When you understand the ins and outs of credit card processing and partner with the right merchant services provider, you will enhance customer satisfaction and streamline your business.
What is credit card processing?
In the modern commercial environment, conducting credit card processing through a credit card processor is an absolute must. After all, today’s customers prefer to complete the majority of their purchases with a credit card.
This is because this type of electronic payment offers convenience, speed, ease of use and security regardless of whether the transaction takes place in-person or online. In order for credit card processing to occur, retailers must partner with an entity known as a merchant service provider or payment processor.
Learning about these strategies for choosing the best one, should be one of your top priorities as a 21st-century merchant.
How credit card processing works
The process of securely taking electronic credit and debit card payments is complex, involving an intricate web of providers and governmental bodies. To understand how credit card processing works, it is vital to grasp the cast of characters who all come together to get the job done.
The entities involved in credit card processing
It all begins with the cardholder. This is the customer or business who is making the purchase in question.
Then there is the merchant or seller. This is the company that is selling the product or service that the customer wants to buy.
Once the purchase has been made, money needs to be directed to a specific place. This is known as the acquiring bank.
For this direction to happen, there needs to be a payment processor. This payment processor is responsible for all aspects of credit card processing, including routing the customer’s payment data to the credit card network and facilitating streamlined communications throughout the entire interaction.
In many cases, there is also a payment gateway. This web application technology is the intermediary between the merchant’s website and the payment processor. It paves the way for fast and secure communications and is equipped with anti-fraud and other security tools.
Then there is the card network. This is the entity that operates the customer’s credit card, including Mastercard, Visa, Discover and American Express among others.
The final player is the issuing bank. This is where the money originates and is usually the customer’s financial institution.
Life cycle of a transaction
Now that you have met the actors, let’s follow a typical purchase from start to finish through the payment process. It starts when the merchant takes the buyer’s credit card information.
This can happen in-person at the seller’s point of sale solution, commonly called a POS system. Alternatively, the feat can be accomplished online via an ecommerce platform or over the phone with a virtual terminal.
Next, the credit card processing provider transmits the data to the customer’s credit card network. This happens securely thanks to the protocols built into the payment gateway.
The gateway then contacts the issuing bank. This institution provides them with the data they need to thoroughly examine the transaction.
If what they find is acceptable and if there are sufficient funds to support the purchase, the transaction amount is authorized and the payment processor is notified. It is then the payment processor’s job to transmit the information to the merchant.
Should fraud be suspected or if there are insufficient funds, the transaction will be declined.
Once authorization occurs, the issuing bank is contacted. A hold is placed on the approved amount.
Generally, the merchant will settle their transactions in a batch once per day. This process is facilitated by the credit card processing company.
Next, the issuing bank releases the funds. They are then sent to the acquiring bank.
Finally, the money is deposited into the seller’s merchant account. Different from their standard business account, this repository holds the money until settlement is complete.
What is a payment processor?
Even the savviest of entrepreneurs cannot handle the numerous facets of accepting credit card payments without help. This is where the payment processing company comes into the picture.
These entities perform this crucial task by forming and maintaining relationships with card networks, offering merchant accounts and other services and facilitating every step in the payments process from purchase to settlement.
What is a payment gateway?
Without a conduit that engineers communications among the various players and ensures security from end to end, the process would never be successful. This is the role that the payment gateway plays. Its main functions are to encrypt the sensitive data of each transaction, verify authenticity and ensure that the process is secure.
At the time of data delivery, the customer’s card is charged, with the funds being immediately transferred to the merchant’s account – minus fees, of course.
What is PCI Compliance?
The Payment Card Industry Security Standards Council is an entity that is made up of representatives from many of the major credit card companies. Its mission is to set up and maintain a data security standard designed to protect cardholders’ sensitive payment details.
Payment card industry compliance, usually abbreviated to PCI compliance, refers to a group of 12 security standards to which all businesses who accept credit cards must adhere.
