Online Payment Processing Basics


Purchasing online may seem to be quick and easy, but most consumers give little thought to the process that appears to work instantaneously. For it to work correctly, merchants must connect to a network of banks (both acquiring and issuing banks), processors, and other financial institutions so that payment information provided by the customer can be routed securely and reliably. The solution is a payment gateway that connects your online store to these institutions and processors. Because payment information is highly sensitive, trust and confidence are essential elements of any payment transaction. This means the gateway should be provided by a company with in-depth experience in payment processing and security.

The Payment Processing Network

Here’s a breakdown of the participants and elements involved in processing payments:

Acquiring bank: In the online payment processing world, an acquiring bank provides Internet merchant accounts. A merchant must open an Internet merchant account with an acquiring bank to enable online credit card authorization and payment processing. Examples of acquiring banks include Merchant eSolutions and most major banks.

Authorization: The process by which a customer’s credit card is verified as active and that they have the credit available to make a transaction. In the online payment processing world, an authorization also verifies that the billing information the customer has provided matches up with the information on record with their credit card company.

Credit card association: A financial institution that provides credit card services that are branded and distributed by customer issuing banks. Examples include Visa and MasterCard (see sidebar, “Visa and MasterCard Take Different Approaches to Authentication”).

Customer: The holder of the payment instrument—such as a credit card, debit card, or electronic check.

Customer issuing bank: A financial institution that provides a customer with a credit card or other payment instrument. Examples include Citibank and Suntrust. During a purchase, the customer issuing bank verifies that the payment information submitted to the merchant is valid and that the customer has the funds or credit limit to make the proposed purchase.

Internet merchant account: A special account with an acquiring bank that allows the merchant to accept credit cards over the Internet. The merchant typically pays a processing fee for each transaction processed, also known as the discount rate. A merchant applies for an Internet merchant account in a process similar to applying for a commercial loan. The fees charged by the acquiring bank will vary.

Merchant: Someone who owns a company that sells products or services.

Payment gateway: A service that provides connectivity among merchants, customers, and financial networks to process authorizations and payments. The service is usually operated by a third-party provider such as VeriSign.

Processor: A large data center that processes credit card transactions and settles funds to merchants. The processor is connected to a merchant’s site on behalf of an acquiring bank via a payment gateway.

Settlement: The process by which transactions with authorization codes are sent to the processor for payment to the merchant. Settlement is a sort of electronic bookkeeping procedure that causes all funds from captured transactions to be routed to the merchant’s acquiring bank for deposit[1].

start sidebar
Visa and MasterCard Take Different Approaches to Authentication

Online merchants could face integration hassles as they deploy forthcoming and competing credit card payer authentication technologies from Visa USA and MasterCard International Inc. The technologies, Visa’s Verified by Visa and MasterCard’s Secure Payment Application service, take distinctly different approaches. Visa performs authentication on the merchant site, whereas MasterCard handles it on the customer’s PC automatically, using a previously downloaded applet.

As a result, merchants that accept credit cards will be required to support two authentication mechanisms. Furthermore, some observers speculate the companies’ respective systems may be no more successful in gaining market acceptance than the ill-fated Secure Electronic Transaction (SET) authentication protocol, a protocol spearheaded by Visa and MasterCard.

Visa sweetened the bait for its system recently when it announced that online merchants using Verified by Visa will have no liability for any transactions processed by the service. Verified by Visa, also known as Visa Payer Authentication, authenticates credit card users with a password and requires no client software. MasterCard’s Secure Payment Application service, which the Purchase, N.Y., company will pilot in April, also uses a password or PIN and requires an applet for authentication.

MasterCard and Visa, which formerly cooperated, now find fault with each other’s approaches. Visa’s service, for instance, will extend transaction processing times, take customers off the merchant sites for authentication, and require complex integration. MasterCard’s service, Visa countered, amounts to a digital wallet, which consumers have been loath to use.

About the only thing MasterCard and Visa seem to agree on is that SET, which was launched in December 1997, was a failure. SET required long download times for customers, used clumsy digital certificate technology, and created integration hassles for merchants and banks that issued the credit cards. It had all but faded away by late 1998.

But with Visa and MasterCard now going separate ways, some merchants see little reason to try authentication technology. You’re creating another layer of complication. After customers go through the trouble of giving you their credit card number, they now have the problem of remembering one more password.

end sidebar

How Payment Processing Works

Payment processing in the online world is similar to payment processing in the offline or “Brick and Mortar” world, with one significant exception. In the online world, the card is “not present” at the transaction (see Figure 20.1)[1]. This means that the merchant must take additional steps to verify that the card information is being submitted by the actual owner of the card, as shown in Figure 20.1. Payment processing can be divided into two major phases or steps: authorization and settlement (see sidebar, “Payment Processing—Authorization and Settlement”).

click to expand
Figure 20.1: Online payment processing authorization.

start sidebar
Payment Processing—Authorization and Settlement

Authorization verifies that the card is active and that the customer has sufficient credit available to make the transaction. Settlement involves transferring money from the customer’s account to the merchant’s account.

Authorization: Online

  1. A customer decides to make a purchase on a merchant’s Web site, proceeds to checkout, and inputs credit card information.

  2. The merchant’s Web site receives customer information and sends transaction information to the payment gateway.

  3. The payment gateway routes information to the processor.

  4. The processor sends information to the issuing bank of the customer’s credit card.

  5. The issuing bank sends the transaction result (authorization or decline) to the processor.

  6. The processor routes the transaction result to the payment gateway.

  7. The payment gateway passes result information to the merchant.

  8. The merchant accepts or rejects the transaction and ships goods if necessary. Because this is a “card not present” transaction, the merchant should take additional precautions to ensure that the card has not been stolen and that the customer is the actual owner of the card. See the “What You Should Know About Fraud” section later in this chapter for more information on preventing fraudulent transactions (see Figure 20.1).

Authorization: “Brick and Mortar”

  1. A customer selects item(s) to purchase, brings them to a cashier, and hands the credit card to the merchant.

  2. The merchant swipes the card and transfers transaction information to a point-of-sale terminal.

  3. The point-of-sale terminal routes information to the processor via a dial-up connection (for the purposes of the graphic shown in Figure 20.1, the point-of-sale terminal takes the place of the payment gateway in the offline world).

  4. The processor sends information to the issuing bank of the customer’s credit card.

  5. The issuing bank sends the transaction result (authorization or decline) to the processor.

  6. The processor routes the transaction result to the point-of-sale terminal.

  7. The point-of-sale terminal shows the merchant whether the transaction was approved or declined.

  8. The merchant tells the customer the outcome of the transaction. If approved, the merchant has the customer sign the credit card receipt and gives the item(s) to the customer (see Figure 20.1).

Payment Processing—Settlement

The settlement process transfers authorized funds for a transaction from the customer’s bank account to the merchant’s bank account, as shown in Figure 20.2[1]. The process is basically the same whether the transaction is conducted online or offline[1].

click to expand
Figure 20.2: Online payment processing authorization.

end sidebar

[1]“Online Payment Processing: What You Need to Know,” 2003 VeriSign, Inc. All rights reserved. VeriSign Worldwide Headquarters, 487 East Middlefield Road, Mountain View, CA 94043.




Electronic Commerce (Networking Serie 2003)
Electronic Commerce (Charles River Media Networking/Security)
ISBN: 1584500646
EAN: 2147483647
Year: 2004
Pages: 260
Authors: Pete Loshin

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net