Authorization rate optimization for cross-border payment stacks: The 2026 framework
Payments 101
Updated 24 Apr 2026
12 min
Andrii Kononenko
Head of Merchant Operations, Solidgate
Your auth rate dropped, but your dashboard won't tell you why. Learn the four stack-level failure points behind most authorization rate gaps – and how to fix each one.
Your authorization rate dropped two points last quarter. You're not sure whether it started when you expanded into a new market, added a billing cycle, or switched acquirers. Your PSP's dashboard shows the decline volume, but it doesn't show why.
Two points on $5M monthly volume is $100K in direct revenue loss. That's before factoring in churned subscribers and the CAC you already spent to acquire them.
Across our infrastructure, businesses processing in five or more markets routinely see authorization rates vary by double-digit points between their best and worst corridors. That gap traces back to four infrastructure decisions:
- Missing network tokenization on stored credentials
- Single-acquirer routing on cross-border volume
- Flat retry logic that ignores decline code patterns
- MCC misalignment that caps approval rates before routing even runs
This playbook on authorization rate optimization shows you how to identify which failure point is costing you the most – and what fixing it is worth at your volume.
TL;DR
- Authorization rate failures typically start before the issuer decides – in how credentials are stored, how transactions are routed, and how your MCC is configured across acquirers.
- Four stack-level levers drive the recoverable gains: network tokenization (up to +15 pp lift on tokenized cohorts), smart routing and cascading (compounding LTV impact of +14.8% on average), intelligent retry logic (+11.6% LTV impact on recovered soft declines), and MCC alignment (several points of approval rate headroom, unlocked without engineering work).
- Cross-border rates run below domestic by default. Local acquiring, local APMs, and SCA exemption management are the structural fixes on top of the four core levers.
What is authorization rate?
Authorization rate – also called approval rate or auth rate – is the percentage of payment authorization requests approved by the issuing bank out of all submitted attempts.
It’s the single metric that most directly reflects the health of your payment stack and most teams only look at it after something has already gone wrong.
Auth rate is distinct from two related metrics that often get conflated:
- measures completed payments as a share of checkout initiations, including all drop-offs before a card is ever submitted.
- Checkout conversion rate is broader, capturing every visitor who reached the payment step regardless of intent.
The decline taxonomy
Before improving authorization rates, you need to know what type of you're dealing with.
As a payment orchestration platform, Solidgate maps declines from every connected PSP into a, so the examples below use our internal reason codes.
Hard declines
Hard declines are permanent – the card, account, or recurring authorization is no longer valid, and no retry will change that. Every attempt after a hard decline incurs card scheme fees and pushes you toward Visa VAMP or Mastercard BRAM monitoring thresholds.
Common hard decline codes:
- 3.11 Recurring payment cancelled: The cardholder's bank has explicitly withdrawn authorization for future recurring charges on this card.
- 4.02 Stolen card / 4.04 Lost card: The card has been reported stolen or lost – all transactions are restricted.
- 3.12 Closed account: The account is permanently closed, or the customer has blocked transactions on it.
- 2.08 Invalid card number: The card number doesn't exist, or the account has been reissued under a new number.
Soft declines
Soft declines are temporary – the card is valid, but something situational blocked the authorization. They account for 70–90% of all declines in subscription businesses, and a well-targeted retry strategy recovers 40–70% of them.
Common soft decline codes:
- 3.08 Do not honor / 0.01 General decline: The issuer rejected the transaction without disclosing a specific reason. Together, these are the highest-volume decline codes in any subscription portfolio.
- 3.02 Insufficient funds: The card has insufficient balance at the moment of the attempt.
- 3.04 Transaction declined by issuer: The issuer blocked the transaction, often because a card limit was triggered.
- 3.10 Suspected fraud: The issuer flagged the transaction as suspicious based on risk signals.
Core insight: Hard declines need a new payment method – retrying them makes your authorization rate worse. Soft declines need better timing – ignoring them leaves recoverable revenue on the table.
The transaction lifecycle: Where auth rate actually fails
Most teams assume authorization rate fails at the issuer decision. But the issuer only sees what the stack sends it – credential quality, acquirer reputation, MCC classification.
