If you’ve been hit with Mastercard’s Undefined Authorization Fee or Undefined Authorization Not Allowed TPE penalty, you’re not alone.
This fee has become one of the most common MC TPE Fees, as Mastercard began to phase out undefined authorizations and has been increasing penalties for non-compliance.
Since undefined authorizations have become a major focus of Mastercard’s Transaction Processing Excellence Program, it’s important for merchants to understand exactly what they are and why Mastercard is trying to eliminate them.
This will ultimately help you avoid unnecessary processing fees.
What is an Undefined Authorization?
An undefined authorization is a legacy Mastercard authorization type where the authorization indicator field is not included in the transaction. This was the original default authorization method before Mastercard introduced more specific authorization types.
This was essentially the “catch-all” option that merchants used before Mastercard required businesses to be more specific about what type of transaction they were processing.
Historically, undefined authorizations were used in scenarios where the transaction amount might be different from the final amount.
For example, a gas station might authorize a card for $200, but the customer only pumps $45 worth of gas. Or a restaurant might authorize the bill amount before the customer adds a tip that changes the final total.
But this created problems for issuers who couldn’t distinguish between different types of authorizations. Without proper coding, they had no way to tell whether an authorization was for an exact amount (like a retail purchase) or an estimated amount (like a hotel hold).
So they had to treat every authorization the exact same way to reduce their liability exposure.
The 3 Types of Mastercard Authorizations
Back in 2016, Mastercard introduced its new standards for merchants to clearly identify authorization requests as one of three types:
Pre-Authorizations
Pre-auths are used when the final transaction amount might be different from the authorized amount. This is common in industries like:
- Hotels and car rentals (for security deposits)
- Restaurants (bill plus tip)
- Gas stations (pay-at-pump transactions)
- Any other scenario where you’re placing a temporary hold
With pre-authorizations, merchants have flexibility because they’re explicitly telling the issuer that they don’t know the final amount yet. They’re just placing a hold on the card to cover potential costs that have yet to be finalized.
Final Authorization
Businesses use a final authorization when you know the exact transaction amount at the time of the transaction. This applies to most retail and ecommerce purchases where the sale amount is fixed and known upfront.
With a final authorization, you’re telling the issuer that you’re authorizing the exact amount of the charge because nothing is going to change.
Undefined Authorization
This is the legacy type of auth that Mastercard is actively phasing out.
Undefined authorizations used to be the default auth type before the other two categories were introduced. But now they’re considered outdated and problematic, which is why Mastercard is charging penalties for merchants still using them.
When Did Mastercard Ban Undefined Authorizations?
Mastercard officially began phasing out undefined authorizations on June 18, 2025.
From that date forward, every authorization through Mastercard’s network must be explicitly defined as either a pre-authorization or final authorization.
While undefined authorizations will still technically go through, they’ll just be penalized. So it’s not like there is a hard block on them (yet).
Mastercard’s new Undefined Authorization TPE Not Allowed Fee was introduced on July 1, 2025 at 25 basis points with $0.04 minimum. And they’ve already announced future increases.
The Full Phase-Out Timeline of Undefined Authorizations
Here’s a look at Mastercard’s timeline and how their stance has changed on undefined authorizations:
- 2016 – Mastercard introduced pre-authorization and final authorization types.
- 2018 – Mastercard began actively encouraging merchants to transition away from undefined authorizations.
- May 2017 – Processing Integrity Fee was introduced for non-compliance with new authorization standards.
- June 18, 2025 – Undefined authorizations are no longer permitted as dual message authorizations.
- July 2025 – TPE Fee for undefined authorizations increased to 0.25% (minimum $0.04).
- January 2026 – Fee increases to 0.30% (minimum $0.05).
- January 2027 – Fee increases again to 0.35% ($0.10 minimum)
The message from Mastercard is abundantly clear here.
They want undefined authorizations to be eliminated entirely. Merchants and processors need to update their systems to properly code authorizations as either pre-authorization or final authorization, or they’ll continue to pay a (rising) penalty for non-compliance.
