Look behind the scenes of a typical online payment process and see how each step in the payment chain works.
The online payment process involves a broad mix of payment vendors and payment technology solutions
Let's Talk About Payments
All of these providers work together to authorize transactions and facilitate the transfer of funds from your customers to you.
As an e-commerce merchant, it's important to understand the steps in the payment process, so that when things go wrong - such as fraud or false declines - you can trace the problems to their source and quickly put remedies in place. Let's take a look under the hood at a typical e-commerce payment transaction.
We’ll start by zooming out and taking a high-level view of the payment process. When a customer clicks “purchase” on your e-commerce site, here is what happens next:
Your payment gateway is the online equivalent of a payment terminal in a brick-and-mortar store. The payment gateway collects your customer’s credit card information and gets the ball rolling by sending that information to your merchant processor (also sometimes called a payment processor). It’s worth noting that the processor and the payment gateway may be the same organization, or they may be two separate entities.
The merchant processor receives the card information from your payment gateway and sends it on to the acquiring bank where you have your account for accepting credit card and debit card payments.
Your acquiring bank sends out a secure communication via the credit card network that your customer has used (such as Visa, Mastercard, or American Express) to verify whether the customer has the funds available to make the purchase.
The card network securely connects with the bank that issued the customer’s credit card and asks the issuing bank to process your communication request.
The issuing bank verifies whether funds are available to make the purchase and sends out its own secure communication via the card network to either approve or decline the transaction.
The card network securely connects with acquiring bank to convey the issuing bank’s approve or decline decision.
Your bank sends the approve or decline decision to the merchant processor.
The merchant processor sends the approve or decline decision to your payment gateway.
If the order was approved, the customer sees a confirmation message that the transaction was successfully completed. If the order was declined, the customer will see an error message and may be prompted to resubmit their payment information.
Incredibly, this entire process takes place in just seconds!
A second payment flow occurs at the end of each business day: clearing or settlement. This process is crucial to you as a merchant because this dictates how you receive your revenue from payment card transactions.
Now that we have an overview of the payment process, let’s take a closer look at each player to gain a full understanding of how everything comes together.
We’ve touched upon the various steps and players in the payment process ecosystem, but gaining a deeper understanding of each element in the payment chain will equip you to better understand what each player can and cannot do when it comes to dealing with – or protecting you from – chargebacks.
Payment GatewayPayment gateways allow you to accept card payments directly from your website, acting as your virtual cash register. Gateways collect payment card information from customers and transfer the data to your bank (the acquiring bank). A similar process happens in stores when customers insert their cards into point-of-sale devices. The payment gateway also handles functions like reports, batching, returns, and voids.
The payment gateway typically connects to popular e-commerce platforms through an API integration, ideally creating a seamless and secure buying experience for the customer while providing you with data and record keeping.
Examples of payment gateways: 2Checkout, Authorize.net, Beanstream, BluePay, Elavon Converge, Moneris, PSiGate, Shopify
Merchant Processor (or Payment Processor)The merchant processor (or payment processor) is the first stop for a payment card transaction after a customer clicks “purchase.” Merchant processors work in the background as mediators between you and all the financial institutions involved in payment transactions.
Note that in our examples, you’ll see some of the same names as you did for the payment gateway. That is because certain companies act as both gateway and processor, handling the transaction itself and then sending the transaction information further along the chain.
It’s also worth nothing that in some situations, the payment processor is client-facing. PayPal is a good example of this. It acts as a redirect gateway, bringing the customer to a separate site to complete the payment transaction. An e-commerce site might include a PayPal button in their checkout process. When the customer clicks the button, the customer is redirected to PayPal’s site to log in and authorize the transaction. Once authorized, they’re redirected back to the retailer’s site to complete the transaction, while PayPal processes the payment.
Examples of merchant processors: Beanstream, BluePay, Chase, Elavon, First Data, Heartland Payment Systems, Helcim, Moneris, Monex Group, Payfirma, TD Merchant Services, 2Checkout, Authorize.Net, BluePay, Braintree, Global Payments, Moneris, Payfirma, PayPal, PSiGate
Acquiring BankAcquiring banks (or merchant banks) offer a special type of bank account that allows businesses to accept credit card and debit card payments. When you receive a card payment, the revenue typically goes into your merchant bank account with the acquiring bank.
An acquiring bank is licensed with a card network (such as Visa or Mastercard) to do business with issuing banks within that network. When a cardholder makes a purchase, the acquiring bank sends the transaction information to the cardholder’s issuing bank. The acquiring bank then lets you know whether the issuing bank approved or declined the transaction.