At three points along the transaction path, decisions in your payment stack can suppress authorization rates before the issuer ever evaluates the underlying transaction:
- Checkout: You store card credentials in your billing system. Over time, those credentials go stale – cards expire, and issuers reissue them with new numbers. When a renewal attempt uses outdated credentials, the issuer returns a hard decline on the first try – before routing, retry logic, or fraud scoring can do anything to help.
- Routing: Every acquirer has different approval rates by issuer, geography, and card type. A single PSP routes all transactions to the same acquirer regardless of fit. When that acquirer has a weak relationship with a specific issuing bank, the transaction arrives at the card network already at a disadvantage.
- Merchant category code (MCC) classification: Every transaction message sent to the card network includes your MCC. The issuer uses it to decide which risk scoring model to apply. A misaligned MCC leads to the issuer scoring every billing attempt against the wrong benchmark. The result is a systematic ceiling on approvals that no retry logic or routing improvement can lift, because the wrong signal is baked into every request the issuer sees.
Core insight: Your authorization rate reflects the quality of every decision made across the full transaction path.
The 4-layer framework for optimizing authorization rates
There are four levers that drive authorization rate gains, but most businesses are only pulling one or two of them. Knowing which ones you're missing is the foundation of any solid .
Layer 1: Network tokenization (VTS / MDES)
Network tokenization improves authorization rates by keeping stored credentials valid through card changes and sending a stronger trust signal to the issuer on every transaction. When a card is reissued or expires, the token updates automatically at the network level – no action needed from the cardholder, no credential update on your side.
that the 2024 surge in tokenized transaction volume translated into a 6% improvement in approvals and up to 30% reduction in fraud.
Across Solidgate's merchant base, the numbers go further. Tokenized transactions improve acceptance rates by up to 15%, lift subscription retention by up to 7.5%, and raise upsell conversion by up to 20% – gains that compound across acquisition, retention, and expansion to reshape the LTV curve.
As a direct Visa and Mastercard tokenization partner, Solidgate provisions VTS and MDES tokens that work across every acquirer in your stack – so the lift survives a routing change.
For a deeper breakdown of the mechanics, see.
Layer 2: Smart routing and cascading
Every acquirer has different approval rates by corridor. A single-PSP setup routes everything to the same acquirer regardless of fit, with no fallback when that acquirer's issuer relationships are weak.
selects the best acquirer per transaction in real time, based on BIN range, issuer relationship, and geography. When the primary acquirer declines, cascading logic automatically retries through an alternative before the customer sees a failure.
Across Solidgate's merchant base, payment cascades alone recover enough failed transactions to deliver an average LTV lift of +14.8% – gains that a single-PSP setup permanently loses.
Layer 3: Intelligent retry logic
Intelligent retry logic recovers authorization rate points that a flat retry schedule permanently loses.
Issuers track retry patterns across all your transactions. Repeated failed attempts on hard declines raise your fraud score and lower how the issuer scores future transactions from your merchant account.
Solidgate's segment attempts by decline code, align timing to the cardholder's payday cycle, and stay within card scheme retry limits. The results across our merchant base:
- +11.6% average LTV lift from recovered soft declines
- 51–67% improvement in first retry conversion
- 42.1% reduction in retries made at the wrong time, which also lowers transaction fees and protects your issuer relationships.
Layer 4: MCC alignment
Correct MCC configuration removes a systematic authorization rate ceiling that no amount of routing, tokenization, or retry logic can compensate for.
Your merchant category code (MCC) tells the issuer what kind of business you are – and issuers apply different risk scoring models by MCC. Getting it right across every acquirer ensures the issuer applies the correct risk model to every transaction, regardless of which acquirer processes it.
Businesses that align MCC across a full acquirer stack can unlock meaningful approval rate headroom – with no product changes, no checkout redesign, and no engineering work.
Our client's +5–7 pp lift, detailed below, is what that looks like when the misalignment is the binding constraint.
Core insight: Authorization rate optimization compounds across four layers – tokenization, routing, retry logic, and MCC alignment – and each one addresses a failure point the others cannot fix.
