To what end does swiping or “dipping” (inserting a credit card with a chip) your card at a retail checkout terminal? If you tap its digits into a digital field, what happens?
A lot. Probably a lot more than you’d think. Electronic transactions involve a complex dance between cardholders, retailers, and a slew of middlemen. The global economy is predicated on this dance, which is performed billions of times every day all across the world. Things would be quite different if we didn’t have a safe and dependable way to send money over the internet.
The complexities of electronic payments are often overlooked. They don’t usually have to, though. However, despite their convenience, electronic payment systems have their flaws and can be compromised by both human mistake and criminal actors. Well-informed customers should be able to figure out what went wrong and who could be to blame when anything does.
The consumer who has this information at their disposal may potentially get to the bottom of their lost money or fraudulent transaction issues more quickly and with less stress.
Please don’t fret. Although there are several characters and a great deal of technological wizardry, the story is straightforward enough that even a novice programmer should be able to follow it.
Major Credit Card Transaction Parties
Knowing the people behind electronic payments is essential to understanding how they function. In a standard online credit card exchange, there are five main participants:
- You, the Buyer, are the one who initiates a transaction by swiping, dipping, or keying in credit card information. You are a buyer if you own a card capable of making electronic purchases.
- The Merchant is the business or individual from whom you are making a purchase. They begin the process of processing your payment once they have your credit card details. The rest of the procedure is guaranteed to be precise because each merchant has its own special identification number.
- The Acquirer: The merchant will pay the acquirer (also known as the merchant acquirer) to handle the routing of payment card information and the depositing of monies to the merchant’s account when each transaction is finalized. The acquirer is equipped to accomplish this on a massive scale and in almost real-time.
For the most part, large financial institutions like Wells Fargo, U.S. Bank, and Bank of America act as merchant acquirers. It is common for them to supply businesses with the technology and software needed to process credit card transactions, and in certain cases they may even handle the day-to-day maintenance of merchant accounts directly.
A buyer’s credit or debit card account is managed by the issuer, sometimes called the issuing bank. They issue credit (for credit card accounts), issue payment cards, and send bills to clients.
- The Association, or Network, acts as a clearinghouse and supporter for the benefit of its member institutions (both acquirers and issuers) and their respective clientele. The Network’s Relationship to Acquirers and Issuers in the Electronic Payment Industry Can Be Likened to McDonald’s Relationship to Franchisees. The network provides a recognizable brand, guarantees the proper processing of transactions, establishes norms and qualification criteria for member institutions, and mediates disagreements between parties to transactions completed via their networks. The interchange fees incurred when a transaction is processed are also determined by this body.
The issuer and the network are both compensated for their parts in the electronic payment process by the interchange fees. Credit card fees are necessary, but without them, there would be no incentive for anybody to use credit cards.
The Credit Card Payment Method
What steps do the primary participants in a credit card transaction take to complete this intricate dance? CreditCards.com has compiled a helpful checklist of all the things you need to know to complete a transaction successfully.
The authorisation procedure guarantees that the buyer has sufficient cash on hand or credit available to cover the cost of the purchase. This lessens the possibility that the seller may have to send over items without being paid. In order to obtain permission, the following steps must be taken:
- The consumer either swipes or dips their card at the register or enters their credit card details at checkout (in-store, online, or by phone).
- The card number, the value of the transaction, and the merchant ID are all transmitted to the acquirer via the merchant’s payment processing terminal.
- The acquirer then forwards the data to the cardholder’s issuing financial institution.
- This is a formal request for your approval of the requested transaction.
- In this case, the issuing bank verifies the customer’s access to available credit or funds. It also looks for warning signs, including consecutive in-person purchases in different places, that might point to fraud.
- If there is sufficient cash or credit available, and the transaction does not appear to be fraudulent, the issuer will transmit an authorisation number to the acquirer across the network.
- The acquirer gives the go-ahead for the sale and notifies the retailer.
- When a consumer places an order, the shopkeeper fulfills it.
