Part I: The Online Payment Process Ecosystem
We’ll start by zooming out and taking a high-level view of the payment process. When a customer clicks “purchase” on your e-commerce site, here is what happens next:
The Payment Gateway
Your payment gateway is the online equivalent of a payment terminal in a brick-and-mortar store. The payment gateway collects your customer’s credit card information and gets the ball rolling by sending that information to your merchant processor (also sometimes called a payment processor). It’s worth noting that the processor and the payment gateway may be the same organization, or they may be two separate entities.
The Merchant Processor
The merchant processor receives the card information from your payment gateway and sends it on to the acquiring bank where you have your account for accepting credit card and debit card payments.
The Acquiring Bank
Your acquiring bank sends out a secure communication via the credit card network that your customer has used (such as Visa, Mastercard, or American Express) to verify whether the customer has the funds available to make the purchase.
The Card Network
The card network securely connects with the bank that issued the customer’s credit card and asks the issuing bank to process your communication request.
The Issuing Bank
The issuing bank verifies whether funds are available to make the purchase and sends out its own secure communication via the card network to either approve or decline the transaction.
The Card Network
The card network securely connects with acquiring bank to convey the issuing bank’s approve or decline decision.
The Acquiring Bank
Your bank sends the approve or decline decision to the merchant processor.
The Merchant Processor
The merchant processor sends the approve or decline decision to your payment gateway.
The Payment Gateway
If the order was approved, the customer sees a confirmation message that the transaction was successfully completed. If the order was declined, the customer will see an error message and may be prompted to resubmit their payment information.
Incredibly, this entire process takes place in just seconds!
The Clearing/Settlement Process
The Clearing/Settlement Process A second payment flow occurs at the end of each business day: clearing or settlement. This process is crucial to you as a merchant because this dictates how you receive your revenue from payment card transactions.
- At the close of business, you (the merchant) send your daily batch of transactions to your bank.
- Your acquiring bank (or merchant processor) batch sends this information on to the card network.
- The card network determines the issuing bank for each transaction and forwards the purchase data to each relevant bank.
- The issuing banks debits the purchase amounts from the specific cardholder accounts.
- The issuing banks send the payments back through the card network.
- Your acquiring bank receives the payments via the card network.
- Your acquiring bank credits your account for that batch of transactions, minus any fees they might charge.
Now that we have an overview of the payment process let’s take a closer look at each player, to gain a full understanding of how everything comes together.
Part II: The Payment Chain Explained
We’ve touched upon the various steps and players in the payment process ecosystem, but gaining a deeper understanding of each element in the payment chain will equip you to better understand what each player can and cannot do when it comes to dealing with – or protecting you from – chargebacks.
Payment Gateway Payment gateways allow you to accept card payments directly from your website, acting as your virtual cash register. Gateways collect payment card information from customers and transfer the data to your bank (the acquiring bank). A similar process happens in stores when customers insert their cards into point-of-sale devices. The payment gateway also handles functions like reports, batching, returns, and voids.
The payment gateway typically connects to popular e-commerce platforms through an API integration, ideally creating a seamless and secure buying experience for the customer while providing you with data and recordkeeping.
Examples of payment gateways: 2Checkout, Authorize.net, Beanstream, BluePay, Elavon Converge, Moneris, PSiGate, Shopify
Merchant Processor (or Payment Processor)
The merchant processor (or payment processor) is the first stop for a payment card transaction after a customer clicks “purchase.” Merchant processors work in the background as mediators between you and all the financial institutions involved in payment transactions.
Note that in our examples, you’ll see some of the same names as you did for the payment gateway. That is because certain companies act as both gateway and processor, handling the transaction itself and then sending the transaction information further along the chain.
It’s also worth nothing that in some situations, the payment processor is client-facing. PayPal is a good example of this. It acts as a redirect gateway, bringing the customer to a separate site to complete the payment transaction. An e-commerce site might include a PayPal button in their checkout process. When the customer clicks the button, the customer is redirected to PayPal’s site to log in and authorize the transaction. Once authorized, they’re redirected back to the retailer’s site to complete the transaction, while PayPal processes the payment.
Examples of merchant processors: Beanstream, BluePay, Chase, Elavon, First Data, Heartland Payment Systems, Helcim, Moneris, Monex Group, Payfirma, TD Merchant Services, 2Checkout, Authorize.Net, BluePay, Braintree, Global Payments, Moneris, Payfirma, PayPal, PSiGate
Acquiring banks (or merchant banks) offer a special type of bank account that allows businesses to accept credit card and debit card payments. When you receive a card payment, the revenue typically goes into your merchant bank account with the acquiring bank.