How to improve authorization rates on cross-border transactions
The four layers above apply to every transaction. Cross-border adds three additional levers on top, because the structural problems are different: who processes the transaction locally, which payment methods are even available, and how authentication rules change market by market.
Cross-border authorization rates consistently run below domestic for three structural reasons: local acquiring infrastructure, payment method coverage, and regulatory compliance.
1. Local acquiring
The most direct fix for cross-border auth rate optimization is making each transaction look domestic to the issuer, requiring a locally licensed acquirer in each target market.
Every card transaction carries a signal about where it came from. When a German cardholder's payment routes through a US-based acquirer, the German issuer receives a transaction from an unfamiliar party through an unfamiliar path.
That unfamiliarity registers as a risk signal, so the issuer responds with a higher decline rate. A locally licensed acquirer eliminates that signal: the transaction arrives from a party the issuer recognizes, through a routing path it trusts, and the risk scoring changes entirely.
The effect is most pronounced in markets where domestic issuers have limited transaction history with international acquirers – Brazil, Southeast Asia, and parts of Eastern Europe. In Brazil, switching from an international acquirer to a domestic one can shift approval rates by double-digit percentage points on the same traffic.
Across Solidgate's cross-border merchant corridors, switching to local acquiring has delivered an average LTV improvement of up to 17.9%.
2. Local alternative payment methods (APMs)
In card-light markets, local APMs bypass the card authorization flow entirely.
Local APMs operate on closed-loop, bank-direct infrastructure that runs outside the international card network. Instead of a card authorization chain, each method connects the customer to their own funds through local rails:
- Real-time bank transfer systems: PIX (Brazil), UPI (India), iDEAL (Netherlands), BLIK (Poland), Bizum (Spain), Swish (Sweden), Pay by Bank (Europe). The customer authorizes the payment directly through their banking app.
- Cash-and-voucher rails: Boleto (Brazil), OXXO (Mexico), Efecty (Colombia). The customer completes the payment through a physical or digital voucher tied to their bank or retailer.
- Mobile wallets on local rails: Mercado Pago (LATAM), Cash App (USA), TWINT (Switzerland). Funded from bank accounts or mobile balances, settled locally.
When a customer pays via any of these methods, there's no card issuer evaluating the acquirer's trustworthiness and no stored credential that can expire.
The authorization lifecycle the rest of this playbook optimizes doesn't apply, which is exactly why these methods post near-universal approval rates in their home markets.
For example, PIX is now used by of Brazil's population, making it the country's most widely used payment method. iDEAL handles roughly three in four online transactions in the Netherlands, according to the .
Adoption makes them the default, not the alternative. If your authorization rates look low in any of these markets, the problem is usually upstream: customers aren't reaching the card flow at all, because their preferred method isn't offered.
3. SCA compliance and exemption management
Strong Customer Authentication (SCA) compliance is a direct authorization rate optimization lever in regulated markets – but only if you manage exemptions.
In the EU, UK, India, Brazil, and Australia, SCA is mandatory for card payments. When a transaction doesn't meet local SCA requirements, the issuer declines it.
For subscription businesses, the key exemption is merchant-initiated transactions. If you authenticate once on the first charge, all subsequent renewals qualify as merchant-initiated under PSD2 and don't require a challenge prompt. This keeps the renewal flow uninterrupted and authorization rates high across the full billing lifecycle.
Markets where SCA compliance has the most direct impact on subscription billing:
| Market | Requirement | Authentication method |
| European Economic Area | PSD2 Strong Customer Authentication | 3DS2 |
| United Kingdom | PSD2 equivalent (post-Brexit) | 3DS2 |
| India | Reserve Bank of India mandate | 3DS for all domestic e-commerce |
| Brazil | ABECS industry framework + card scheme rules | 3DS2 rollout for CNP transactions |
| Australia | AusPayNet CNP fraud framework + card scheme rules | 3DS2 for high-fraud CNP merchants |
Core insight: Cross-border auth rates fail for structural reasons – wrong acquirer, wrong payment method, or wrong authentication setup. Fix the infrastructure first, then optimize.