Authorization only verifies that the consumer has the financial means to pay for the item or service being sought. The fundraising phase is the only point at which actual currency exchanges hands.
The consumer’s involvement concludes after authorisation is granted and the vendor delivers the ordered product or service. However, this is not the final phase of the transaction; batching comes next.
- When a customer makes a purchase, the shop keeps their credit card or other payment details on file in case there are any complications later in the day. The group of recorded financial dealings for a certain day is known as a batch.
- The batch is delivered to the acquirer at the close of business. The acquirer stores the batch in their own private, encrypted computer system until it can be transferred to the seller. Acquirers may choose to keep numerous batches based on their own needs and timetables, as they often serve thousands of different merchant clients.
The clearing procedure can start after the acquirer has received the batch from the merchant. This is an exciting moment for the middlemen because they get paid.
- The acquirer then transmits the group to the relevant card organization.
The association or network that processes card payments contacts the customer’s issuing bank to seek payment for the purchase.
- The issuer will take a transaction charge from the total amount being transferred. Forbes claims that the transaction charge is precisely proportional to the interchange fees disclosed by the card networks. The percentage of a transaction that is taken in the form of interchange fees (and consequently transaction fees) ranges from one percent to three percent, depending on the card network. The majority of this cost goes to the issuer, while the remainder (essentially a franchise fee) is split between the card network and the issuer.
- The net amount is sent to the acquirer by the issuer via the card network.
Funding is the fourth and last phase of the deal. At this stage, payment is sent to the merchant for the transaction or, more commonly, for all of the transactions included in the relevant batch.
- The total transaction price is discounted by the acquirer’s discount rate. The acquirer’s compensation for its role in the deal is reflected in the discount rate.
- Discount fees, like transaction costs, are closely connected to interchange fees. Less than one percent of the total value of a transaction is normally covered by these fees.
Once the acquirer deposits the remaining funds into the merchant’s business account, the sale is considered finalized.
- All transactions performed throughout the billing cycle, including the one in question, are itemized and sent to the client by the issuer. The onus of payment rests squarely on the customer, as stated in the cardholder agreement.
A typical electronic card transaction may be authorized and the consumer removed from the transaction within seconds, but the full four-step procedure (up to merchant financing) may take several business days. Of course, the consumer may take up to a month to actually submit payment to the issuing bank.
- Mobile Payments, Including Wallets and Contactless Cards
Even though most modern customers can’t recall a period before credit cards, paper currency was once more widespread than plastic.
Indeed, the nature of payments is still evolving. Mobile contactless payments, while still not as ubiquitous as traditional credit card purchases, are growing in popularity and convenience. The shift toward mobile payments is expected to quicken as smartphone technology improves and more retailers recognize the advantages of offering contactless acceptance.
Mobile contactless payment is revolutionary in terms of technology, but it is not very novel in terms of logistics. The architecture for electronic payments that we’ve outlined here supports contactless payments, with a few key modifications that boost (but don’t fully ensure) transaction security.
Vendors of contactless payment systems may differ in how they ensure customers’ data is safe. Virtual cards and tokenization are the most common forms of this technology.
Google Wallet, a widely used contactless payment system, employs the virtual card method to enable users to send and receive payments via their mobile devices. Google claims that each user of Google Wallet receives a unique debit card number from MasterCard or Discover.
Although it acts and looks just like a payment card number issued by a legitimate bank, this one doesn’t belong to the cardholder.
Google will “pay” with the virtual card number whenever the consumer begins a purchase. The remainder of the procedure, including authorisation and financing, is handled by the virtual card and transmitted to the merchant. Cardholders’ actual payment card numbers are encrypted on a Google Wallet server, where only Google has access. Once the virtual card number is used to make a purchase, Google will then charge the actual card for the same amount.
Specifically, tokenization is used by Apple Pay. When a consumer makes a new transaction using Apple Pay, a one-time identification number is generated for their device (the “device account number,” or DAN).
