What Is the Link Between Cardholder Name and Payment Authentication?
In the highly competitive landscape of e-commerce, every detail can significantly tip the scale between a successful transaction and a lost opportunity. I am sure that as a merchant, you constantly look for ways to optimize your e-commerce platform to ensure a seamless and successful customer transaction. Let’s take a look at the role of the cardholder name during the authorization process to find out if it affects the payment authentication.
The rules for the cardholder name in the authentication process
Both VISA and Mastercard mention the cardholder name as a high-importance data field used by issuers in their authentication models. Payment processors such as Stripe or Adyen also recommend that merchants collect and send shoppers’ email, cardholder name, billing address, and IP address in order to achieve higher authentication rates.
However, some merchants configure their payment forms so that the shopper is not asked to enter the name on the card during payment. You can see the example below that shows one of our payment solutions.
What effect does the cardholder name have on payment authentication?
It turns out that the cardholder’s name might not be that important for payment authentication success. In most cases it has no impact at all. You can write whatever information you want there and the transaction will go through.
It might have some negative consequences later, e.g. when the customer tries to return the item and the name on the transaction doesn’t match theirs. But in general, the transaction itself should be successful.
The reasons behind this are historic. The cardholder name allows only uppercase ASCII characters which is a restriction that comes from the historical way in which banking cards encode data onto the magnetic stripe, as defined in ISO 7811. The data is encoded in a 7 bits per character format known as ITU-T.50.
Special characters such as öüäéèê are not allowed in the cardholder name. Merchant gateways or 3DS Servers convert special characters to standard Latin characters (e.g. ä becomes ae, é and ê become e,) before sending these in the EMV 3DS authentication request.
And since this conversion isn’t standardized, issuers cannot decline authentication requests only because the cardholder name doesn’t match the one on file. For example, some 3DS Servers may convert ä to a and not ae.
Moreover, some cards have first and last names in reverse order, some have company names, titles before or after the name, and some have arbitrary text such as gift cards.
Behind the scenes, the cardholder name is not used during the authorization process but is sometimes, depending on the type of transaction, submitted during the end-of-day settlement. When it is submitted for settlement, it must be no more than 26 ITU-T.50 characters, in the range hexadecimal 20-5F.
Modern payment APIs still have to conform to banking standards, which are decades old. The number of systems that use those standards makes it near impossible to modernize. Where payment processors do allow diacritics, they must be sanitized by the processor before submission to the merchant bank.
Recommendation for merchants
Our recent analysis during the development of a payment solution for one of our clients confirmed that the cardholder name does not affect the payment authentication.
Based on my experience, merchants usually require the first name and last name of the customer in connection with their shipping address (in case of a physical product) or billing address/email (in case of a digital product). Subsequently, the customer enters only the card number, expiration date, and CVV in the payment section.
As developers, we also send the cardholder name (in this case it’s the name the customer entered in the address section) in the background so the merchant can match the payment with the order. It means one step less in the purchasing process for the customer while staying compliant with the rules for the merchant.
To sum it up, my recommendation for merchants is to leave the cardholder name out, as it is an additional step during the checkout process. And as we both know, these additional steps can affect the success rate of your conversions.