Credit Card Processing 101
Credit Card Processing 101 is your go-to handbook for navigating the electronic payments industry. This book provides a clear, concise and complete look at how businesses accept payments, including valuable information on topics like the interchange process and PCI compliance. Payment processing boils down to the automation of electronic payment transactions between the merchant and the customer. Payment technology helps process, verify and accept or decline credit card transactions through specialized hardware and software. What is payment processing?
The Major Players CREDIT CARD PROCESSING 101 There are a few main players involved in the payment process.
THE ISSUING BANK This is the bank that provides the customer with his or her credit card. As an example, if you have an account with PNC Bank then you most likely also received your credit or debit card from them. This makes PNC the issuing bank, who receives most of the interchange fees charged by the card brands.
CARD BRANDS Visa®, MasterCard®, Discover® and American Express® fall into this group. These companies work with governments to determine rules regarding card use, acceptance and security, as well as determining the interchange rates.
PROCESSORS The processor helps shuttle all of the information to the card brands and banks. Businesses are connected to the processor through the hardware or software they are using, and when they run a transaction the information is routed to the appropriate network. Then when a merchant “batches”, or closes out for the day, the funds are moved from the Issuing Bank to the merchant’s bank. They will then calculate the interchange fees and provide the data to the merchant and the card brands.
PAYMENT GATEWAY A payment gateway connects the payment technology (terminals, shopping carts, etc.) and the card processing networks. This can be integrated into your current solution with an Application Programming Interface (API). Many processors also have their own gateway as well.
SPONSOR BANK The sponsor bank is responsible for getting the funds to the merchant and ACH payments to the processor. They are also responsible for paying the card brands and the issuing bank their share of the interchange fees.
Types of Credit Card Payment Acceptance
PAYMENT TERMINAL This is the traditional method for accepting credit cards. A merchant can swipe, dip or key enter transactions into the machine. Newer Near Field Communication (NFC) technology allows many terminals to accept payments directly from a cell phone through apps like Apple Pay or Android Pay.
POINT-OF-SALE (POS) SYSTEM A POS system is similar to a terminal, but it’s generally tailored to meet the needs of each business. A salon POS, for example, might want to offer an appointment scheduling feature.
MOBILE PAYMENTS Mobile devices can now accept payments in a variety of ways. The merchant can swipe or dip cards with hardware plugged into their phone or tablet, transforming them into a formidable payment platform. They can also key enter transactions using an app or browser on the device.
VIRTUAL TERMINAL Virtual Terminals are a software or web-based solution that allow merchants to process payments from their desktop or laptop. These can be used for both card-not-present transactions and card-present transactions, when paired with a device for swiping or dipping credit cards.
ONLINE PAYMENTS Merchants can process transactions online through a website or mobile application by using either a shopping cart or a hosted payments page. These tools allow businesses to run an online storefront, or take payments online for B2B transactions.
Inside a Transaction + the Interchange Process
1. When a merchant runs a customer’s credit card, the data is sent with an authorization request to their processing company.
2. The processor then routes the information to the card network and on to the customer’s credit card bank. The bank will then either approve or deny the transaction, and send the result back to the processor.
3. Once the processor has the approval or decline, they send the information to the payment gateway. The settlement network can now transmit the data from the cardholder’s bank, or issuing bank, back to the acquiring bank, which routes the approval or denial code back to the merchant’s payment acceptance application.
4. The settlement network can now transmit the data from the cardholder’s bank, or issuing bank, back to the acquiring bank, which routes the approval or denial code back to the merchant’s payment acceptance application.
5. The acquiring bank performs what is called an interchange for each sale, with the cardholder’s bank. Then the card-issuing bank transfers the sale amount, minus the interchange fee to the acquiring bank. The money is then deposited into the merchant’s account by the acquiring bank, minus a discount fee.
