Payments 101: A Guide to Payment Processing
Oct 2, 2024 12 minutes
Whether you’re a small business owner, an e-commerce entrepreneur, or simply a curious consumer, understanding the basics of payment processing is important in our increasingly cashless world.
This crash course in Payment Processing 101 will guide you through the fundamentals. We’ll explore the key players involved, break down the lifecycle of a transaction, and delve into important concepts like chargebacks and security measures.
CONNECT WITH A PAYMENT PROCESSOR THAT BACKS YOUR BUSINESS
What is Payment Processing?
Payment processing is the automated process that enables the transfer of funds from a customer to a merchant in exchange for goods or services. It’s the behind-the-scenes mechanism that allows businesses to accept various forms of electronic payments, including credit cards, debit cards, and digital wallets.
At its core, payment processing acts as a secure intermediary, facilitating the complex interactions between multiple parties to ensure that money moves safely and efficiently from the customer’s account to the merchant’s bank account.
Payments 101 Terms
- Merchants: These are the businesses or individuals selling goods or services. They initiate the payment process by accepting customer payments through various methods.
- Customers: Also known as cardholders, these are the individuals making purchases and initiating transactions.
- Payment Processors: These companies handle the transaction by transmitting data between merchants, card networks, and banks. They’re responsible for securely routing payment information and ensuring compliance with industry standards.
- Issuing Banks: These are the financial institutions that provide credit or debit cards to customers. They authorize transactions and release funds on behalf of their cardholders.
- Acquiring Banks: Also called merchant banks, these institutions maintain merchant accounts and receive funds from issuing banks on behalf of merchants.
- Card Networks: Companies like Visa, Mastercard, American Express, and Discover that manage the infrastructure for processing card payments. They set interchange fees and mediate between issuing and acquiring banks.
LOWER YOUR MERCHANT FEES TODAY
The Payment Processing Lifecycle
Now that you understand the general terms involved in payment processing, let’s go through the lifecycle of a payment.
1. Authorization
Authorization is the first step in the payment processing lifecycle. It occurs within seconds of a customer initiating a transaction and determines whether the purchase will be approved or declined.
Here’s how the authorization process typically unfolds:
- Customer Initiates Transaction: The process begins when a customer decides to make a purchase. This could be by swiping a card at a physical point-of-sale terminal, entering card details on an e-commerce website, or using a digital wallet.
- Merchant’s Payment Gateway Sends Request: The merchant’s payment gateway, which is a software application that securely transmits payment data, sends an authorization request to the payment processor. This request includes details such as the card number, expiration date, amount, and merchant ID.
- Processor Routes Request: The payment processor acts as a middleman, routing the authorization request to the appropriate card network (like Visa or Mastercard) based on the card type.
- Card Network Forwards to Issuing Bank: The card network then forwards the request to the customer’s issuing bank, which is the financial institution that provided the credit or debit card to the customer.
- Issuing Bank Approves or Declines: The issuing bank checks several factors, including:
- Whether the account has sufficient funds or credit
- If the card is valid and not reported lost or stolen
- If the transaction fits the cardholder’s typical spending pattern
- Based on these checks, the bank either approves or declines the transaction.
- Response Sent Back: The approval or decline message is sent back through the same route – from the issuing bank to the card network, to the processor, through the payment gateway, and finally to the merchant.
- Transaction Completion: If approved, the merchant can complete the sale. If declined, the merchant informs the customer that the transaction cannot be processed.
The entire authorization process typically takes just a few seconds, providing a seamless experience for both the customer and the merchant. It’s important to note that at this stage, no actual funds have been transferred; the authorization merely places a hold on the funds in the customer’s account.
2. Authentication
Authentication follows authorization and is a crucial step in verifying the cardholder’s identity to prevent fraud. While often seamless for the customer, this process adds an extra layer of security to the transaction.
Common authentication methods include:
- PIN (Personal Identification Number): Used primarily for debit card transactions at point-of-sale terminals.
- CVV (Card Verification Value): The 3 or 4-digit code on credit cards, typically required for online or phone transactions.
- 3D Secure: An additional security layer for online credit and debit card transactions, often involving a one-time password sent to the cardholder’s mobile device.
- Biometric Authentication: Increasingly common, especially with mobile payments, using fingerprints or facial recognition.
