We’ll start by zooming out and taking a high-level view of the payment process. When a customer clicks “purchase” on your e-commerce site, here is what happens next:
Your payment gateway is the online equivalent of a payment terminal in a brick-and-mortar store. The payment gateway collects your customer’s credit card information and gets the ball rolling by sending that information to your merchant processor (also sometimes called a payment processor). It’s worth noting that the processor and the payment gateway may be the same organization, or they may be two separate entities.
The merchant processor receives the card information from your payment gateway and sends it on to the acquiring bank where you have your account for accepting credit card and debit card payments.
Your acquiring bank sends out a secure communication via the credit card network that your customer has used (such as Visa, Mastercard, or American Express) to verify whether the customer has the funds available to make the purchase.
The card network securely connects with the bank that issued the customer’s credit card and asks the issuing bank to process your communication request.
The issuing bank verifies whether funds are available to make the purchase and sends out its own secure communication via the card network to either approve or decline the transaction.
The card network securely connects with acquiring bank to convey the issuing bank’s approve or decline decision.
Your bank sends the approve or decline decision to the merchant processor.
The merchant processor sends the approve or decline decision to your payment gateway.
If the order was approved, the customer sees a confirmation message that the transaction was successfully completed. If the order was declined, the customer will see an error message and may be prompted to resubmit their payment information.
Incredibly, this entire process takes place in just seconds!
We’ve touched upon the various steps and players in the payment process ecosystem, but gaining a deeper understanding of each element in the payment chain will equip you to better understand what each player can and cannot do when it comes to dealing with – or protecting you from – chargebacks.
Payment Gateway
Payment Gateway Payment gateways allow you to accept card payments directly from your website, acting as your virtual cash register. Gateways collect payment card information from customers and transfer the data to your bank (the acquiring bank). A similar process happens in stores when customers insert their cards into point-of-sale devices. The payment gateway also handles functions like reports, batching, returns, and voids.
The payment gateway typically connects to popular e-commerce platforms through an API integration, ideally creating a seamless and secure buying experience for the customer while providing you with data and recordkeeping.
Examples of payment gateways: 2Checkout, Authorize.net, Beanstream, BluePay, Elavon Converge, Moneris, PSiGate, Shopify
Merchant Processor (or Payment Processor)
The merchant processor (or payment processor) is the first stop for a payment card transaction after a customer clicks “purchase.” Merchant processors work in the background as mediators between you and all the financial institutions involved in payment transactions.
Note that in our examples, you’ll see some of the same names as you did for the payment gateway. That is because certain companies act as both gateway and processor, handling the transaction itself and then sending the transaction information further along the chain.
It’s also worth nothing that in some situations, the payment processor is client-facing. PayPal is a good example of this. It acts as a redirect gateway, bringing the customer to a separate site to complete the payment transaction. An e-commerce site might include a PayPal button in their checkout process. When the customer clicks the button, the customer is redirected to PayPal’s site to log in and authorize the transaction. Once authorized, they’re redirected back to the retailer’s site to complete the transaction, while PayPal processes the payment.
Examples of merchant processors: Beanstream, BluePay, Chase, Elavon, First Data, Heartland Payment Systems, Helcim, Moneris, Monex Group, Payfirma, TD Merchant Services, 2Checkout, Authorize.Net, BluePay, Braintree, Global Payments, Moneris, Payfirma, PayPal, PSiGate
Acquiring Bank
Acquiring banks (or merchant banks) offer a special type of bank account that allows businesses to accept credit card and debit card payments. When you receive a card payment, the revenue typically goes into your merchant bank account with the acquiring bank.
An acquiring bank is licensed with a card network (such as Visa or Mastercard) to do business with issuing banks within that network. When a cardholder makes a purchase, the acquiring bank sends the transaction information to the cardholder’s issuing bank. The acquiring bank then lets you know whether the issuing bank approved or declined the transaction.
Surprisingly, acquiring banks assume a considerable amount of risk in the payment process. When a refund, reversal, or chargeback takes place, the acquiring bank is out of funds until the amount has been recovered from you.