An acquiring bank is licensed with a card network (such as Visa or Mastercard) to do business with issuing banks within that network. When a cardholder makes a purchase, the acquiring bank sends the transaction information to the cardholder’s issuing bank. The acquiring bank then lets you know whether the issuing bank approved or declined the transaction.
Surprisingly, acquiring banks assume a considerable amount of risk in the payment process. When a refund, reversal, or chargeback takes place, the acquiring bank is out of funds until the amount has been recovered from you.
Examples of acquiring banks: Bank of America Merchant Services, Chase, Elavon, First Data, Global Payments, Heartland Payment Systems, Moneris, Wells Fargo Merchant Services
A card network (or card brand or card network) acts as a bride between the acquiring bank and the issuing bank.
Cards such as Mastercard, Visa, and American Express each have their own rules for payment terms. Each card network governs any compliance policies pertaining to their payment cards, monitors processing activity, develops new products, and oversees the clearing and settlement of transactions.
Examples of card networks: Visa, Mastercard, American Express, China UnionPay, Diners Club International, Discover, Interac, JCB (Japan Credit Bureau)
Issuing banks are middlemen, issuing credit cards to consumers on behalf of the card networks. These financial institutions provide consumers with credit and debit cards, set credit limits and payment terms on accounts, and provide credit card statements of activity.
Critically, issuing banks are responsible for authorizing payment card transactions. If the customer doesn’t have enough money in their account to cover a transaction, or if the customer has exceeded their credit limit, the issuing bank will decline the transaction. Issuing banks will also attempt to authenticate cardholders, using simple validation methods such as card verification values and whether the billing address is correct.
When an issuing bank declines an order, the bank will provide a response code to indicate the reason for the decline; however, these codes can be vague. If you feel the order was declined in error – for example, the card information appears to be correct and your own fraud protection service has not raised any alerts – you may need to ask the cardholder to contact their bank to determine the issue.
Examples of issuing banks: Bank of America, Bank of Montreal, Chase, CIBC, Royal Bank of Canada, U.S. Bank, Wells Fargo
Other Links in the Payment Chain
There are two other businesses you might encounter in the payment ecosystem:
- Independent Sales Organizations (ISOs) are third parties contracted by acquirers to “resell” the acquirer’s services and sign merchants up to accept credit cards via a merchant account. If you have a merchant account, you likely got it through an ISO. Examples of ISOs include Beanstream, BluePay, First Data, Heartland Payment Systems, Helcim, Payfirma, Pivotal Payments, and Vantiv.
- Aggregators enable you to easily accept credit and debit card payments without having to set up your own merchant account. Aggregators bundle several merchants together and process the payments jointly. Examples of aggregators include 2Checkout, PayPal, Square, and Stripe.
Where in the Payment Process Do Chargebacks Occur?
The card payment process isn’t complete until the chargeback window has closed. Chargebacks occur when a cardholder disputes a payment on their account. It may be because the customer doesn’t recognize a charge on their statement (and thus, suspects fraud) or never received the item they ordered.
When a customer disputes a credit card payment, it’s up to their issuing bank to investigate. If the issuer determines the cardholder has a legitimate claim, they will refund the purchase. The issuing bank will send notification of the chargeback back through the payment chain, and your account will be debited, typically with additional fees.
Chargebacks can be costly for merchants. Not only do you often lose the cost of a product and shipping expenses, but chargeback fees can reach $100 or more per transaction. Worse, if a card issuer decides you incur too many chargebacks, they may raise your fees or remove your ability to accept credit cards entirely.
Chargeback protection and chargeback guarantees can help mitigate the cost of chargebacks to your business. Find out which option is best for your business here.
Securing the Payment Process
Card-not-present fraud can harm your business and diminish the trust of customers – no matter where in the payment chain it occurs. The average merchant gets hit with over 150 successful fraudulent transactions each month, worth an average of $114 per transaction.
However, false declines – often the result of overly rigid fraud protection measures – can be even more costly. On average, 60% of false declines are in fact legitimate purchases. When customer orders are incorrectly declined, the customers become frustrated with you and are likely to leave your website and buy from a competitor instead. This is a massive problem: Businesses lose 13 times more revenue to false declines than card-not-present fraud.
Where in the payment process is your online store at the greatest risk for fraud? And how can you protect yourself throughout the payment process without overcompensating by declining valid order, which causes you to lose valuable business?
ClearSale has the information you need. We analyze and explain the opportunities for fraud and false declines at each step in the payment chain in our free ebook for e-commerce merchants, “Understanding the E-Commerce Payment Chain.” Click below to download your copy.