These methods help ensure that the person making the transaction is indeed the authorized cardholder, significantly reducing the risk of fraudulent transactions.
3. Clearing
Clearing is the process of finalizing and reconciling all the day’s transactions. This typically occurs at the end of each business day:
- Batch Processing: The merchant’s payment processor collects all authorized transactions for the day into a batch.
- Submission to Card Networks: The processor sends these batched transactions to the respective card networks (Visa, Mastercard, etc.).
- Distribution of Information: Card networks sort and distribute the transaction information to the appropriate issuing banks.
- Account Debiting: Issuing banks debit the cardholders’ accounts for the purchase amounts.
- Clearing Confirmation: The card networks send clearing files back to the acquiring banks, confirming the transactions.
The clearing process ensures that all parties have accurate records of the day’s transactions, setting the stage for the final step: settlement.
4. Settlement
Settlement is the final stage where funds actually change hands:
- Fund Transfer Initiation: Based on the clearing information, the issuing banks initiate the transfer of funds to the acquiring banks.
- Interchange Fee Deduction: As funds move from issuing to acquiring banks, the card networks deduct their interchange fees.
- Processor Fee Deduction: The acquiring bank or payment processor deducts their fees from the transaction amount.
- Merchant Payout: The remaining funds are deposited into the merchant’s account. This typically occurs within 1-3 business days after the transaction, depending on the payment processor and type of merchant account.
- Reconciliation: Both the merchant and the customer can reconcile their accounts, with the transaction now complete and reflected in their respective balances.
The settlement process completes the payment cycle, ensuring that merchants receive their funds and all intermediaries are compensated for their roles in facilitating the transaction.
Payment Methods and Technologies
Merchants and customers alike should aim to understand the various payment methods available. Let’s explore some of the most common and innovative payment methods and technologies:
Credit Cards and Debit Cards
Credit and debit cards remain the backbone of electronic payments. They offer convenience, widespread acceptance, and often come with rewards programs or cashback incentives. The main difference lies in how they access funds:
- Credit Cards: Allow users to borrow money up to a predetermined limit, which must be repaid later.
- Debit Cards: Directly access funds from the cardholder’s bank account.
Both types now commonly feature EMV chip technology, which provides enhanced security compared to traditional magnetic stripes.
ACH (Automated Clearing House) Transfers
ACH transfers are electronic, bank-to-bank money transfers processed through the Automated Clearing House network. They’re commonly used for:
- Direct deposits of salaries and government benefits
- Bill payments
- Person-to-person transfers
ACH transfers are typically cheaper than wire transfers and are becoming increasingly popular for business-to-business transactions.
Digital Wallets
Digital wallets store payment information on a mobile device, allowing for quick and convenient transactions. Popular examples include:
- Apple Pay
- Google Pay
- Samsung Pay
- PayPal
These services often use tokenization to enhance security, replacing sensitive card data with a unique identifier for each transaction.
Contactless Payments
Contactless payments use Near Field Communication (NFC) technology to enable transactions by simply tapping or waving a card or mobile device near a payment terminal.
Cryptocurrencies
While still considered alternative, cryptocurrencies like Bitcoin and Ethereum are gaining acceptance as payment methods. They offer:
- Decentralized transactions
- Potentially lower fees for international transfers
- Increased privacy
However, their volatility and regulatory uncertainties pose challenges for widespread adoption in everyday transactions.
Buy Now, Pay Later (BNPL)
BNPL services have surged in popularity, especially among younger consumers. These services allow customers to split payments into installments, often interest-free if paid within a specified timeframe. Examples include Affirm, Klarna, and Afterpay.
QR Code Payments
QR code payments involve scanning a QR code with a smartphone to initiate a transaction. This method is particularly popular in Asia and is gaining traction globally due to its simplicity and low implementation cost for merchants.
Biometric Payments
Emerging biometric payment methods use unique physical characteristics like fingerprints, facial recognition, or even vein patterns to authenticate transactions. While still in early stages, these methods promise enhanced security and convenience.
Understanding Fees and Pricing Models
Let’s break down the main types of fees and common pricing models used in the payment processing industry.
