Have you ever wondered what happens behind the scenes when an online payment is made? If you are just getting started with the business of eCommerce and online payments – or if you are simply curious about the process – it can be challenging to navigate the convoluted terminology used in the industry and make sense of what each actor does and how.
Therefore, in this blog post, we’ll explain the main payment infrastructure terms you need to understand and how they work together to enable global eCommerce transactions.
Let’s start with the merchant – the individual who offers goods or services for sale.
A merchant must work with an acquiring bank to apply for and receive a merchant account – an account that allows the merchant to accept credit and debit cards – to be able to start selling and receiving payments from shoppers. You’re probably wondering what an acquiring bank is – well, it’s a bank or financial institution that is a registered member of a card network, such as Visa or MasterCard, and accepts (or acquires) transactions for merchants, on behalf of the debit and credit card networks. We’ll cover this in more detail later in this blog post.
A merchant account is an account number issued by an acquiring bank for a specific merchant. This account number is similar to other unique account numbers issued by a bank (like a bank account number), but is specifically used by the merchant to identify itself as the owner of the transaction information it sends to the bank, as well as the recipient of the funds from the transactions. As part of the application to receive a merchant account, merchants are required to agree to follow the regulations set by card associations, such as Visa or MasterCard.
Merchant accounts are subject to varying fees. These fees can either be implemented through monthly billing, as a percentage of each transaction, or both.
Once the merchant has obtained a merchant account, whenever a customer purchases an item with a credit or debit card, the merchant submits the purchase transaction information to its acquiring bank, which will then submit it through the card association network to the card holder’s issuing bank. The issuing bank will approve or decline the charge and bill the card holder the amount due to the merchant.
If the customer uses a digital wallet (e.g. Visa Checkout, Google Pay, etc.) or another online payment method, the transaction data will go from the merchant to the wallet provider, and from there to payment processors, acquiring banks, and so forth.
When shoppers buy online, they will typically place an order for a product or service on a merchant’s website. They will enter their payment details – credit/debit card details or other payment methods – on secure web or cart pages (URL being prefixed with “HTTPS”), after which the information is encrypted by the web browser and sent to either the merchant’s servers or to a Payment Service Provider or payment gateway that the merchant uses to accept payments.
Once the payment has been authorized (Credit Card Authorization), the merchant will fulfill the order for the shopper.
Once the merchant has obtained a merchant account, whenever a customer purchases an item with a credit or debit card, the merchant submits the purchase transaction information to the payment processor used by its acquiring bank via a payment gateway.
Payment gateways are software and servers that transmit transaction information to acquiring banks and responses from issuing banks (such as whether a transaction is approved or declined). Essentially, payment gateways facilitate communication within banks. Be patient, we’ll explain what is an issuing bank in a bit.
Security is an integral component of all payment gateways; sensitive data such as credit card numbers need to be protected from any fraudulent activities. The card associations have created a set of rules and security standards which must be followed by anyone with access to card information, including gateways. This set of rules and security standards is called the Payment Card Industry Data Security Standard (PCI-DSS or PCI).
Submitting an order is completed using the HTTPS protocol, which securely communicates personal information through the parties involved in the transaction. Payment gateways usually charge those who use them a per-transaction fee.
Many eCommerce merchants use Payment Service Providers to gain access to payment gateways and thus be able to accept payments. The Payment Service Provider will, in this case, make the gateway functionality available for the merchant and its customers.
Payment service providers partner with acquiring banks and their payment processors to offer merchants the capability to accept payments. Payment Service Providers often offer services in addition to processing transactions. These services include Payment Card Industry Data Security Standard (PCI) compliance, fraud protection and the ability to process different currencies and translate different languages.
The PSP sends (via the payment gateway) the transaction information, initiated by the shopper with the merchant, to a payment processor used by the merchant’s acquiring bank.
