Car rental payments: solving pre-authorisation, tokenisation and dispute challenges at scale

The auto rental industry sits at the intersection of travel, mobility and financial services, and it involves one of the most payments-intensive operating environments in any of these sectors.

A single rental requires multiple transactions: a deposit hold at booking, a card-present transaction at vehicle collection, potential mid-rental amendments and a series of potential post-return charges for fuel, tolls, damage or extended duration. Each of these interactions carries its own authorisation logic, compliance requirements and reconciliation implications.

When payments infrastructure is fragmented, these complexities compound. Operators face elevated dispute rates, inflated processing costs, network fines, delays receiving settlement and a customer experience that rarely reflects the quality of the product itself.

Stitch works with large enterprises to engineer payment systems suited to these operational realities. Below, we outline the challenges we encounter most frequently in this sector and the infrastructure we’ve built to address them.

Unifying online and in-person payments

Enterprise car rental businesses typically operate across several distinct payment environments: web and app bookings, in-store collection desks, parking lot handovers and self-serve kiosks. Historically, each environment has required its own device type and integration. Operators maintaining separate card-present and card-not-present infrastructure need to absorb the associated cost and reconciliation burden, and accept a degree of inconsistency in the customer experience.

Stitch consolidates these environments under a single unified commerce infrastructure. Our in-person payments devices support both local and international cards and can be deployed flexibly, including in unattended kiosk configurations, without requiring a wired local network connection.

For in-person environments, Stitch captures issuer-level information from digital wallet transactions, including Apple Pay and Google Pay, identifying the underlying card type even where the payment is tokenised. This enables accurate routing decisions, cost optimisation across card-present and card-not-present rate differentials and consistent reconciliation across channels.

Optimised pre-authorisation management

Pre-authorisation is central to car rental payments. Operators hold a deposit against the vehicle at the point of collection and release or adjust it upon return, once final charges are confirmed. The mechanics of this process, however, introduce meaningful operational risk.

Traditional card pre-authorisations can take up to 21 days to release where voids are handled incorrectly. This is a well-documented source of customer complaints in the sector. Some operators choose to avoid the problem by charging the full rental amount upfront and processing a refund when the vehicle is returned. This approach introduces its own friction: customers are required to supply bank account details for the refund, settlement can be slow and the experience is operationally messier than a correctly managed void.

Stitch supports optimised pre-authorisation flows, with void processing achievable in one to three days. Deposit releases are handled automatically, with no additional input required from the customer. This reduces working capital pressure on the operator and produces a materially cleaner experience at the point of return.

For Capitec customers, Variable Recurring Payments (VRP) can also be offered as an alternative payment method. VRP allows a capped deposit amount to be approved from the customer's banking app, with the final transaction value adjusting within agreed limits without requiring repeated authentication. This is well-suited to rental models where final charges are confirmed only at vehicle return.

Tokenisation for post-rental charges

The billing relationship between a car rental operator and a customer does not conclude at checkout. Booking durations change. Fuel levels and damage assessments generate additional charges after vehicle return. Toll fees are often reconciled days later. Each of these interactions has traditionally required either a separate customer-initiated transaction or a merchant-initiated transaction (MIT) that, if structured incorrectly, attracts network fines.

Stitch addresses this through network tokenisation. Card credentials are stored securely in a PCI DSS Level 1 certified vault, allowing operators to execute post-rental charges — whether for a booking extension, a toll fee or a damage assessment — without requiring the customer to be present or to re-enter their card details. Transactions are structured correctly across the required combination of customer-initiated transactions (CITs) and MITs, with appropriate response codes applied to avoid network penalties.

Tokenisation also functions as a practical complement to pre-authorisation. Where a pre-authorisation expires before a charge can be applied, a stored token allows the operator to recover funds without the customer's card being physically present. Unlike a pre-authorisation, a network token carries no expiry constraint.

Dispute management and fraud control

Disputes represent a significant and often underestimated operational cost in car rental. A substantial proportion of chargebacks in this sector are not attributable to genuine fraud. They arise because customers encounter a generic or unrecognisable descriptor on their bank statement and dispute the charge without identifying it as legitimate.

Stitch enables dynamic bank references that clearly identify the merchant and describe the transaction context, reducing the incidence of avoidable disputes. Our embedded fraud solution monitors transactions across multiple layers, detecting anomalous behaviour before it has the opportunity to scale. Dynamic 3D Secure (3DS) authentication is applied selectively, with friction introduced only where risk indicators are elevated, balancing fraud mitigation against conversion performance.

Payments infrastructure built for the rental lifecycle

The payments requirements of enterprise vehicle rental do not map neatly onto infrastructure built for standard e-commerce checkout. Operators require systems that can manage the full rental lifecycle: from initial booking and deposit hold, through collection and potential mid-rental amendments, to return, final billing and refund processing.

Through unified commerce infrastructure, optimised pre-authorisation flows, network tokenisation, dynamic bank references and embedded fraud controls, Stitch provides a payments foundation aligned to the operational realities of the sector.

Stitch provides 24/7, 365 engineer-led support, with monitoring operating across three layers: platform-wide, product-specific and client-specific. Operators are notified proactively when anomalies occur, rather than identifying failures independently. As active participants in all major payments governing bodies and working groups, we also keep our clients informed of market developments and regulatory changes well in advance of their implementation.

‍

FAQs

What payment challenges do car rental companies face?

Car rental operators must manage pre-authorisations, post-rental charges, omnichannel payment environments and international card processing across a single rental lifecycle. Additional complexity arises from booking amendments, damage and toll charges reconciled after return, network compliance requirements for merchant-initiated transactions and the operational burden of maintaining separate infrastructure for card-present and card-not-present environments.

How does pre-authorisation work in car rental payments?

Car rental operators hold a deposit via pre-authorisation at the start of a rental and release or adjust it upon return once final charges are confirmed. Traditional pre-authorisations can take up to 21 days to void if the process is not managed correctly, creating working capital pressure and customer experience issues. Stitch can process voids in one to three days and supports pre-authorisation flows across both cards and digital wallets.

What is network tokenisation and why does it matter for car rental?

Network tokenisation replaces raw card data with a secure token stored in a certified vault. For car rental operators, this enables post-rental charges such as toll fees, fuel shortfalls or damage assessments to be processed without the customer being present or needing to re-enter their card details. It also ensures transactions are structured correctly to avoid network fines, and carries no expiry constraint unlike a standard pre-authorisation.

How can car rental businesses reduce payment disputes and chargebacks?

A significant proportion of disputes in car rental are avoidable. They typically arise when customers encounter unrecognisable bank statement descriptors and dispute charges that are, in fact, legitimate. Dynamic bank references that clearly identify the merchant and transaction context reduce this materially. Intelligent 3DS authentication and embedded fraud monitoring address the remaining exposure from genuine fraud risk.

Can car rental businesses process payments across online and in-person channels with a single provider?

Yes. With the right infrastructure, car rental operators can consolidate online and in-person payments under a single provider. This includes wireless and mobile point-of-sale devices suitable for parking lot and kiosk environments, integration with international rental platforms and smart routing across card-present and card-not-present rate categories to manage processing cost.