Credit Card Transaction Processing Basics

By accepting credit and debit cards at your store or website, you become an integral part of the payment system which is why it is important that you understand the card transaction process: what it is, how it works and who else participates in it. Today I will review the basic framework of the system and the major components of payment processing, which will help you understand how they affect the way you do business.

Before we begin, it is important to understand that there are multiple payment systems, into which you will participate, one for each brand of payment cards you accept. Broadly, they all function in a similar fashion, but each one of them has its unique features. So first I will give you a generic overview of the card transaction process and then I will show you how each of the biggest card systems work. Finally, I will go over the card acceptance process itself and the specific actions you need to take every time a card is presented to you for payment. Let’s get started.

Credit Card Transaction Processing Basics

Participants. Every credit card transaction is the result of a series of interactions among several participants.

The full transaction cycle is represented in the diagram below.

• Cardholder. Cardholder is an authorized user of a credit or debit card.
• Card issuer. Card issuers are financial institutions that are members of Visa and MasterCard, which issue payment cards on behalf of the two Credit Card Associations and contract with their cardholders for the terms of the repayment of transactions.
• Acquiring bank. Acquiring banks (also called acquirers, processing banks or merchant banks) are financial institutions, members of Visa and MasterCard, that contract with merchants to enable them to accept debit and credit card payments for their products and services. They can also, and that is the case most of the time, contract with third parties to provide some of these services.
• Payment processor. Payment processor is an organization that has contracted with an acquiring bank to provide merchants with card payment processing services on behalf of the acquirer. Payment processors must be registered with Visa and MasterCard and must identify on all of their marketing materials, including their websites, the name of their bank partner.
• Merchant. Merchant is a business or a non-profit organization that has contracted with an acquiring bank or a merchant processor to accept card payments.
• Credit Card Associations. The Credit Card Associations of Visa and MasterCard are member-owned associations of banks that govern the issuing of Visa and MasterCard cards and the acquiring of Visa and MasterCard card transactions. Both organizations have developed payment systems to facilitate the processing of transactions between member banks.
• Service provider. A service provider can be any third party that provides a service used in the card payment transaction process: point-of-sale (POS) terminals, payment gateways, web hosting, SSL certificates, shopping carts, etc.

Transaction processing stages. The processing of card payments may vary depending on the particular procedures employed by the issuer, acquirer or merchant but they all involve the following stages:

• Authorization. Authorization is the process by which the card issuer approves or declines a card transaction.
• Authentication. Authentication is the process of establishing the validity of the credit or debit card account information provided by the customer. Authentication is done by utilizing various fraud prevention tools, including Address Verification Service (AVS) and Card Security Codes (CVV2, CVC 2 and CID).
• Clearing. Clearing is a process through which a card issuer exchanges transaction information with an processing bank. Clearing and settlement occur simultaneously.
• Capture. Capture is the process of collecting and organizing information of credit and debit card transactions for submission for settlement.
• Settlement. Settlement is a process through which a card issuing bank exchanges funds with a processing bank to complete a cleared transaction.

So that’s the generic version. Now let’s take a look at each of the big payment systems.

Visa’s Transaction Processing Basics

The participants in Visa’s card transaction cycle are the same as the ones listed above, with two additions:

• Visa Inc. Visa is now a publicly-traded company, which works with financial institutions that issue Visa cards (the card issuers) and / or contract with merchants to accept Visa cards for payment (these are the acquirers). Visa Inc. develops card products, promotes the Visa brand and sets the rules and regulations that govern the processing of payments involving the company’s cards. Visa also manages the world’s biggest retail electronic payments network, which facilitates the flow of transactions between acquirers and issuers.
• VisaNet. Part of Visa’s retail electronic payment system, VisaNet is a conglomerate of systems that includes:
  • An authorization system through which card issuers can approve or reject individual Visa card transactions.
  • A clearing and settlement system which processes transactions electronically between acquirers and issuers and which ensures that:
    • Visa transaction information flows from acquirers to issuers for posting to the cardholders’ accounts and
    • Payments for Visa transactions are processed from issuers to acquirers to be credited to the merchant accounts.

Here is a visual representation of Visa’s transaction process. First, the authorization:

And here is the clearing and settlement, which occur simultaneously:

MasterCard’s Transaction Process

MasterCard’s transaction system looks very similar to Visa’s. Of course, the names are different: transactions here are processed through the MasterCard Worldwide Network, using the Authorization Platform, the Global Clearing Management System (GCMS) and the MasterCard Settlement Account Management (S.A.M.) system. Nevertheless, the transaction cycle, as illustrated below, will now look familiar to you (click on the image for a larger view).