This standard also applies to the transmission, processing and storing of any and all related data. Enforcement of the data security standard falls to the card networks and payment processing companies.
All businesses must be PCI compliant regardless of the volume of credit card transactions they process. This is an ongoing task that must be completed each year. Exactly what is expected of each business depends on its size and the number of transactions processed annually.
There are 12 PCI compliance requirements.
In brief, they include:
- the installation and maintenance of a firewall
- the changing of vendor-supplied default security settings and passwords
- protecting and proper disposal of stored cardholder data
- encryption of data during transmission on public networks
- using and updating antivirus software
- developing and implementing security processes
- restricting data access to only those who need it
- assigning user IDs and authenticating user identities
- restricting physical access to cardholder data
- tracking and monitoring those who can access data and keeping appropriate logs
- regularly testing systems and processes
- writing and disseminating an information security policy that is updated annually
To comply with PCI standards, a small business usually fills out a self-assessment form while also meeting the 12 requirements listed above. Larger companies generally opt to hire a third-party auditor to run the assessment and may also need assistance with additional paperwork and network scanning.
There are four different groups that combine to contribute to the PCI compliance ecosystem. Card networks such as Visa and Mastercard individually create their own set of specific compliance requirements that are based on the guidelines set by the PCI Security Standards Council.
This council, founded in 2006 by Mastercard, Visa, American Express, Discover and JCB International, has several duties. It certifies vendors, tests technology and creates the set of broad security standards known as the Payment Card Industry Data Security Standard (PCI DSS).
The next group involved in PCI compliance consists of merchant account or payment service providers. As we stated above, these entities follow each credit card company’s rules to facilitate credit card processing.
They also act as the primary enforcers of PCI compliance, setting forth the specific requirements in the contracts each company agrees to when signing up for the service.
The final player is the business owners themselves. They must meet or exceed the PCI compliance requirements stipulated by their credit card processing company.
Common ways to process credit cards
One of the features that makes credit cards so attractive is their flexibility. This form of electronic payment can be accepted in a variety of secure and convenient ways to match customers’ varying needs.
Keep in mind that, regardless of what types of payments are to be processed, a business must first find a payment processing provider and have some sort of account into which funds can be deposited before transfer to the regular business account after settlement.
Online
In order to accept credit cards online, you need a specific infrastructure. First, you must have a digital storefront where you display information about your products and services and accept purchases. This could be a dedicated website or a shop on an external marketplace.
You also need a payment gateway that facilitates payments from the time information is inputted by the customer until the payment is declined or completed.
The third crucial element is the payment processing provider, who collects payment information and communicates with the other players in the payment process to facilitate a smooth transfer of funds.
In person
To accept payments when face-to-face with a customer, you need a POS system and, in most cases, a card reader to gather the payment details. These could be swiped, tapped or contactless.
The particular hardware you choose, i.e., a countertop terminal, tablet or smartphone, will depend on your customers’ preferences and your business needs.
Your payment processing company can assist you to determine what hardware and software will be most effective in helping you to meet your goals and serving your customers.
Over the phone
With particular business types and situations, you may need to take orders or payments over the phone. In these instances, you manually key in the payment details provided by your customers in order to fulfill a mail order, pay for an upcoming delivery or for any other relevant reason.
For these situations, a credit card processing company can give you access to a virtual terminal. This online application acts like your standard POS system reader and is configured to communicate directly with the processing company so that funds can be transferred efficiently and securely.
Recurring invoices
There are times when it is more practical to send bills on a regular basis instead of requiring the full amount all at once. Subscription programs, memberships, ongoing services such as utilities and paying for big-ticket items are all cases that can benefit from the recurring billing pricing model.
You simply ask your payment processing company to configure your POS system to allow for recurring billing.
The next step is to make an agreement with the customer specifying the account or credit card from which funds will be withdrawn, the amount that will be taken out, the date each month when the withdrawal will occur, how often and for what duration.