6. What to know about Interchange Fees Interchange fees are paid or collected by the card-issuing banks that provide Visa, MasterCard, Discover and American Express cards. These cards are commonly consumer credit or debit cards, but can also be corporate, business, purchasing or rewards cards. Each card brand has its own interchange rates. When each of these networks is combined, there are over 300 different levels of interchange. It’s important for a merchant to know how his or her business is processing transactions and to consider managing factors like monitoring downgrades, processing Level II/III data, proper technology configuration, transaction timing, operating procedures and PCI compliance, in order to ensure the best interchange rates.
While it might sound daunting, Interchange Cost Plus (IC+) is a great pricing structure for most merchants, as well as being more transparent and cost effective than flat rate pricing. Merchants pay the exact interchange fee plus an agreed upon fee to the merchant service provider. This gets rid of inconsistent buckets and overpaying for inflated tiers, and reduces the amount of rates down to simply the interchange percentage and the transaction fee. For example, if the merchant has an account with their processor that is priced at a discount rate of .50% and an authorization fee of $.15, they would pay the interchange fee, plus the .50% and $.15 on each transaction. It’s common to hear the percentage portion referred to as the basis point margin, where one basis point is equal to 1/100th of a percent, or .01%. If your business falls in the B2B category, you may be familiar with Level 2 and Level 3 transactions. These refer to transactions passed through with additional data for processors to qualify for lower interchange rates. Level 2 data includes merchant establishment information and cardholder information, while Level 3 data includes line-item detail with product and shipping information. These transactions typically take place with business purchasing cards or government cards. Merchants want to make sure their payment application optimizes this information to qualify for the lowest interchange rates. Traditionally this had the biggest impact on B2B companies doing large transactions, but it’s now not uncommon for these types of transactions to be done for smaller amounts with company-owned cards. Simply put, interchange optimization is the implementation of best practices to find the most ideal interchange rates for your company, in order to maximize your business's credit card processing savings.
Other Pricing Models
While Interchange Cost Plus is the preferred pricing structure for many merchants, there are other options as well.
Flat Rate Pricing This pricing structure stays true to its name. The merchant is charged a flat rate, regardless of how the transaction is run. This structure is more attractive to merchants with lower processing volume due to its simplicity and standardization, but it can be more expensive, because the rates aren’t optimized for each transaction processed. Many times this structure will also be used when the processing is being bundled with a POS software for the same reasons.
Tiered Pricing There are three common tiers that make up the standards for determining transaction fees in this particular pricing structure. These three tiers include Qualified, Mid-Qualified, or Non-Qualified. Which tier the transaction falls into is determined by how the card was ran. Typically, transactions run with a high level of security, like using EMV technology, will land in the Qualified tier, resulting in the lowest transaction fees. For those in the Mid-Qualified tier, transaction fees will be higher and transactions that fall into the Non-Qualified tier will assume the highest rate. For example, a merchant may have a tiered pricing structure where the Qualified rate is 1.75%, a Mid-Qualified Rate is 2.00% and the Non-Qualified Rate is 2.25%. These rates include the interchange fees.
Enhanced Recover Reduced Percent (ERR) or Billback Pricing ERR or Billback pricing is a mix of Interchange Cost Plus and Tiered Pricing. The merchant is charged a flat discount rate, like they would be if they were on Interchange, but then at the end of the month they are charged the ERR rate which is dependent on how the transaction qualifies.
Europay Mastercard Visa (EMV) EMV technology, or the chip you now typically see on credit cards, offers a package of security features that the traditional magnetic stripe cannot match, which helps to prevent the theft of data from card skimming and duplication. Using cryptography, this chip ensures cardholder verification, validates the card issuer, and verifies sensitive data stored on the card. EMV transactions can only be done in card present scenarios, not online.
The EMV Liability Shift Before EMV, the liability for fraud fell on the card issuing bank. Now, however, if a merchant* is not using an EMV compliant terminal, that liability falls on their business. As long as merchant’s continue to comply with the Payment Card Industry Data Security Standard (PCI DSS), process 95% of their transactions at EMV terminals and have not been involved in a security breach, they are still provided with 100% fraud protection.