Types of Fees
1. Interchange Fees
Interchange fees are the largest component of processing costs. These fees are set by card networks (like Visa and Mastercard) and paid to the issuing bank. They vary based on factors such as:
- Card type (credit, debit, rewards)
- Transaction type (card-present vs. card-not-present)
- Merchant category
2. Assessment Fees
These are smaller fees charged by the card networks themselves. They’re typically a percentage of the transaction volume and are non-negotiable.
3. Payment Processor Fees
These are fees charged by the payment processor for their services, including:
- Transaction fees
- Monthly or annual account fees
- PCI compliance fees
- Chargeback fees
Common Pricing Models
Payment processors typically use one of three pricing models:
1. Flat-Rate Pricing
A single, fixed percentage for all transactions, sometimes with an additional per-transaction fee
Example: 2.9% + $0.30 per transaction (think Stripe)
Pros: Simple to understand, predictable costs
Cons: Can be more expensive for high-volume merchants
2. Interchange-Plus Pricing
Processor charges the actual interchange rate plus a fixed markup
Example: Interchange + 0.3% + $0.10 per transaction
Pros: Transparent, often cheaper for high-volume merchants
Cons: More complex billing statements
3. Tiered Pricing
Transactions are categorized into tiers (e.g., qualified, mid-qualified, non-qualified) with different rates for each
Pros: Simplifies complex interchange rates
Cons: Can be less transparent, potentially more expensive
Factors Affecting Fees
Several factors can influence the fees a merchant pays:
- Transaction Volume: Higher volume often leads to lower rates
- Average Transaction Size: Larger transactions may qualify for lower percentage fees
- Industry Risk: High-risk industries typically face higher fees
- Card-Present vs. Card-Not-Present: In-person transactions usually have lower fees than online or phone transactions
Tips for Managing Processing Costs
- Understand Your Statement: Regularly review your processing statement to understand where your money is going.
- Negotiate with Processors: Don’t be afraid to negotiate, especially if you have a high transaction volume.
- Minimize Risk: Implement strong fraud prevention measures to reduce costly chargebacks.
- Choose the Right Pricing Model: Consider your business type and volume when selecting a pricing model.
- Stay Compliant: Maintain PCI DSS compliance to avoid additional fees and security risks.
Understanding payment processing fees and pricing models is essential for businesses to make informed decisions about their payment systems. While the landscape can be complex, taking the time to comprehend these elements can lead to significant cost savings and more efficient operations in the long run.
REDUCE RISK, INCREASE CONVERSIONS
Security and Compliance in Payment Processing
Both merchants and payment processors must adhere to strict security standards and compliance regulations to safeguard customer information and maintain trust in the payment ecosystem.
PCI DSS (Payment Card Industry Data Security Standard)
PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.
Compliance with PCI DSS is mandatory for all entities involved in payment card processing.
Key requirements of PCI DSS include:
- Installing and maintaining a firewall configuration to protect cardholder data
- Encrypting transmission of cardholder data across open, public networks
- Protecting stored cardholder data
- Restricting access to cardholder data on a need-to-know basis
- Regularly testing security systems and processes
Compliance levels vary based on transaction volume, with larger merchants facing more stringent requirements.
Tokenization and Encryption
Two critical technologies used to protect sensitive payment data are:
- Tokenization: This process replaces sensitive data (like credit card numbers) with unique identification symbols that retain all the essential information without compromising security. Tokenization is particularly useful for recurring payments and digital wallets.
- Encryption: This involves encoding information in such a way that only authorized parties can access it. In payment processing, encryption is used to protect data both in transit and at rest.
Fraud Prevention Measures
Payment processors and merchants employ various fraud prevention techniques:
- Address Verification Service (AVS): Checks if the billing address provided by the customer matches the one on file with the card issuer.
- Card Verification Value (CVV): Requires customers to enter the 3 or 4-digit security code on their card for card-not-present transactions.
- 3D Secure: An additional security layer for online credit and debit card transactions, often involving two-factor authentication.
- Machine Learning and AI: Advanced algorithms that analyze transaction patterns to detect and prevent fraudulent activities in real-time.
- Velocity Checks: Monitoring the number of transactions attempted with a single card or from a single IP address within a short time frame.
EMV Compliance
EMV (Europay, Mastercard, and Visa) technology, also known as chip card technology, has become a global standard for credit and debit card payments. EMV chips create a unique transaction code for each payment, making it much more difficult to counterfeit cards or use stolen card data.
