How Does Payment Processing Work?

Many consumers swipe credit and debit cards without a moment of thought. After all, it only takes a few seconds for the card terminal to verify the transaction. However, payment processing is actually quite complicated and required a few moving parts. 

With that being said, how does payment processing work? Keep reading to learn more about card transactions and the technology involved. 

The basics of payment processing

Accepting electronic payments like debit and credit cards is inherently risky. Firstly, these cards can be stolen or counterfeit, exposing the business to liability and chargebacks. 

Secondly, these payments involve credit, meaning the business does not receive funds immediately. Instead, the bank issues a type of IOU that the customer will pay the debt. If the cardholder does not have the funds, the business will not receive any payment. 

Because of this risk and the technology needed to verify these payments, a business needs to work with a payment processor. This processor facilitates the transfer of funds between the customer and merchant, communicating with all banks and credit card companies involved.

Typically, the payment processor provides a credit card terminal to the merchant. This terminal connects to the point of sale system and then is used to accept credit, debit, and contactless payments.

The three steps of payment processing

Card and contactless payments follow a series of steps before releasing the funds. The goal of this process is to:

• Verify the validity of the card
• Protect the cardholder’s data
• Verify the funds are available
• Transfer the funds to the merchant

Let’s go over the steps required during payment processing. 

1. Authorization

After the merchant calculates the total due, the cardholder will be prompted to insert their card. During this step, the cardholder’s issuing bank needs to verify the account and approve the transaction. 

The authorization stage looks like the following:

1. Cardholder inserts their card into the credit card terminal
2. The terminal encrypts the card details and sends them to the acquiring bank (the bank used by the merchant)
3. The acquiring bank sends the credit card details to the credit card association named on the customer’s card (such as Amex, Visa, MasterCard)
4. The credit card association approves the payment and requests the issuing bank (the customer’s bank) to authorize the payment.

Authorization occurs after the issuing bank verifies the following:

• Card number
• Expiration date
• Billing address 
• Security code 
• Total payment amount

2. Authentication

After the issuing bank verifies the card details, it then authenticates the purchase in order to release the payment to the acquiring bank.

For authorized transactions:

1. The issuing bank approves the transaction and notifies the credit card association. 
2. The credit card association notifies the acquiring bank of the authorization. 
3. The issuing bank places a hold on the cardholder’s account, which will then turn into a withdrawal after the transaction clears. 
4. The card terminal or point of sale system prints a receipt to confirm the transaction.

For unauthorized transactions:

1. The issuing bank rejects the transaction and notifies the card association and acquiring bank. 
2. The transaction is voided. 
3. The card terminal or point of sale system displays an error message and/or prints a receipt confirming the incomplete transaction.

3. Settlement

After the transaction is over, the issuing bank releases the funds to the acquiring bank. This does not occur immediately, rather it can take several days for the merchant to receive the funds and for the customer to see the transaction on their statement.  

1. When the merchant closes for the day, the POS terminal sends a “batch” of approved authorizations to the acquiring bank.
2. The acquiring bank sends this batch to the credit card network.
3. The network seeks to “settle” each transaction. Settlement occurs when the merchant receives the funds, clearing the hold and ending the transaction.
4. The credit card association sends approved transactions to the issuing bank.
5. The issuing bank transfers the funds to the credit card network.
6. The credit card network sends the funds to the acquiring bank.
7. The acquiring bank deposits the funds in the merchant’s account.
8. The issuing bank completes the transaction on the customer’s account. 

Payment processing has fees

Looking over the three steps listed above, you can see that transactions are not as easy as handing over a dollar bill. Because processing electronic payments is complex, each party charges a fee to account for their portion of the transaction. 

Typically, a merchant pays a fee on each transaction based on a percentage of the total purchase amount. This fee is usually a fixed percentage or a variable percentage, depending on what plan the merchant chooses. 

These transaction fees pay for:

• Issuing banks to verify and transfer the funds
• Credit card networks to approve the transaction and transfer the funds
• Payment processors to execute the transaction

Fees can also vary depending on how the customer paid, how much data was used, and the type of business owned by the merchant. 

For example, look over Mastercard’s interchange rate. Based on this chart, the network charges “Charities” a higher percentage fee than “Lodging and Auto Rental” merchant. 

Process payments efficiently with Epos Now

If you plan to accept credit and debit cards, you will need a payment processor and point of sale system. While the POS will not be in charge of facilitating the transfer of funds, it will communicate with the credit card terminal and log all transactions. Without a POS, you will struggle to manage your sales, returns, receipts, and more. 

Epos Now provides modern POS systems that work with payment processors across the world. With our systems and partners, you can accept all major debit and credit cards quickly and easily. 

On top of this, Epos Now POS systems can:

• Manage inventory
• Generate custom reports
• Track staff actions and hours
• Integrated with dozens of apps

Contact Epos Now today to learn more about our POS systems and payment processing partners.

Frequently asked questions

Why are card transactions denied? 

A customer’s debit or credit card can be denied for a few reasons, but that does not mean it cannot be used. Sometimes user error is involved, and other times the card is completely unusable. 

Transactions are generally denied for the following reasons:

• A cardholder or merchant inputted card details incorrectly
• The merchant’s payment processor does not accept the bank or credit card association
• There are insufficient funds on the account
• The bank put a hold on the card or asked for verification - typically happens in cases of suspected fraud
• Technical errors interrupted the payment processing system

If a card is declined due to an error, the terminal will typically display a message to try again. In these cases, it is advisable for the customer to swipe the card a second time. 

If the terminal states the card has insufficient funds, the customer may not want to swipe it again. Doing so could lead to overdraft fees or other charges.

What is a credit card association?

Every debit and credit card operates via a credit card network or association. This is the company listed on the corner of the card, such as Visa or MasterCard. 

Typically, credit card associations do not directly issue cards. For example, you cannot contact Visa and obtain a credit card. 

Instead, a bank issues a debit or credit card and then relies on these associations to process payments. In return, the association charges a fee each time the card is used.

Note: Some credit card companies do issue cards directly. Examples include American Express and Discover.

How secure is payment processing?

The use of credit and debit cards increases the risk of identity theft and fraud. Someone could use a stolen card, skimmed card, or even steal card data while it is being processed.

Thankfully, payment processors use incredibly secure devices that encrypt all user data and send it through secure digital channels. As long as a merchant uses PCI-compliant devices, the customer will have a very low chance of their information being stolen by a malicious actor. 

That said, companies occasionally suffer from data breaches. Should these companies store payment data, the hackers could steal a customer’s credit card data. When this happens, the issuing bank will typically provide a new credit card to the customer.