Credit card pre-authorization is a security measure to help protect you from fraudulent order transactions. If you are using the built-in order forms, it is the default type of authorization for clients paying by credit card.
A credit card pre-authorization is similar to a credit card charge, except instead of debiting funds a temporary hold is put on the funds to ensure the funds will be available. The merchant service actually holds the funds, and dictates how long the hold is.
Once a credit card has been pre-authorized the cardholder cannot spend this money elsewhere. The charge doesn't show up on their credit card statement, although their card-issuing bank will confirm that a pre-authorization is holding the funds.
You must go in and capture the funds within the pre-authorization period. If not, it expires and the funds will be released back to the cardholder.
The underlying process for a pre-authorized credit card payment for an order is:
A pre-authorization transaction is submitted to your payment gateway.
The gateway determines if the transaction is successful or not, without capturing the funds from the client's account. At this point you are not yet liable if the card is stolen.
If the pre-authorization was successful, you can now take steps to ensure the order is not fraudulent. Once you are comfortable that this is the case, use the generate invoice order action in the order queue.
The capture transaction on the previously authorized transaction will then take place, paying the invoice.
If you are using the API to build your order forms, set info[payment_type] ='charge_prior_auth' in the order details to use credit card pre-authorization.