Surprisingly, acquiring banks assume a considerable amount of risk in the payment process. When a refund, reversal, or chargeback takes place, the acquiring bank is out of funds until the amount has been recovered from you.
Examples of acquiring banks: Bank of America Merchant Services, Chase, Elavon, First Data, Global Payments, Heartland Payment Systems, Moneris, Wells Fargo Merchant Services
Card NetworkA card network (or card brand or card network) acts as a bride between the acquiring bank and the issuing bank.
Cards such as Mastercard, Visa, and American Express each have their own rules for payment terms. Each card network governs any compliance policies pertaining to their payment cards, monitors processing activity, develops new products, and oversees the clearing and settlement of transactions.
Examples of card networks: Visa, Mastercard, American Express, China UnionPay, Diners Club International, Discover, Interac, JCB (Japan Credit Bureau)
Issuing BankIssuing banks are middlemen, issuing credit cards to consumers on behalf of the card networks. These financial institutions provide consumers with credit and debit cards, set credit limits and payment terms on accounts, and provide credit card statements of activity.
Critically, issuing banks are responsible for authorizing payment card transactions. If the customer doesn’t have enough money in their account to cover a transaction, or if the customer has exceeded their credit limit, the issuing bank will decline the transaction. Issuing banks will also attempt to authenticate cardholders, using simple validation methods such as card verification values and whether the billing address is correct.
When an issuing bank declines an order, the bank will provide a response code to indicate the reason for the decline; however, these codes can be vague. If you feel the order was declined in error – for example, the card information appears to be correct and your own fraud protection service has not raised any alerts – you may need to ask the cardholder to contact their bank to determine the issue.
Examples of issuing banks: Bank of America, Bank of Montreal, Chase, CIBC, Royal Bank of Canada, U.S. Bank, Wells Fargo
There are two other businesses you might encounter in the payment ecosystem:
Independent Sales Organizations (ISOs) are third parties contracted by acquirers to “resell” the acquirer’s services and sign merchants up to accept credit cards via a merchant account. If you have a merchant account, you likely got it through an ISO. Examples of ISOs include Beanstream, BluePay, First Data, Heartland Payment Systems, Helcim, Payfirma, Pivotal Payments, and Vantiv.
Aggregators enable you to easily accept credit and debit card payments without having to set up your own merchant account. Aggregators bundle several merchants together and process the payments jointly. Examples of aggregators include 2Checkout, PayPal, Square, and Stripe.
The card payment process isn’t complete until the chargeback window has closed. Chargebacks occur when a cardholder disputes a payment on their account. It may be because the customer doesn’t recognize a charge on their statement (and thus, suspects fraud) or never received the item they ordered.
Read about the four main types of chargeback here.
When a customer disputes a credit card payment, it’s up to their issuing bank to investigate. If the issuer determines the cardholder has a legitimate claim, they will refund the purchase. The issuing bank will send notification of the chargeback back through the payment chain, and your account will be debited, typically with additional fees.
Chargebacks can be costly for merchants. Not only do you often lose the cost of a product and shipping expenses, but chargeback fees can reach $100 or more per transaction. Worse, if a card issuer decides you incur too many chargebacks, they may raise your fees or remove your ability to accept credit cards entirely.
Chargeback protection and chargeback guarantees can help mitigate the cost of chargebacks to your business. Find out which option is best for your business here.
Card-not-present fraud can harm your business and diminish the trust of customers – no matter where in the payment chain it occurs. The average merchant gets hit with over 150 successful fraudulent transactions each month, worth an average of $114 per transaction.
However, false declines – often the result of overly rigid fraud protection measures – can be even more costly. On average, 60% of false declines are in fact legitimate purchases. When customer orders are incorrectly declined, the customers become frustrated with you and are likely to leave your website and buy from a competitor instead. This is a massive problem: Businesses lose 13 times more revenue to false declines than card-not-present fraud.
Where in the payment process is your online store at the greatest risk for fraud? And how can you protect yourself throughout the payment process without overcompensating by declining valid order, which causes you to lose valuable business?
ClearSale has the information you need. We analyze and explain the opportunities for fraud and false declines at each step in the payment chain in our free ebook for e-commerce merchants, “Understanding the E-Commerce Payment Chain.” Click below to download your copy.
Learn more about Payments
A common claim among ecommerce businesses is that their high chargeback rates are offset by low...
These useful tools offer a broader view of payments and fraud prevention to help you make a more informed decision when choosing a fraud prevention solution.
Explore even more resources about payments, chargebacks, false declines and ecommerce strategies.
