When a guest checks into a hotel or a customer picks up a rental car, the business needs to hold funds without charging immediately. The standard 7-day authorization window rarely covers the full service period. That gap between authorization and capture is where revenue leaks — expired holds, declined re-authorizations, and awkward conversations asking customers to swipe their card again.
Stripe extended authorizations solve this by stretching the hold window from 7 days to up to 30 days. For businesses that deal with security deposits, rentals, or hospitality, this feature eliminates the timing mismatch between when you authorize and when you know the final charge.
This guide covers how extended authorizations work technically, which industries and card networks support them, what they cost, and how PayRequest makes the capture workflow seamless — without writing API code.
How Standard Card Authorizations Work
Before understanding extended authorizations, it helps to know what happens during a normal card authorization. When a customer enters their card details for a payment, two things can happen: the charge is captured immediately (the default), or the merchant separates authorization from capture using manual capture mode.
In manual capture mode, the card network places a temporary hold on the customer's available credit. The customer sees a "pending" charge on their statement, but the merchant hasn't collected the money yet. The merchant then has a limited window to capture — actually collect — those funds.
The authorization window varies by card network and whether the payment is online or in-person.
For online payments, the standard windows are surprisingly short. Visa gives you 7 days for customer-initiated transactions and just 4 days and 18 hours for merchant-initiated ones. Mastercard, American Express, and Discover each allow 7 days. For in-person payments via a terminal, the windows are even tighter: Visa allows 5 days, while Mastercard, Amex, and Discover only give you 2 days.
If you don't capture within this window, the authorization expires. The hold on the customer's card is released, and you'd need to create a new authorization to collect payment — assuming the customer still has available funds.
For many businesses, the standard window creates a fundamental timing problem. A hotel guest who checks in on Monday and checks out the following Thursday has already exceeded the in-person authorization window for most card networks. A two-week car rental extends well beyond even the online window. Equipment rental businesses, vacation rentals, and event venues all face the same challenge.
The consequences of an expired authorization aren't just theoretical. When a hold expires, you lose your guaranteed access to those funds. The customer's available credit is released, and they may spend it elsewhere. Re-authorizing requires reaching the customer again, creates friction, and risks a decline if their card is now maxed out.
What Are Stripe Extended Authorizations?
Extended authorizations are a Stripe feature that extends the hold window from the standard 7 days to up to 30 days. Instead of racing to capture before the hold expires, you get a full month to determine the final charge amount and collect payment.
The feature works by signaling to the card network that you need an extended hold period. Not every transaction qualifies — eligibility depends on your merchant category code (MCC), the card network, and whether you're using Stripe's Interchange Plus pricing. But for eligible businesses, it transforms how you handle deposits, rentals, and hospitality payments.
Implementing extended authorizations requires two settings when creating a PaymentIntent:
First, set `capture_method` to `manual`. This tells Stripe to separate the authorization from capture, placing a hold without immediately charging the customer.
Second, set `request_extended_authorization` to `if_available` for online payments or `true` for Terminal (in-person) payments. This signals to the card network that you need the extended window.
When the authorization succeeds, Stripe returns two critical fields in the response: `capture_before`, a Unix timestamp indicating exactly when your authorization expires, and `extended_authorization.status`, which confirms whether the extended window was granted.
Not every card network will grant the extension — it depends on the card brand, your MCC, and issuer policies. Always check the `capture_before` timestamp rather than assuming you have 30 days.
The extended windows vary by card network and merchant category.
Visa provides up to 29 days and 18 hours for hotels, accommodations, car rentals, and cruise lines — both online and in-person. For other rental categories like bicycles, boats, equipment, RVs, and campgrounds, in-person authorizations get approximately 10 days.
Mastercard is the most generous, offering 30 days for all merchant categories, both online and in-person.
American Express allows 30 days for accommodations and vehicle rentals, but with an important restriction: you must capture no later than the end of the customer's actual stay or rental period. You cannot hold the authorization beyond the service duration.
Discover grants 30 days for airlines, charter buses, car rentals, cruises, transit, hotels, and rail — covering most travel and hospitality categories.
Which Industries Qualify for Extended Authorizations?
Stripe categorizes merchants into two tiers for extended authorizations: inherently eligible categories that pay no additional fees, and other categories that can access the feature for an extra 0.08% per transaction.
Hotels, accommodations, car rental companies, cruise lines, and airlines qualify natively for extended authorizations based on their merchant category codes. These industries have always needed longer hold periods, and card networks built the extended window specifically for them.
