Customer Putting Credit Card in Pin Pad

For access to a PDF of the Guide, click here.

Merchants. Gateways. Acquirers. Oh. My.

The retail payment landscape is evolving across payment options and channels available to retail customers. Cross-channel retail credit card security is of the utmost importance and customers are voting for retailers that offer flexibility and trust with their dollars. As a retailer, this makes it important to understand how credit card processing works and how to mitigate your business risks.

Establishing an integrated payment infrastructure that facilitates secure, multi-channel credit card processing can seem complex. Yet, with the right partnerships, transactions can flow seamlessly. We’ve put together this Guide to Secure, Integrated Credit Card Processing as an overview of third parties involved and financial terminology to set your business up for success. Let’s dive in.

Between the merchant requesting a payment and the green approved check mark popping up on a pin pad, many players quietly come into play behind the scenes.

Who Are the Parties at Play in Credit Card Processing?

Let’s start by reviewing the key players that comprise secure payment processing. The magic swipe of a card seems simple, but so much is behind it, and that’s for the best. After all, security is of the utmost importance when handling sensitive customer data and moving digital currency. For the purpose of this piece, we’ll refer to retailers as merchants and customers as cardholders.

Payment Gateway: A payment gateway is responsible for the secure encryption and communication of payment data throughout the process. The payment gateway sends the confirmation of whether the payment was approved or declined and finalizes the tokenization of payment data back to a merchant’s point of sale. In recent years, payment gateway technology has moved to cloud-hosted payment interfaces. Gateways are very important to support payments across a variety of environments. In a physical store, a payment gateway works through the equipment where the customer inserts or taps their chip-and-pin enabled credit card or swipes a card reader on a mobile device. For eCommerce transactions, the gateway enables a secure online checkout.

Payment Processor: The payment processor moves funds and executes transactions. This partner provides the hardware and its internal communication software that enables merchants to process credit card payments. Through their equipment, the payment processor communicates with banks to transfer funds. Payment processing companies maintain critical relationships with merchant-acquiring banks. Relationships must exist between a payment processor and merchant acquiring bank for a merchant to use both harmoniously.

Merchant Acquirer: The merchant acquirer is the middleman that ultimately routes funds from the customer’s account at their issuing bank to the merchant’s bank account or vice versa in a return. Funds are held temporarily in a merchant acquiring account until the transaction is settled.

Point of Sale: Your point of sale provider is the initiator of the payment process. When you use integrated credit card processing, your POS communicates with the payment gateway automatically. The point of sale tells the gateway how much the transaction value is including the amounts for the goods and services, fees, and state and local taxes. For security, your point of sale should not record sensitive card data, but instead, use end-to-end encryption and tokenization for record keeping.

Gateways, processors, and acquirers can be three separate providers, one provider for all three services, or a combination of the above. Be sure to ask the partners you engage with what part of the process they are providing.

What are the key parts of credit card processing?

The parties involved in credit card processing are working in the blink of an eye to ensure that the following actions occur to complete a seamless customer transaction. Big ticket, home furnishings purchases are unique from cash and carry products such as a cup of coffee. Therefore, it is critical if you are a furniture, bedding, or appliance retailer, to work with solution providers that understand the nuances of your sales process.

Authorization: Credit card details have been submitted by the cardholder, either in-person or online. This kicks the process off. The customer’s personally identifying information (PII), the amount of the transaction, and bank routing are encrypted and processed through the chain of credit card and banking institutions.

Pre-authorization: A pre-authorization is a common practice for home furnishings and design services where customers may be previewing options in their homes prior to finalizing the sale. A pre-authorization will hold the customer’s funds for a designated time period until the pre-authorization expires. If the sale moves forward, the merchant can capture the funds and complete the order.

Approval: In the ideal outcome, the credit card is validated, and the cardholder has adequate funds or a line of credit open for this transaction to be approved.

Decline: A cardholder’s bank may decline a transaction for any number of reasons ranging from insufficient funds or a temporary hold to a security precaution. This process protects the merchant from risk or fraud.

Settlement: This is where the merchant actually receives the funds from the customer’s bank into their own bank account, completing the cycle. This part of the process does not occur in real time. The approval process serves as a guarantee of funds that occurs quickly and allows the customer to leave with a confirmed purchase, even though the actual fund transfer can take a few days. The merchant acquiring account holds the funds until final settlement.

Tokenization: Tokenization enables merchants to securely store encrypted card data for their customers. In home furnishings, taking a deposit at the initial point of sale is a common practice. Having a token on file enables you to complete the payment in full once the fulfillment is ready for scheduling without needing the card to be presented again. It can also be used to conveniently issue a refund. This process is more secure than reading card data over the phone and requires a CVV security code for validation.

How do all of the parties come together in the process?

The below visual flows from left to right along the top row and then from right to left along the bottom row. It is designed to illustrate the sequence of events between all parties.

Visa, MasterCard, Discover, and American Express are the four major global card networks. These card networks helped to establish the Payment Card Industry (PCI) Security Standards Council which upholds secure retailing practices and global payment compliance. Together they are a part of governing the financial institutions, merchants, and technology solutions to protect everyone’s financial interests.

Where global finances are involved, checks and balances are incredibly important. PCI-compliant credit card processing ensures all parties aforementioned follow security standards to reduce the risk of data breaches. Credit card data breaching is a billion-dollar problem for companies across the United States according to Experian. By ensuring you are using solutions and partners approved or certified by the PCI Security Council, you can be a PCI-compliant merchant. Your business maintains a competitive advantage as a trustworthy place to shop. When customers feel a sense of security, this increases valuable brand trust and loyalty. Further, processing EMV chip-enabled credit cards is another step that makes the process of stealing data much more difficult, protecting your business from theft and fraud as well as your customers’ financial data.

It may be hard to believe all of these parties and processes are involved in a simple credit card transaction. From the customer’s perspective, this all happens almost instantaneously and that’s a wonderful thing! When your payment processing solution works seamlessly, the customer experience is positive, and where money is involved, this is mission-critical.

As the payment landscape shifts to hosted models, discover STORIS’ point of sale, mobile POS, eCommerce solution, and APIs. All solutions can leverage integrated credit card processing from our growing list of gateway partners to build a trusted, multi-channel payment processing experience for your customers.

Discover STORIS' Secure Credit Card Processing

  • This field is for validation purposes and should be left unchanged.

When you choose , you get more than an industry-trusted retail software solution. You get the know-how of our team of experts, superior service, and opportunities for growth. Use the form below to learn what can do for you.

  • This field is for validation purposes and should be left unchanged.