Examples of acquiring banks: Bank of America Merchant Services, Chase, Elavon, First Data, Global Payments, Heartland Payment Systems, Moneris, Wells Fargo Merchant Services
Card Network
A card network (or card brand or card network) acts as a bride between the acquiring bank and the issuing bank.
Cards such as Mastercard, Visa, and American Express each have their own rules for payment terms. Each card network governs any compliance policies pertaining to their payment cards, monitors processing activity, develops new products, and oversees the clearing and settlement of transactions.
Examples of card networks: Visa, Mastercard, American Express, China UnionPay, Diners Club International, Discover, Interac, JCB (Japan Credit Bureau)
Issuing Bank
Issuing banks are middlemen, issuing credit cards to consumers on behalf of the card networks. These financial institutions provide consumers with credit and debit cards, set credit limits and payment terms on accounts, and provide credit card statements of activity.
Critically, issuing banks are responsible for authorizing payment card transactions. If the customer doesn’t have enough money in their account to cover a transaction, or if the customer has exceeded their credit limit, the issuing bank will decline the transaction. Issuing banks will also attempt to authenticate cardholders, using simple validation methods such as card verification values and whether the billing address is correct.
When an issuing bank declines an order, the bank will provide a response code to indicate the reason for the decline; however, these codes can be vague. If you feel the order was declined in error – for example, the card information appears to be correct and your own fraud protection service has not raised any alerts – you may need to ask the cardholder to contact their bank to determine the issue.
Examples of issuing banks: Bank of America, Bank of Montreal, Chase, CIBC, Royal Bank of Canada, U.S. Bank, Wells Fargo
There are two other businesses you might encounter in the payment ecosystem:
Independent Sales Organizations (ISOs) are third parties contracted by acquirers to “resell” the acquirer’s services and sign merchants up to accept credit cards via a merchant account. If you have a merchant account, you likely got it through an ISO. Examples of ISOs include Beanstream, BluePay, First Data, Heartland Payment Systems, Helcim, Payfirma, Pivotal Payments, and Vantiv.
Aggregators enable you to easily accept credit and debit card payments without having to set up your own merchant account. Aggregators bundle several merchants together and process the payments jointly. Examples of aggregators include 2Checkout, PayPal, Square, and Stripe.
Card-not-present fraud can harm your business and diminish the trust of customers – no matter where in the payment chain it occurs. The average merchant gets hit with over 150 successful fraudulent transactions each month, worth an average of $114 per transaction.
However, false declines – often the result of overly rigid fraud protection measures – can be even more costly. On average, 60% of false declines are in fact legitimate purchases. When customer orders are incorrectly declined, the customers become frustrated with you and are likely to leave your website and buy from a competitor instead. This is a massive problem: Businesses lose 13 times more revenue to false declines than card-not-present fraud.
Where in the payment process is your online store at the greatest risk for fraud? And how can you protect yourself throughout the payment process without overcompensating by declining valid order, which causes you to lose valuable business?
ClearSale has the information you need. We analyze and explain the opportunities for fraud and false declines at each step in the payment chain in our free ebook for e-commerce merchants, “Understanding the E-Commerce Payment Chain.” Click below to download your copy.
"ClearSale offers a great service that comes with complete peace of mind. Their staff is easy to reach and pleasant to deal with. I particularly enjoy that I no longer have to spend hours a day investigating customers who purchase from our online store and trying to determine if they are legitimate or not. No more rolling the dice with our business. ClearSale also backs up all their..."
"ClearSale is very good, the orders get approved quickly ,which is great so we know we can confidently send out the goods. Payment confirmation usually happens in 2-3 hrs. Once that happens we know we are covered."
"The competitive rates, their quick response to customer service"
"I love that it takes the stress away from me worrying about fraud charges."
The best ecommerce fraud
protection solution for online stores.
Increase your approval rate with our
Merchant Chargeback Insurance Solution
