The following blog is from Global Payments Incorporated, a platinum sponsor of Point of Rental’s 2022 International Conference. Learn more about them at their website or by attending this year’s conference.
It sounds easy – a consumer hands a credit card to a merchant and buys a product or service. The money is debited from the customer’s account and credited to the merchant’s account.
It happens millions of times each day. But how? Who plays what role in the business behind the curtain?
This blog demonstrates the “magic” behind the credit card transaction process. In this post and accompanying infographic, you’ll see the role Global Payments Integrated plays in the credit card transaction lifecycle. This includes the payment application provider, the (front-end) processor, and transaction gateway. Our parent company, Global Payments, Inc., serves as the back-end processor and works directly with the card brands.
And remember – this all happens in a matter of a few seconds.
Who is Involved in a Credit Card Transaction?
There are numerous parties involved in the credit card transaction process flow, including:
- The customer who presents their credit card for payment when buying goods or services
- The merchant who sells the goods or services
- The merchant’s bank who transmits the credit card transaction to be approved
- The payment processor who processes the credit card transaction
- The credit card issuer, which includes banks, credit unions, and other financial institutions that issue credit cards
- The card brand, such as American Express, Discover, MasterCard, or Visa
The Credit Card Transaction Process
These 10 steps show the credit card transaction process:
1. The customer initiates a purchase
The credit card transaction process begins when the customer presents their credit card for payment. They may swipe or insert their credit card, or simply tap if they have EMV contactless capabilities.
2. The merchant requests authorization after processing the card information
From here, the merchant’s bank processes the card information and then requests authorization from the appropriate credit card network, such as American Express, Discover, MasterCard, or Visa.
3. The payment gateway routes card information to the processor
The credit card issuer authorizes the transaction by sending back a unique code. If the credit card is declined, the customer will get a message at the point of sale.
4. The processor, Global Payments, Inc., submits an authorization request to the credit card association
Next, Global Payments, Inc. submits an authorization request, which includes the credit card details and transaction details to the credit card association.
5. The card brand submits an authorization request to the issuing bank
An authorization request is sent from the card brand to the issuing bank and includes the credit card number, card expiration date, billing address, card security code, and the payment amount.
6. The issuing bank approves the authorization request
Once received, the issuing bank reviews the request and either approves or denies the transaction. A response is sent to the merchant via the same channels.
7. The card brand routes the authorization to the acquiring bank
If the transaction is approved, the merchant receives an authorization and the issuing banks place a hold for the amount of the purchase on the customer’s account.
8. The acquiring bank forwards the authorization to the merchant
From here, the acquiring bank forwards the authorization to the merchant’s POS terminal, which then collects and processes all approved transactions.
9. The merchant accepts the transaction and completes the purchase
The transaction is accepted by the merchant and the customer’s purchase can be completed.
10. The customer receives the purchased goods or services
Finally, the customer receives their goods or services. Within the next month, the customer will receive the bill from their credit card issuer for any changes they have made.
Credit Card Transactions and PCI Compliance
With every credit card transaction that takes place, it’s important that customers’ sensitive information is protected. For ISVs who provide software solutions to merchants, this means that all products must be PCI compliant. This ensures the security of credit card transactions.
The PCI data security standards for the payment card industry are the minimum criteria merchants should strive for in order to avoid data breaches. There are 12 PCI DSS requirements, which detail proper methods for storing credit card numbers and beyond.