How Much Does the Undefined Authorization Fee Cost?
The current Undefined Authorization TPE fee is 0.25% per transaction ($0.04 minimum) as of July 2025. This applies when undefined authorizations are submitted for settlement, but not cleared within 7 days of the authorization request.
Let’s take a look at what this means in real dollars:
These penalties are charged in addition to Mastercard’s regular interchange rate and processor markup.
Let’s say you’re processing $100,000 in Mastercard transactions per month with undefined authorizations. That’s an extra $3,000 in processing fees per year right now, which will exceed $4,200 in 2027 when the penalties continue to rise.
High-volume merchants processing $500k or more in Mastercard transactions each month would pay an excess of $15,000 to $20,000+ in undefined authorization penalties annually.
That’s real money. Don’t let the seemingly small minimum amounts fool you into thinking this is something you can ignore.
Why Mastercard is Eliminating Undefined Authorizations
Mastercard considers undefined authorizations to be outdated for several reasons, and their approach to phase them out completely aligns with the big-picture goals of the Transaction Processing Excellence Program.
Lack of Clarity for Issuers
Without proper coding, issuers can’t distinguish between pre-auths and final auths. This makes it impossible for them to properly manage authorization holds, assess risk, and protect cardholders.
When an issuer receives an undefined authorization, they have no idea if it’s a temporary hold that might change or a final charge. This forces them to be overly conservative in how they handle the authorization.
Unnecessary Account Holds
Undefined authorizations lead to unnecessary holds on cardholder accounts. Since the issuer doesn’t know the authorization type, they will often keep holds in place longer than necessary.
This ultimately ties up available credit to the cardholder.
Cardholders will see phantom holds on their accounts for extended periods, even after the purchase has been completed. It’s frustrating for Mastercard customers and leads to unnecessary customer service calls and complaints.
May Indicate Outdated Technology
Merchants still using undefined authorizations may have outdated technology, as pre and final authorization technology has been available for years.
So if you’re still using undefined authorizations today, it could be a red flag that your gateway, POS, or processor integration hasn’t been updated in years (which likely means you’re also missing out on other modern payment security features).
Network Efficiency
From Mastercard’s perspective, eliminating undefined authorizations is all about creating a more efficient network.
When each transaction is properly coded, their entire payment ecosystem works better. Everything from risk management to authorization, clearing, and dispute resolution.
This is why Mastercard has been steadily increasing the penalties and tightening restrictions around undefined authorizations. They want to force merchants and processors to update systems and operations to ensure the network is used more efficiently.
How to Stop Using Undefined Authorizations
The solution here depends on your business model and the type of transactions your process.
For fixed-amount transactions, you should be using final authorizations. This applies in scenarios when you know the exact amount at the time of the purchase, like:
- Standard retail purchases
- Most ecommerce transactions
- Fixed-price services
- Any transaction where the amount doesn’t change
For variable-amount transactions, use pre-authorization coding. These should be used if the transaction amount can change between the initial authorization and final settlement:
- Hotel deposits
- Car rental holds
- Restaurant bills
- Gas stations
- Service estimates that might change
If you don’t see an option for these authorization types, you’ll need to contact your processor to ensure your hardware and software is up to date.
Final Thoughts
Mastercard has really stepped up its stance on how they’re handling undefined authorizations. For the last several years, they were simply encouraging merchants to use the pre and final auth indicators.
But now they have officially said undefined authorizations are no longer allowed, and announced that the penalty for running undefined auths is increasing for three consecutive years.
While these fees may just be buried amongst the dozens or hundreds of other line items on your statements, they’re actually one of the most straightforward things to fix. So stop ignoring the issue and start using the correct authorization indicators for Mastercard transactions.
And if you’re still struggling to understand this stuff or need help understanding other charges on your merchant statement, contact our team for assistance.
We’ll audit your statement for free, identify unnecessary charges, and help you lower your effective rate without switching providers.