While almost all businesses today accept credit cards, the vast majority of business owners don't truly understand how a credit card transaction works, the different cost structures, the PCI compliance aspect, or the automation options available. The goal of this article is to help make the complicated world of credit card processing more transparent.
It seems simple enough – hand a business your credit card, they hand over your purchase, and a couple of days later they have your money and you're enjoying your latest toy. What that situation doesn't show you are the 8 other companies which make it possible. Not counting the Consumer and the Merchant, all of the following companies have a hand in processing a single credit card sale:
- Issuing Bank – The financial institution from which the Consumer obtained their credit or debit card. If you have a Chase credit or debit card for instance, then Chase is your Issuing Bank
- Acquiring Bank – The financial institution which authorized and allows a business to accept payments via credit or debit card
- Front End Processor – The communication network between the Merchant and the Acquiring Bank
- Back End Processor – The interbank communication network which allows the Issuing Bank and Acquiring Bank to exchange transaction data
- Card Association or Payment Brand – Visa, MasterCard, Discover, American Express, or similar association of financial institutions which oversee and operate the credit and debit card solutions provided by the Issuing Banks. The applicable Association's logo appears on the credit or debit card
- Point of Sale System – Point of Sale (POS) systems are typically used by retail merchants for processing card present, face-to-face transactions. This usually involves hardware like a computer, cash drawer, card readers, pin pad, and more. Sometimes, it's just a simple credit card terminal
- Payment Gateway – A payment gateway is the software equivalent of a hardware terminal. Its how Internet merchants and almost any merchant using software like QuickBooks submit transactions to the Acquiring Bank for processing
- ISO/MSP – Banks don't actually sell any merchant accounts directly. They sell merchant services exclusively through Independent Sales Organizations or Merchant Services Providers (ISO/MSP) which is Visa's terminology and MasterCard's terminology respectively. Some banks own an ISO/MSP which makes it appear as though they are selling merchant services themselves
So how does it all work? A transaction happens in milliseconds, but it's a big loop. To illustrate how a typical transaction works, let's say a merchant uses the NELiX TransaX QuickBooks Module to process their credit card sales. The process would flow like this:
- The NELiX TransaX QuickBooks Module "builds" the transaction by pulling invoice information out of QuickBooks such as the dollar amount, shipping address, etc. The merchant then either hand keys the credit card information or swipes the card to get it automatically. QuickBooks is the POS in this situation.
- When the merchant clicks "Submit" to process the transaction, the NELiX TransaX module posts the transaction to the TransaX Payment Gateway.
- The TransaX Payment Gateway submits the transaction to the Acquiring bank through the Front End Processor.
- The Acquiring Bank identifies the Issuing Bank based on card number and forwards the transaction data to them over the Bank End Processor.
- Once the Issuing Bank receives the transaction data, it either approves or declines the sale based on a variety of criteria. The Issuing Bank then sends the response back to the Acquiring Bank via the Back End Processor.
- Finally, the Acquiring Bank sends the transaction response back through the Front End Processor to the TransaX Gateway. The TransaX Gateway communicates the result to the TransaX QuickBooks module. If it's successful, invoices are marked as 'Paid' and the merchant is done. If the transaction failed, they can check the reason why and choose what to do next.
And all of that happens in about 2 seconds. Perhaps a picture would help explain better. This is how Visa itself explains it:
To make all of this happen, the Card Associations have created a complex pricing structure called "Interchange". Interchange is comprised of nearly 500 different transaction types based on the industry of the merchant, type of card, and method of card acceptance. The cost for a transaction varies depending on which line item of Interchange you hit. As an example, a typical rewards card where the cardholder earns airline miles or other incentives is much more expensive to process than a regular debit card.
The Card Associations has also created several different pricing structures. Some structures are designed with fixed costs to be easier to understand, but can be more expensive overall. Other pricing structures can be more cost-effective, but are much more difficult to understand. The fees collected from the merchant are divided by all of the aforementioned processing parties. The Issuing Bank gets the lion's share, around 90% of the Interchange cost. The remaining pennies are divided by the Acquiring Bank, Processing Network, Card Associations and ISOs. There are also outside costs associated with Payment Gateways, Terminals or Point of Sale equipment.
Aside from the costs, Payment Card Industry (PCI) Compliance is a growing security consideration. PCI Compliance is about meeting the Data Security Standards for protecting cardholder data. Merchants agree to adhere to PCI Standards when they sign up for a merchant account and the Card Associations enforce it. If there is a breach with loss of credit card numbers, there can be fines of tens of thousands of dollars per incident, especially if it is shown that the merchant was not PCI compliant. The best way to make sure a merchant is compliant is to not store cardholder information at all. If you are not storing credit card numbers, then obviously you don't have to worry about them being stolen which is the biggest danger. Many Payment Gateways, for example the NELiX TransaX Payment Gateway, allow you to store the cardholder data inside the Payment Gateway, instead of locally. You then use a "token" to reference the billing information whenever you need it. This addresses the majority of the PCI compliance concerns and reduces the possibility of card data theft.
One of the greatest trends in the credit card acceptance world today is the increasing automation and use of technology. Because of the Payment Gateway, which is a software based tool rather than a hardware based tool like swipe terminals, further automation and innovation pops up every day. With new social payments tools, mobile payments, and other emerging technologies, it's easier and easier for people to exchange money. Even within software applications like QuickBooks, automation is more possible than ever. With tools like the NELiX TransaX QuickBooks Module, automation can be added to accept ACH / E-check payments, run credit card transactions in a batch, sync transactions that occurred on your website, send payments to vendors, and more.
There's more information in each of these subjects that can be truly covered here. Hopefully, this has provided some insight into credit card processes, cost structures, security, and automation.
If you'd like to learn more, we encourage you to contact NELiX TransaX at 866-513-1547 or firstname.lastname@example.org.