If your Stripe account's MCC falls into one of these categories, extended authorizations are available at no additional cost beyond your normal processing fees.
Businesses outside the core hospitality and travel categories can still access extended authorizations, but Stripe charges an additional 0.08% per transaction. This applies to equipment rental companies, vacation rental managers, event venues, service businesses collecting security deposits, and any other merchant category not in the inherently eligible list.
For a €1,000 deposit authorization, the extra fee is €0.80 — a small price for a 30-day guaranteed hold compared to the cost of a failed re-authorization.
Extended authorizations are only available on Stripe's Interchange Plus pricing plan. If you're on Stripe's standard blended pricing (e.g., 1.5% + €0.25 for European cards), you'll need to contact Stripe to switch to IC+ before enabling extended authorizations.
IC+ pricing breaks out the interchange fee, card network fee, and Stripe's margin separately. For high-volume businesses processing €10,000+ monthly, IC+ often results in lower overall fees anyway, making the switch beneficial beyond just enabling extended authorizations.
Extended Authorizations vs Related Stripe Features
Stripe offers several features that work alongside extended authorizations to handle complex payment scenarios. Understanding when to use each — and how they combine — is essential for hospitality and rental businesses.
Incremental authorizations let you increase the hold amount after the initial authorization. If a hotel guest authorized €500 for their room and then orders €200 in room service, you can increment the authorization to €700 without creating a new payment.
Each PaymentIntent supports up to 10 increments. The increment limits depend on the card network — Visa allows up to $500 or 500% of the previously authorized amount per increment, whichever is higher. Mastercard and Amex have similar but slightly different thresholds.
Critically, incremental authorizations do not extend the validity period. If your original authorization expires in 25 days, adding an increment doesn't reset that clock.
Overcapture lets you capture more than the originally authorized amount without a separate authorization. This is useful for small additional charges that don't warrant a full incremental authorization.
The limits vary by card network: Visa allows 15% overcapture for hotels and car rentals, while Mastercard allows up to 30% for certain categories. Overcapture is only available for online payments.
For a hotel stay, you might use all three features together: start with an extended authorization for the estimated room total, use incremental authorizations when the guest adds significant charges, and use overcapture at checkout for minor incidentals. This gives you maximum flexibility while maintaining a single PaymentIntent throughout the guest's stay.
How PayRequest Simplifies Extended Authorizations
Implementing extended authorizations directly through Stripe's API requires writing code to create PaymentIntents with the right parameters, monitoring `capture_before` timestamps, building capture workflows, and handling edge cases like expired holds. For businesses without a development team, this creates a significant barrier.
PayRequest's security deposit feature handles extended authorizations through a visual interface, connected to your existing Stripe integration.
With PayRequest, you create a payment link or invoice with deposit mode enabled. The system automatically sets `capture_method: manual` and `request_extended_authorization: if_available` on the underlying Stripe PaymentIntent. Your customer clicks the link, enters their card details, and sees a clear message that their card is being authorized — not charged.
You see the authorization in your PayRequest dashboard with the `capture_before` deadline prominently displayed. When you're ready to collect, you click "Capture" and enter the final amount. Partial captures are supported — if you authorized €1,000 but only need to charge €200, the remaining €800 hold is automatically released.
One of the biggest risks with extended authorizations is forgetting to capture before the deadline. PayRequest sends reminder notifications as the `capture_before` timestamp approaches, ensuring you never lose an authorization due to oversight.
Your customers can see their pending authorizations through PayRequest's customer portal. They see the authorization amount, the hold status, and understand that they haven't been charged yet. This transparency reduces support tickets from customers confused about pending charges on their statement.
Every authorization, capture, partial capture, and release is logged in PayRequest's activity log. For businesses that need to demonstrate compliance or resolve disputes, having a complete audit trail of deposit transactions is invaluable.
Real-World Use Cases for Extended Authorizations
Extended authorizations unlock payment workflows that would be impossible with a standard 7-day window. Here are the most common scenarios where B2B and B2C businesses rely on them.
At check-in, the hotel authorizes the estimated room total plus an incidentals buffer. During the guest's stay, the hold ensures funds are available. At check-out, the hotel captures the actual total — room charges, minibar, room service, and any damage fees. If the stay is under 30 days, a single extended authorization covers the entire visit.
For vacation rentals and Airbnb-style properties, extended authorizations work as security deposits. Authorize at booking, inspect the property after checkout, and either release the hold (no damage) or capture a partial amount (damage occurred). The guest is never charged unless there's an actual issue.