To prevent the actual card number from being transferred electronically and accidentally viewed by the retailer, a dynamically generated account number (DAN) is used in its stead. Once the acquirer has the DAN, the transaction continues normally.
One benefit of the tokenization technique for users who value anonymity is that no records are kept by the payment system. That is to say, Apple Pay does not maintain track of the underlying credit card transactions it supports. Google Wallet, on the other hand, stores full transaction histories, much like a traditional financial institution or credit card company would.
- Card Not Present (CNP) Transactions
The participants in the electronic payment drama face new complications when dealing with card-not-present (CNP) transactions.
When a consumer pays for anything online rather than at a store’s register, this is known as a card-not-present transaction (CNP). Common instances are making a purchase online, when the buyer enters their credit card information into a (supposedly) protected field, or making a purchase over the phone, where the buyer either enters their information into a keypad or vocally announces it. In the hybrid instance of paying for petrol with a credit card at the pump, the card is there but there is no human attendant to check the cardholder’s identification.
When compared to in-person and mobile contactless transactions, CNP ones are less safe. Mobile Transaction, a UK-based mobile payments company, estimates that CNP transactions accounted for 64% of all credit and debit card fraud in the UK in 2014, with a total loss of £245.8 million. Criminals like CNP transactions when using stolen cards since they can more easily conceal their true identities, the retailer is less likely to ask for identification, and EMV (chip-and-PIN) security measures are not in effect.
Certain forms of CNP transactions require different authorization processes than others.
- Automatic Pre-Authorization for Recurring Transactions: Recurring CNP transactions (such as monthly insurance payments) are authorized automatically. If the buyer does not have enough money or credit, the purchase will still be denied.
- Transactions Involving Shipping: In most cases, authorization is only valid on the day a transaction is initiated and expires after a batch of transactions has been processed and transmitted. In the event of e-commerce transactions where the merchant is responsible for shipping items, the authorisation period might be extended to as long as seven days.
When processing CNP transactions, merchants often employ additional verification (authentication) methods to ensure the safety of their customers’ financial information. Using all three of these protocols is strongly encouraged by major credit card networks like Visa and MasterCard.
- Verification software that requires a password is becoming increasingly common among major card networks, in the same way that financial institutions demand users to enter passwords when accessing online banking accounts. The cardholder must register with the card network and develop a unique password under these schemes, which include Verified by Visa and American Express SafeKey. Their identity will be verified every time they make a purchase at a store that accepts this method by entering this password. It is not automatic for cards to participate; rather, they and businesses must both take the effort to register for the service. However, sellers who take part in these systems are less likely to be held accountable for fraudulent transactions.
- CVV, or Card Verification Code: The “card verification value,” or CVV, is a three- or four-digit code printed on the back of every credit card. Neither the card’s magnetic strip nor the chip contain the CVV code, and the 15- or 16-digit number on the front of the card has nothing to do with it. The merchant can verify that the buyer is in possession of the card by having them input the CVV code.
- The Address Verification Service (AVS) compares the cardholder’s entered address with the issuer’s stored address to ensure the accuracy of the cardholder’s address. To verify a customer’s identity, the AVS system compares the billing address, including the street number and ZIP code, to data provided by the card issuer when making an online purchase. The transaction might be denied if the numbers don’t add up. AVS is implemented in certain pay-at-the-pump card readers through the request for ZIP codes.
It’s remarkable how many things occur once you enter your credit card information, whether by swipe, dip, touch, or key in. These mostly unseen processes detailed above are carried every second of every day, all across the globe, in the billions.
Electronic payment systems are especially vulnerable because of their sophistication. In the event if the banking systems and card networks that enable electronic payments suddenly went down for the count, the global economy would come to a grinding halt. Smaller-scale catastrophes, such phishing attacks and data breaches by skilled hackers, happen all the time.
Credit card companies and banks spend billions trying to limit various kinds of fraud, but ultimate elimination remains an improbable goal. At the end of the day, maybe it’s best not to think too deeply about the factors that drive the economy.