Authorization Code

DEFINITION of 'Authorization Code'

An authorization code is an alphanumeric password that that identifies the user as authorized to purchase, sell or transfer items, or to enter information into a security-protected space. An authorization code can be a sequence of letters or numbers - sometimes both - that provides validation. This validation can be the authentication of a persons identity, the approval of a transaction, access to a secured area and so on. The most common usage of authorization code refers to the code sent to a merchant from a credit card issuer that confirms the customer's credit card has sufficient credit available to authorize the transaction.  

BREAKING DOWN 'Authorization Code'

Authorization codes are used for any transaction or entry that has restrictions on which users are entitled to access. For example, a credit card authorization code is a five or six number code from the issuing bank to the vendor that authorizes the sale. If the credit card used is counterfeit or the card is overlimit, the credit card company declines the sale. If approved, the authorization code is attached to the credit card transaction. This signals to the merchant that the transaction is approved and also helps to identify the transaction in follow-up examinations, such as disputed transactions. Authorization codes are transmitted digitally and are used to speed up credit card processing. If vendors had to call the issuer for a verbal authorization code to complete every transaction, it would drastically reduce the speed of commerce. 

Authorization Codes in Expense Approvals and Data Security

Authorization codes also play a role in corporate financial controls. Staff can be given different authorization codes for purchase and expenses. This allows the company to track the purchases and spending in specific areas right down to the employee level. These authorization codes are also given specific transaction thresholds. If an employee is attempting to expense something beyond his or her threshold, it will require the authorization code of a manager or supervisor higher up in the organization. In this sense, authorization codes are part of the financial control system that prevents employee fraud or misuse of funds. 

Authorization codes have also become a common in professional workplaces as a way to maintain information security. Access to servers or VPNs will be managed using authorization codes tied to unique user IDs to track who is authorized to access what information and limit their activities in sensitive databases. These authorization codes may be permanent over the length of an employees tenure, but more often they are periodically refreshed and changed on a cycle similar to password controls. There are also one-time authorization codes or tokens that only last for the length of a single session.