As long as you provide transparency and full disclosure about terms and conditions and customer responsibilities when it comes to late payments and account terminations, you can look forward to predictability, fewer late payments and a smoother and richer relationship with your customers once you set up recurring billing.
Understanding credit card processing fees
It should go without saying that, in order for businesses to accept credit card payments, there will be added costs and fees. This is how processing companies mitigate their risk and make a profit.
It is important to recognize that there are several types of fees, some of which are negotiable and others that are set by the credit card companies and cannot be modified.
Interchange fees
These fixed fees are collected by issuing banks for each credit card transaction you process. The rates are set by the card companies.
Several elements combine to go into the interchange fee. The swipe fee is typically a percentage of the transaction plus a flat rate. It can vary according to what type of card is being used and whether it is swiped or manually entered.
The assessment fee is calculated according to your monthly sales for each credit card brand. It is paid to the credit card companies separately.
Payment processor’s fees
Processing companies also charge several types of fees to make a profit, limit risk and cover their own expenses. Markup fees are generally charged for every transaction to achieve these goals.
Additionally, companies may impose a flat fee for the use of their platform and POS system. Monthly fees may also be charged if you fail to meet a predetermined sales minimum.
Every time you send payments in a bunch, you may also be hit with a batch fee from your processor. Additionally, you could be required to pay for equipment leasing if you have not purchased your POS system or peripherals outright.
Also, you might have to pay for the use of a third-party payment gateway.
Customer’s fees
All businesses that accept credit cards will experience chargebacks. These occur when a customer disputes your charge on their credit card bill directly with their bank or card company without attempting to resolve the issue with you first.
While a few chargebacks are inevitable, having too many can lead to added costs in time and resources for you and your payment processing company. Should your business be hit with an overabundance of chargebacks, your provider might charge you additional fees to mitigate these difficulties. In extreme cases, they may even suspend or close your account.
This underscores the importance of doing all you can to bolster your customer service department’s knowledge and responsiveness to keep chargebacks to a minimum.
Types of pricing models
In addition to learning about the various fees you will be expected to pay, you also need to understand the three main pricing models that dictate what you will pay to your processing company.
Tiered
In this model, each transaction that you process is classified as qualified, mid-qualified or non-qualified, with each designation carrying its own unique fees.
Although this model can be customized to meet your business’s unique needs, it can be complicated and confusing.
Flat rate
This much simpler system requires you to pay the same fixed fee for all transactions, including the interchange fee. This arrangement is particularly appealing to businesses with low credit card sales volumes.
Although the monthly fee is usually quite affordable, the per-transaction cost is usually higher than you would see with other pricing models.
Cost plus
Also called interchange-plus pricing, this model gives you an itemized breakdown of every transaction fee you pay. With this transparent arrangement, you will see exactly what you will need to shell out for the interchange rate as well as the processor’s markup.
You may even pay a monthly subscription fee. With every transaction you process per month with this model, you will save more money on fees.
How to choose the best credit card processing company for your business
Picking the right payment processor is one of the most important business decisions you will ever make. There are several factors to keep in mind as you evaluate your options.
Select a processor with a proven track record of fast, secure payment processing. Generally, checkout should be completed in two seconds or less without sacrificing data security.
Although processing is intricate, the price you pay for it should be clear, concise and complete. Accept nothing less than total pricing transparency.
Additionally, your processor should give you everything you need to take payments via various channels. These should include recurring payments, invoicing and mobile billing.
Furthermore, demand premium customer support. Time is money, and business interruptions due to technical glitches or equipment problems can be costly to your bottom line as well as your brand reputation.
Finally, only partner with a processing company that has the ability and resources to grow with your business. Payment preferences and types evolve with time and shopping behaviors.
When you collaborate with a vendor who can nimbly adjust to changes in the business climate, you can accentuate your current offerings and take control of your company’s future without ever losing sight of the customer focus and data security that are at the foundation of your success.