Payment processors enable merchants to receive debit or credit card payments online by providing a connection to an acquiring bank. These processors perform many functions, such as evaluating whether transactions are valid and approved, using anti-fraud measures to assure that a purchase transaction is initiated by the source it claims to be. Processors are held to standards and regulations organized by credit card associations. These standards include rules regarding fraud, chargebacks, and identity theft.
If the shopper has used a credit or debit card to place the order with the merchant, the payment processor will transmit the transaction information from the gateway to the relevant card association.
The card association will either approve or decline the transaction directly (e.g. in the case of American Express) or contact the card’s issuing bank for authorization (in the case of Visa/MasterCard).
An issuing bank is responsible for any card holder’s ability to pay off the debt s/he accumulates with the credit card or line of credit given by the bank.
Upon receiving the card authorization request from the card association, the issuing bank will either approve or decline the transaction, depending on the shopper’s financial situation.
Acquirers/Acquiring banks are registered members of a card network, such as MasterCard or Visa, and accept (or acquire) transactions on behalf of those debit and credit card networks, for a merchant. The card network connects acquiring banks to issuing banks so that a customer transaction can be verified. Whenever a cardholder uses a debit or credit card for a purchase, the acquiring bank will either approve or decline the transactions based on the information the card network and issuing bank have on record about that card holder’s account.
Aside from managing transactions, an acquirer also assumes full risk and responsibility associated with the transactions it processes. Because of this, the acquirer charges various fees for its services. These fees vary by acquirer, but they’re commonly assessed for activities such as transactions, refunds, chargebacks, and so on. The acquirer charges fees on behalf of themselves, the card network, and the issuing bank taking into account credit card interchange costs as well.
Authorization is necessary to check whether a card holder’s debit or credit card holds sufficient funds and is approved to purchase from a merchant. An authorization request first emerges when the card holder attempts to purchase a good or service using a debit or credit card.
The request for authorization is first sent through the merchant’s acquiring bank and associated payment processor, to determine the card holder’s bank (issuing bank). When notified, the card holder’s issuing bank then determines whether the transaction with the merchant will either be approved or declined based on the card holder’s line of credit. If the issuing bank approves the transaction, it will place a hold (an “authorization”) on the necessary funds in the shopper’s account.
The issuing bank then communicates the result (approved/declined) and the reason for it back to the payment processor, which will in turn relay it to the merchant and shopper through the payment gateway. If the transaction is approved, then the amount of the transaction is deducted from the card holder’s account and the cardholder is given a receipt. The whole process described so far doesn’t take more than a few seconds, in real time.
The next step is for the merchant to fulfill the order placed by the shopper. After the merchant has fulfilled the order, the issuing bank will clear the authorization on the shopper’s funds and prepare for transaction settlement with the merchant’s acquiring bank.
Interchange refers to the clearing and settlement of records between payment system participants. The term can also be used to describe the fees or transfer pricing between issuers and acquirers. Participating acquirers and issuers pay or receive interchange each time a credit or debit card is used. For example, banks pay interchange for card-based transactions. This fee tends to be paid by the acquiring bank or the merchant’s bank, to the consumer’s banks or the issuing bank.
In the interest of efficiency, merchants usually submit all their approved transaction to their acquiring banks – via their payment processors – at the end of every day, in a batch. The acquiring bank then sends transaction settlement requests to the shoppers’ issuing banks involved.
Once all authorizations have been made and all approvals received by the involved parties, the issuing bank of the buyer sends funds to the seller’s acquiring bank, via that bank’s payment processor. The acquiring bank will then take those funds and deposit them in the merchant’s account. This is called a settlement pay or settlement.
For typical card transactions, even though the authorization and approval for order fulfillment take only seconds, the whole payment processing circuit in the background can take up to three days to be completed.
And there you have it – how the payments industry works, in a nutshell. You should now have a better understanding of all the entities involved in online transactions and the sequence of payments processing operations that underlies digital commerce.
To learn about more terms and concepts used in eCommerce, check out our glossary, here!