Data Breach Response Plans
Despite best efforts, data breaches can occur. A comprehensive data breach response plan should include:
- Steps for containing the breach
- Procedures for notifying affected parties
- Measures to prevent future breaches
Regulatory Compliance
Beyond PCI DSS, payment processors and merchants must comply with various regulations depending on their location and the nature of their business. Some important regulations include:
- GDPR (General Data Protection Regulation) in the European Union
- CCPA (California Consumer Privacy Act) in California
- AML (Anti-Money Laundering) regulations
- KYC (Know Your Customer) requirements
Security and compliance in payment processing are not just legal requirements; they are essential for building and maintaining a solid business.
By implementing robust security measures and staying compliant with industry standards, businesses can protect their customers’ sensitive information and safeguard their own reputation in an increasingly digital marketplace.
Chargebacks: What They Are and How They Work
Chargebacks are an unwanted yet critical component of the payment ecosystem, designed to protect consumers from fraudulent transactions or merchant misconduct. However, they can also pose significant challenges for businesses.
What is a Chargeback?
A chargeback is a forced reversal of a credit card transaction initiated by the cardholder’s bank. It occurs when a customer disputes a charge on their credit card statement, effectively requesting a refund directly from the issuing bank rather than the merchant.
The Chargeback Process
- Customer Disputes a Transaction: The process begins when a cardholder contacts their issuing bank to dispute a charge on their statement.
- Issuing Bank Reviews the Claim: The bank assesses the validity of the claim based on the reason code provided by the customer.
- Merchant Receives Chargeback Notification: If the bank deems the claim valid, they notify the merchant’s acquiring bank, who then informs the merchant of the chargeback.
- Merchant Can Accept or Dispute: The merchant can either accept the chargeback or dispute it by providing evidence to counter the customer’s claim.
- Resolution and Potential Fund Reversal: If the merchant accepts or loses the dispute, the funds are reversed from the merchant’s account back to the customer. If the merchant wins the dispute, they retain the funds.
Common Reasons for Chargebacks
Chargebacks can occur for various reasons, including:
- Fraudulent transactions (unauthorized use of the card)
- Products or services not received
- Products significantly different from description
- Duplicate charges
- Technical errors (e.g., processing the same transaction twice)
- Subscription cancellations not honored
Impact on Merchants
Chargebacks can have significant consequences for merchants:
- Financial Loss: Beyond the reversed transaction amount, merchants often face chargeback fees.
- Increased Processing Costs: High chargeback rates can lead to higher processing fees or even account termination.
- Administrative Burden: Responding to chargebacks requires time and resources.
- Reputational Risk: Excessive chargebacks can damage a merchant’s relationship with their payment processor and customers.
Chargeback Time Limits
Customers typically have 60-120 days from the transaction date to initiate a chargeback, depending on the card network and reason code. However, it can be as far as 540 days from the transaction date.
Merchants usually have 7-10 days to respond to a chargeback notice.
Tips for Merchants to Prevent and Manage Chargebacks
- Clear Communication: Provide detailed product descriptions and clear refund policies.
- Responsive Customer Service: Address customer concerns promptly to prevent disputes from escalating to chargebacks.
- Secure Payment Processing: Implement strong fraud prevention measures to reduce unauthorized transactions.
- Accurate Billing Descriptors: Ensure your business name is clearly recognizable on credit card statements.
- Delivery Confirmation: Use tracking numbers for shipped items to prove delivery.
- Proper Documentation: Keep detailed records of all transactions and customer communications.
- Chargeback Alerts: Consider subscribing to chargeback alert services to address potential issues before they become formal disputes.
Friendly Fraud
“Friendly fraud” occurs when a customer files a chargeback for a legitimate transaction, either mistakenly or intentionally. Educating customers about your billing practices and encouraging them to contact you directly with concerns can help mitigate this issue.
The Future of Chargebacks
The payments industry is continually working to improve the chargeback process. Initiatives like Visa’s Visa Claims Resolution (VCR) aim to streamline the process, reduce timeframes, and implement more automated decision-making to resolve disputes more efficiently.
Hopefully this guide gives you the basic structure of payment processing so you can better understand your statement as well as your business’ needs.