American Express’ Transaction Process

American Express is different from Visa and MasterCard in that AmEx serves as both the acquirer and issuer of its transactions (although nowadays AmEx does let other financial institutions issue its cards). The transaction begins when the merchant sends an authorization request to American Express. AmEx then sends back an authorization response (approval or a decline) which the merchant uses to determine whether or not to complete the transaction. Here is how AmEx’s transaction cycle look:

Discover’s transaction cycle looks indistinguishable from AmEx’s, as Discover is also both the issuer and acquirer of its transactions.

How to Accept Credit Cards for Payment

Your place, as a merchant, in the credit card transaction process is at the checkout, where you take your customers’ cards for payment. Whether you’ve done it for a long time or are new to the job, if you follow the basic card acceptance procedures reviewed below, you will do this right the first time and every time. First here is how you take cards in a face-to-face setting:

1. Swipe the card. Make sure that the card is swiped correctly and your terminal can read it. If your terminal is down or the card cannot be read, you can either key-enter the transaction information or you can request a voice authorization. Additionally, you may ask your customer for another form of payment. If you choose to key-entry or voice authorization option, and receive a transaction authorization, make an imprint of the card on the sales receipt to prove that it was present at the time of the transaction. You may need this for representment purposes in case of a chargeback.
2. Examine the card. While you are waiting for the authorization response, inspect the card’s security features to ensure it has not been altered. A detailed guide on how to do that can be found here.
3. Get an authorization approval. By now you should have received the authorization response. Do not process the transaction, unless the issuer has approved your authorization request. If you receive a decline, do not key-enter the transaction or make another authorization request, but ask for another form of payment.
4. Get your customer’s signature. If the card looks good and you have received an authorization approval, ask your customer to sign the sales receipt printed by your terminal.
5. Match the information on the receipt to that on the card. The last stage of the card acceptance process is comparing the name, account number and cardholder signature on the card to the corresponding information on the sales receipt and making sure they match.

If you become suspicious either of the validity of the card or the authenticity of the cardholder, follow your store procedures or make a Code 10 call to your acquirer. You will be transferred to the card issuer and a representative will instruct you on how to proceed with the transaction.

Obviously, the card acceptance process is somewhat different in e-commerce transactions. Yet, it is still quite straightforward. Every time a customer makes a payment at the checkout of your website or over the phone, your system needs to perform the following sequence of actions:

1. Collect the transaction information. At a minimum, you need to obtain the following information with each sales transaction:
   • Cardholder name.
   • Card account number.
   • Card’s expiration date.
   • Card security code.
   • Full billing address and the shipping address (if different).
2. If participating in Verified by Visa or MasterCard SecureCode, submit the authentication data with your authorization request. These two services are designed to provide e-commerce merchants with an additional layer of security by verifying that your customer is the authorized user of the card presented for payment.
3. Screen the transaction (optional, but necessary). You will have to implement a fraud screening system (there are many available in the market) to suspend a transaction if certain high-risk characteristics are found. Such transactions can then be manually reviewed. For example, transactions can be matched against pre-defined velocity parameters, high-risk locations and internal negative files.
4. Obtain an authorization approval from the card issuer. Just as is the case with card-present transactions, you should not process sales unless you receive an approval. Together with your authorization request, you should perform:
   • Address verification. The Address Verification Service (AVS) allows you to verify the validity of your customer’s billing address by comparing it to the one on file with the card issuer.
   • Verification of the security code. Card security codes (see above for details) are used in a card-not-present environment to verify that cardholders are in a physical possession of their cards during the transaction. Use them, but you should never store card security codes.
5. Use the electronic descriptor. The Electronic Commerce Indicator (ECI) identifies the transaction type and helps acquirers to differentiate merchants based on the way payments are accepted. You will need to indicate “Mail Order”, “Telephone Order”, “Internet Order” or “Signature on File” into the appropriate field of the authorization message and your processor will guide you on how to do that. For more on how to set up and use the Electronic Commerce Indicators, you can go here.
6. Indicate the expected delivery date (if applicable). Tell your customer what delivery method will be used and the expected delivery date. If the shipment is running late, immediately notify your customer of the new expected delivery date.
7. Do not deposit transactions before shipping the merchandise. For all e-commerce and MO / TO sales, the transaction date is the shipping date, not the order date. Transactions cannot be deposited until the merchandise has been shipped. Of course, you should also not be late with your deposits. Sales deposited more than 30 days after the transaction date can be charged back to you.

Now, although this isn’t strictly part of the transaction process, it is nevertheless essential that you request that all customers review and agree to your return and refund policies before completing a payment. Also, make your customer service phone number available on all of your web pages. Most customer inquiries can be quickly handled with a simple phone call, before the issue deteriorates into a dispute or a chargeback.

Image credit: Parscanada.com.