Credit card processing tends to follow the same transaction life cycle, whether your customer pays with credit cards in person or uses a credit card online or by phone. The specific credit card processing events and activities may vary from one merchant or card issuer to another, but the basic life cycle is the same.
If you’re going to accept credit cards from your customers, it’s a good idea that you understand how the credit card processing life cycle works, how the money ends up in your account, and what happens if something goes wrong with the cycle.
Authorization of Card
1. The credit card user presents their credit card to make payment in person, or enters their details into a form or dictates them to a customer service representative by phone.
2. The merchant swipes the card or the account details are digitally entered into the system for submission to the merchant’s credit card processor.
3. The merchant bank electronically requests card authorization from the card issuer (Visa, MasterCard, Discover, American Express).
4. The card issuer approves or declines the transaction, and sends the response back to the merchant bank.
5. The merchant bank sends response back to the merchant, and the merchant processes the transaction based on whether the card is approved or declined.
Clearing and Settlement of Payment
1. The funds from the credit card payment are deposited into the merchant’s bank, the merchant’s account is credited and an electronic submission of the transaction is sent to the credit card processor.
2. The credit card processing system facilitates payment, pays the merchant bank, debits the cardholders account and sends the transaction on to the card issuer.
3. The card issuer posts the transaction to the cardholders account and sends the monthly statement to the cardholder for payment.
4. Cardholder receives their credit card statement and sends payment.
Reasons for a Declined Credit Card
The merchant doesn’t get an explanation or reason for why a credit card is declined. Instead, the cardholder must contact their customer service to find out why their transaction was declined. Typically, declined transactions happen because the transaction was over the credit limit, a credit card payment was late, or the credit card has been used too many times that day.
Internet Payments – Extra Step
Internet payment processing adds an extra step because the credit card information must be encrypted to reduce the likelihood of theft. The customer inputs their credit card information into a web page and presses a “Submit” or “Send” button. Before the cardholder’s information is sent to the acquiring bank, it’s encrypted and passed through a payment gateway (e.g. VeriSign or Authorize.Net). The authorization is also encrypted before being sent back to the internet application.
Maintaining Consumer Credit Card Safety
As a merchant accepting credit cards, you should understand your role in keeping the credit card data safe throughout the credit card processing life cycle. Your data storage systems should not maintain any of the magnetic-stripe data received after a customer swipes a card and the transaction has been processed. After the card is authorized, all information taken from the swiping of the card must be deleted. You can maintain account number, expiration dates and names from credit cards if you do so in a CISP-compliant manner, but no other information can be stored.
If you use the CVV2 number for verification purposes in some or all of your credit card transactions, you must not store that data or document it in any way digital or otherwise.
Businesses are often liable for losses customers experience due to compromised credit card data that occurs due to merchant neglect and lack of adequate data security measures.