Auth rate benchmarks
These ranges reflect typical performance across digital subscription businesses on Solidgate's platform, so treat them as diagnostic starting points:
| Segment | Typical auth rate | Well-optimized auth rate |
| Domestic card, recurring | 85–90% | 92–95% |
| Cross-border card, recurring | 72–80% | 85–90% |
| Cross-border with local acquiring | 82–88% | 90–93% |
| Tokenized vs. non-tokenized (same cohort)* | — | +up to 15 pp |
| Cascading / multi-acquirer vs. single PSP* | — | + 2–5 pp for cascading in isolation |
*No single typical rate applies – the improvement is relative to your existing baseline.
Segment your own data by market, card type, and acquiring route before drawing conclusions. If your cross-border recurring rate sits below 80%, the local acquiring and routing levers in the framework above are the likely fix. If your domestic recurring rate hasn't crossed 90%, tokenization and MCC alignment are the most common unclaimed gains.
For most merchants, these gaps become a balance sheet problem around $30M in annual processing volume – that's when a single-PSP setup stops being adequate.
Core insight: Knowing your auth rate isn't enough. You should also know which segment is underperforming and why.
What authorization rate optimization actually looks like
Every merchant's gap traces back to a different failure point. Here's how two businesses diagnosed and closed theirs with Solidgate.
Zeely: +8 pp approval rate lift over three years
Zeely, an AI-powered marketing platform processing across the US, UK, Canada, and Australia, ran on tier-2 acquirers with no routing flexibility and no fallback logic.
Since partnering with Solidgate in 2022, three years of compounding work across all four layers has closed that problem:
- Acquirer migration from tier-2 to tier-1 (JPMorgan Chase, Adyen US, Checkout.com US) raised issuer trust at the routing level
- Smart routing and cascading across the full acquirer portfolio recovered transactions that a single-acquirer setup permanently loses
- Network tokenization via VTS/MDES preserved the full recurring payment tail when one of Zeely's tier-2 banks closed unexpectedly, adding a measurable conversion lift on top.
Result: +8 pp approval rate lift. Risk metrics down 40% in three months. Processing volume 10x in three years.
HOLYWATER: +5–7% approval rate lift through MCC alignment
HOLYWATER – the AI-first media company behind My Drama and My Passion, with $10M in monthly GMV – had scaled fast with Solidgate's infrastructure in place:
- Routing was optimized
- Cascades were live
- MID configuration tuned across six acquirers
However, approval rates had still plateaued.
The reason was an MCC misalignment. The wrong MCC meant issuers scored every billing attempt against the wrong risk model – a ceiling that routing improvements and tokenization can't reach. Solidgate realigned MCC across all six acquirers simultaneously and tested candidates against live transactions, including the recurring billing leg.
Result: +5 – 7% pp approval rate lift across both products. No product changes, no engineering work.
Most of your auth rate gap is recoverable
By the time the issuer declines, your stack has already determined the outcome – in how credentials were stored, how the transaction was routed, and how your MCC was configured before the request ever reached the card network.
Each of the four layers in this playbook targets a different failure point in your stack. None of them overlap, and fixing one doesn't fix the others. The path forward starts with identifying which layer is responsible – and that's where we can help.
If you want to see how Solidgate's handles auth rate optimization across acquirers, corridors, and billing cycles, .
Frequently asked questions
For domestic recurring cards, payment authorization rate optimization targets 90–95% – multi-acquirer routing, tokenization, and retry logic get you there. For cross-border recurring volume, 85–90% represents a well-optimized setup with local acquiring in target markets. Anything below 85% domestic or 75% cross-border warrants a diagnostic review.
Authorization rate and approval rate are typically used as synonyms – both measure issuer approval decisions on submitted transactions. Checkout conversion rate is broader: it measures completed payments as a share of every visitor who reached the payment step, regardless of intent or payment method.
Cross-border transactions trigger higher issuer fraud scoring because the acquirer, routing path, and merchant descriptor often look unfamiliar to the issuing bank. The issuer has less transaction history to evaluate, and currency conversion adds another risk signal.
Across Solidgate's merchant base, network tokenization improves acceptance rates by up to 15% on tokenized versus non-tokenized transactions from the same card cohort – a direct result of higher issuer trust on tokenized credentials.
