Who’s involved in offline and online payment processing?
When you insert, swipe or tap your credit card, debit card or phone on a payment terminal or self-serve payment kiosk in a store, there are four different entities involved in processing your payment:
- The vendor you are purchasing from.
- A merchant account provider who acts as an intermediary between the vendor and your credit card company. Any vendor who accepts credit card payments must do so via a licensed and validated merchant account.
- Your credit card company who obviously extends a specific level of credit to you based on your available balance and an agreement with regards to when payment is due or the interest incurred when payment is not received by the due date.
- An issuing financial institution who makes the funds available to the credit card company to cover the purchase.
Online payment processing is similar, but involves a couple of additional technologies since the payment is not happening in person. An online payment passes through three services in order for it to be fully processed:
- An e-commerce payment gateway: sits between the e-commerce shopping cart where you enter your personal and credit card information and a payment processor chosen by the vendor you are purchasing from.
- An e-commerce payment processor: securely relays encrypted data from the gateway to the credit card company and the issuing financial institution, verifying you have the necessary funds to complete the transaction and, if so, deposits the money into a merchant account maintained by the vendor.
- An online merchant account: receives your funds and makes them available to the vendor to complete the transaction.
Setting up online payments as a business owner or manager can be a bit confusing as payment gateway and payment processor are sometimes used interchangeably, but they are two separate parts of the journey. However, there are payment processing companies who offer both services under one broad e-commerce solution to simplify things.
How does a credit card terminal work?
A credit card terminal or Point of Sale (POS) terminal is the technology through which debit or credit card information is passed back and forth to the credit card company and/or issuing financial institution. These wired or wireless (Bluetooth, WiFi or cellular) terminals can communicate with credit or debit cards to receive information via the magnetic strip on the back of the card or through an EMV (Europay, Mastercard, Visa) microchip embedded in the card to insert or tap and transmit via NFC (near field communication). Similar chips embedded in mobile devices such as phones or watches equipped with Google Pay, Apple Pay or other digital wallets enable them to be tapped on terminals as well.
Once the credit or debit account information is obtained from a card or phone, it is transmitted to the credit card company or bank for authorization and fund validation.
When the payment has been successfully authorized, the payment terminal then communicates with the vendor’s retail management system to manage inventory and financial records.
Most payment terminals and the networks they operate on process data immediately, but there are some instances where data is stored in cache and then processed once a network connection is available, which can lead to delays or failed transactions. If you are a business owner, you should ask about how this aspect of payment processing works for any solutions you may be considering.
What are virtual terminals and how do they work?
Virtual terminals are similar to credit card terminals, but do not require the credit or debit card to be physically present. These terminals enable businesses to accept credit or debit payments remotely, typically over the phone. The customer in this case needs to provide their name as it’s printed on the card, the credit or debit card number, the expiry date of the card and the three-digit security code on the back of the card. Payment processing via these terminals operates in exactly the same fashion as it does via standard terminals.
How are electronic payments and personal information kept secure?
Any payment processing terminal which accepts credit card information must be compliant with PCI Security Council standards, which govern how data is encrypted, stored and protected during an online, in-person or mobile transaction. This council is constantly monitoring threats to data privacy and developing new, stronger standards to combat personal data and identity theft.
The security of personal data contained on cards and mobile devices is another matter for consumers and business owners to be aware of.
The magnetic strips on the back of credit and debit cards contain three tracks upon which specific static data can be stored. Credit and debit cards primarily use the first two tracks. These tracks typically contain the credit or debit card account number, cardholder name, expiration date, service code and a card verification code. The static nature of these strips and the physical act of swiping a card through a magnetic reader are the most susceptible to fraud and hacking. We’ve all no doubt heard stories of criminals masking legitimate readers with their own. However, credit card companies and banks are able to quickly detect how a card has been processed and if any irregular activity has occurred.
EMV chips embedded in cards and chips used in mobile devices are more secure for a few of reasons.
- The data stored on these chips is encrypted to deter hackers from trying to obtain it.
- When you insert a card and use a chip to authenticate, you are also required to enter a PIN code, which is presumably unique and not easily replicated.
- NFC chips used on tap and pay terminals require little to no power, but also only transmit over a very small distance (less than 2 inches), which means there is little chance of data being intercepted.
- Payment apps on phones, watches and other mobile devices do not store any personal or credit card information. Rather, they receive a unique token from the credit card company, which is used to validate account information when requested during payment processing.
- Individual transaction records are unique and dynamically generated so there is little to no chance for a hacker to tie a specific transaction to a specific account.
In general, electronic payment processing is very secure, though the onus is still on businesses and consumers to protect their personal data by using and frequently updating unique, unidentifiable passwords and PINs.
How much does payment processing cost?
There are naturally fees charged to business owners for the use of payment processing services. Usage fees are associated with each step.
In an offline environment, there are costs related to the use, maintenance and ongoing support of the terminal, along with any required network connection fees.
Online payment gateways and/or processors charge transaction fees for the use of their service, merchant account fees are charged to enable organizations to accept credit cards and interchange fees are applied by each credit card company to any banks receiving funds.
The total fees charged depend on the pricing model(s) offered by the payment processor, of which there are three standard options:
- A flat fee option means there is a set charge regardless of the number of transactions. Flat fees are preferred by smaller, low volume businesses who want cost certainty in the short term, but may end up paying more per transaction.
- Tiered pricing placing businesses and their transactions into different tiers based on transaction volumes, the level of risk associated with purchases and other factors. Tiered fee structures are the most popular due to their flexibility.
- interchange plus pricing separates the amounts you pay to the bank and the credit card companies vs. the amount paid to the processor. While more transparent, this pricing model can also be a bit confusing.
E-commerce or virtual terminal (also called “card not present”) transactions are, by definition, riskier than in-person purchases where the consumer does present the physical card and is required to tap or enter a pin number. These types of transactions do tend to carry slightly higher fees, but enable business owners and their customers more flexibility of when and where purchases can happen.
Business owners will want to discuss exactly how fees work and review any documented pricing structures with their chosen payment processor, to ensure there is no confusion when invoices for services rendered are received.
Are You Ready to Start Accepting Payments?
Hopefully this has answered most, if not all of your questions, about how electronic payment processing works. If you own or run a business and need help navigating in-store, virtual or online payment processing, please feel free to reach out to an expert at MONEXgroup. We can offer all of the equipment, software, service and support you need to offer your customers a positive and secure purchasing experience.