Authorize at pickup for the estimated rental fee plus a damage deposit. When the customer returns the vehicle or equipment, inspect for damage, calculate the final charges, and capture accordingly. Extended authorizations eliminate the awkward situation of re-contacting customers days later when damage is discovered.
Agencies can use extended authorizations as project deposits. Authorize a retainer amount at the start of engagement, capture as milestones are completed. If the project scope changes, partial capture handles the adjustment cleanly.
For service businesses collecting security deposits — event planners, caterers, venue operators — the 30-day window covers the typical event planning timeline from deposit to post-event settlement.
SaaS and subscription businesses can authorize a setup fee at signup and capture once the onboarding is complete. If the customer abandons during onboarding, you release the hold instead of processing a refund.
Implementation Checklist
Before enabling extended authorizations on your Stripe account, verify these requirements:
Stripe Account Setup: Your Stripe account must be on Interchange Plus (IC+) pricing. Contact Stripe support if you're on blended pricing. Your merchant category code determines whether you pay additional fees (0.08% for non-hospitality categories) or not.
Technical Requirements: Every PaymentIntent that needs an extended hold must use `capture_method: manual` and `request_extended_authorization: if_available`. Always check the `capture_before` timestamp in the response — the extension isn't guaranteed for every transaction.
Operational Processes: Build a workflow to monitor and act on pending authorizations before they expire. Track the `capture_before` deadline for every open authorization. Create procedures for partial capture, full capture, and authorization release.
Customer Communication: Inform customers that a hold will appear on their statement. Explain the difference between an authorization hold and an actual charge. Provide timelines for when the hold will be captured or released. PayRequest's customer portal handles this automatically.
Or Skip the Complexity: Use PayRequest's security deposit feature to handle all of the above through a visual dashboard. Connect your Stripe account, create deposit payment links, and manage captures without writing code.
Limitations and Restrictions
Extended authorizations have boundaries that affect how you plan your payment workflows.
Customer-Initiated Transactions Only. Extended windows apply only to payments initiated by the customer. Merchant-Initiated Transactions (recurring charges, saved-card payments without the customer present) do not qualify.
IC+ Pricing Required. You cannot use extended authorizations on Stripe's standard blended pricing. This is a hard requirement, not a recommendation.
Card Network Dependent. Even with everything configured correctly, the card issuer can decline the extended hold request. Always check `extended_authorization.status` and `capture_before` rather than assuming a 30-day window.
No Extension Beyond 30 Days. For services longer than 30 days (long-term rentals, extended hotel stays), you must reverse the original authorization and create a new one before the hold expires. Incremental authorizations do not extend the validity period.
American Express Duration Restriction. Amex requires that you capture no later than the end of the customer's stay or rental period. Even though the 30-day window technically allows it, holding funds after service completion can result in disputes and chargebacks.
Single-Message Methods Excluded. Interac and eftpos do not support manual capture and therefore cannot use extended authorizations.
Frequently Asked Questions
Extended authorizations let you hold funds on a customer's card for up to 30 days instead of the standard 7-day window. The feature is designed for businesses where the final charge amount isn't known at authorization time — hotels, car rentals, equipment rental, and security deposits. You authorize at the start of service and capture when you know the final amount.
Standard online authorizations expire after 7 days. With extended authorizations enabled, the window extends to up to 30 days (29 days and 18 hours on Visa, 30 days on Mastercard, Amex, and Discover). The exact duration depends on the card network, your merchant category code, and whether the issuer approves the extended hold.
For inherently eligible merchant categories — hotels, car rentals, cruise lines, and airlines — there is no additional fee. For all other merchant categories, Stripe charges an extra 0.08% per transaction. Both require Interchange Plus (IC+) pricing; extended authorizations are not available on blended pricing.
Yes. Partial capture is fully supported across all card networks. If you authorized €1,000 for a security deposit but only need to charge €150 for minor damage, capture €150 and the remaining €850 hold is automatically released. The customer sees only the €150 charge on their final statement.
The authorization is automatically voided, the hold on the customer's card is released, and the Stripe PaymentIntent status changes to `canceled`. The customer is never charged. To collect payment after an expired authorization, you would need to create a new PaymentIntent and obtain a fresh authorization — which means contacting the customer again.
Yes. PayRequest's security deposit feature automatically enables extended authorizations when you create deposit payment links through your connected Stripe account. You manage authorizations, captures, and releases through a visual dashboard — no API code required. The system monitors expiry deadlines and sends notifications before holds expire.