NFC Payments Near Field Communication (NFC) Payments represent the newest update to the payments ecosystem. Typically these payments are done using the customer’s mobile device and an NFC reader. The customer hovers or taps their phone on the reader, and the transaction is done in seconds. These payments are encrypted, just like EMV payments, but are processed much faster than magnetic stripe or EMV transactions.
The Importance of PCI Compliance The PCI SSC (Payment Card Industry Security Standards Council) was formed by the four major card brands in 2004 due to the growing threat of payments fraud. Between 1988 and 1998, Visa and MasterCard alone lost $750 million dollars, as a result of fraudulent activity. To standardize the industry, this group unveiled the PCI DSS (Data Security Standard), applicable to all businesses and organizations that accept credit card payments. This new set of standards meant more protection for both the merchant and cardholder, with surveillance from the card brands. records. This quadrupled the previous record of 1 billion exposed records in 2013. Criminals have become increasingly cunning when it comes to gaining access to cardholder information, whether it is in the e-commerce or card-present environments. These can be in the form of network intrusions, wiretapping attacks or device tampering schemes and new techniques being deployed every year. In 2016 alone, 4,149 data breaches released 4.2 billion private So how are these actors getting access to this sensitive information? Card information can be accessed from card readers, payment system databases, wireless or wired networks and paper records. Making sure that your company is following the guidelines set forth by the PCI SSC can help protect your business from these techniques. Payment security solutions backed by the PCI SSC, like point-to-point encryption and tokenization can actually reduce the scope of your compliance responsibility. Data breaches can cost small business upwards of $25,000, which can be catastrophic for many companies. Staying up to date with PCI compliance and using the newest security measures can protect both your customers and your business, making everyone happy!
Integrating Secure Payment Acceptance CREDIT CARD PROCESSING 101 Mobile POS (mPOS) Similarly, using mobile point-of-sale hardware is a great alternative for many businesses that are on the move. Integrating a payment gateway into the software coupled with a mobile card reader provides a way for businesses to accept payments from anywhere with cellular connectivity. This can also be done with a tablet, which provides a lightweight, less expensive solution for merchants to use as their main POS. If your company is already using a business management software or sells products or services online, an integrated payment solution can make a big difference. Integrated payments can streamline your business management, enhance your customer’s experience, and increase your revenue stream. Additionally, integrated payments are much more simple than they might sound. Software companies choose a payment processor and combine that technology with their platform to accept payments, automate reconciliation and view full transaction reporting from a single system.
Software as a Service (SaaS) SaaS integrations can come in multiple forms. For example, if your company is making sales online through a shopping cart, you’ll need a third party to process the transactions. On the other hand, if you run a business-to-business company that keys transactions over the phone, using a virtual terminal from a secure payment processor is a viable solution.
POS Solutions Many businesses, especially those in the retail or restaurant industry, use a point-of-sale system to manage transactions and other aspects of their business. Integrating a payment processor into this system not only makes processing more secure, but it streamlines the way a merchant does business on a daily basis. This also reduces the number of parties a merchant needs to deal with while managing their business.
Mobile POS (mPOS) Similarly, using mobile point-of-sale hardware is a great alternative for many businesses that are on the move. Integrating a payment gateway into the software coupled with a mobile card reader provides a way for businesses to accept payments from anywhere with cellular connectivity. This can also be done with a tablet, which provides a lightweight, less expensive solution for merchants to use as their main POS.
Mobile By using a Mobile SDK (Software Developer Kit), secure payment acceptance can be integrated into any mobile application. If you’re running a business that fulfills orders through a mobile app, from food delivery to an online retail store, accepting payments directly from your mobile application can make the experience for the customer that much easier. This solution can also allow for the integration of mobile wallet payment acceptance, like Apple Pay and Android Pay.