merchants can reduce false positives, improve customer trust, and refine their fraud prevention models with real-world insights.

Layering fraud prevention tools to balance risk, cost, and revenue

Fraud prevention is always a balancing act. Tighten controls too much; you risk blocking legitimate customers, hurting the user experience, and losing revenue. Loosen them too much, and fraud creeps in—leading to chargebacks, penalties, and even exclusion from PSPs or card networks.

Every fraud mitigation measure comes at a cost, whether through processing fees, vendor expenses, or operational overhead. The goal isn’t to eliminate fraud entirely—that’s neither realistic nor cost-effective—but to optimize your approach within the 1% fraud threshold set by the schemes.

The most effective strategy is a layered approach, where pre- and post-authorization checks work together. Pre-auth checks act as the first line of defense, blocking obvious fraud before it incurs costs. Post-auth checks provide a deeper risk assessment, leveraging richer data to catch fraudulent transactions that slipped through the initial screen.

No single tool is a silver bullet. Businesses must define their risk appetite and apply these defenses strategically to strike the right balance between security and revenue.

Building a smarter fraud strategy

One of the most effective fraud strategies is controlled risk testing. Instead of applying rigid fraud rules, merchants are increasingly experimenting with different thresholds. Should a payment with only a 5% chance of being fraudulent be blocked? Some merchants allow such transactions to proceed, analyzing the results to refine their fraud detection models.

By systematically testing fraud rules and adjusting them based on actual outcomes, merchants can optimize for fraud prevention and customer conversion, ensuring their fraud strategy doesn’t become a revenue blocker.

Fraud management as a competitive advantage

The most effective fraud prevention strategies don’t involve stopping fraud at all costs but intelligently managing risk. Merchants that succeed in fraud prevention do more than reduce fraud; they optimize approvals, build trust with payment processors, and create a seamless payment experience for legitimate customers.

A layered, dynamic approach—combining pre-auth filters, post-auth analytics, and adaptive fraud strategies—ensures merchants strike the right balance. Fraud will always be part of payments, but merchants can turn fraud prevention from a cost center into a competitive advantage with the right strategy.

share this post

stay up to date

Keep reading

Resource hub

The art and science of A/B testing in payments

Learn about the best practices for running A/B tests in payments, common pitfalls to avoid, an why statistical significance is crucial for making data-driven decisions that move the needle.

Optimize

Meet the Primigos: Resh Vamathevn, Senior BD Manager, Strategic Enterprises

Get to know Resh Vamathevn, a Senior BD Manager at Primer. Learn about his journey, standout moments at Primer, and his best advice for thriving in a fast-paced, high-growth company.

Primersphere

Buyer liars, AI fraudsters, and lost revenue—what merchants need to know

Fraud is evolving fast, and AI makes it easier for fraudsters to slip through the cracks. In this episode of Payments Unfiltered, Galit Shani-Michel, VP of Payments at Forter, unpacks the rise of AI-driven fraud, the hidden cost of false declines, and why merchants must rethink their fraud prevention strategies.

Optimize

Stay up to date

Subscribe to get the freshest payment insights.