Payment Processing Explained: What is it? How does it work?
For businesses that accept customer payments, payment processing is vital for managing cash flow, mitigating fraud risks, and enhancing customer satisfaction.
Payment processing handles transactions and cash flow from your customers’ accounts to your bank. Knowing what happens when you process customer payments is essential as a business owner.
In this article, we’ll cover what payment processing is, how it works, and the best practices businesses should follow for processing payments.
What is payment processing?
Payment processing is the sequence of actions needed to complete a financial transaction between a buyer and a seller. The process typically involves authorising, verifying, and settling transactions through electronic payment systems.
With payment processing, customers can pay for goods and services using a variety of payment methods, such as:
- Card payments
- Instant account-account payments
- Digital wallets
- Bank transfers
Today’s payment processing technology allows for quick and effective transactions. Information is securely sent from merchant terminals to consumer banks and back again in seconds.
The payment processing system manages all communication between the issuing bank, payment provider, and financial institution – all without requiring the cashier’s involvement in-store or any manual input during online transactions.
Key components of payment processing
Payment processing involves various components that work together to ensure secure and efficient transactions.
These components can include:
- Merchant: The business or individual selling goods or services.
- Customer: The individual or business purchasing the goods or services.
- Payment gateway: A service that securely transmits payment information from the customer to the payment processor and back to the merchant. The payment gateway is an intermediary between the merchant’s website or point of sale (POS) system and the financial networks involved. Read more here.
- Payment processor: The company responsible for managing the transaction process. The payment processor communicates with the issuing bank, acquiring bank, and payment gateway to facilitate the transaction.
- Issuing bank: The bank that has issued the customer’s card or other payment method. The issuing bank authorises the transaction and approves or declines it based on the customer’s account status.
- Acquiring bank: The bank that receives the payment from the issuing bank. The acquiring bank is responsible for depositing the funds into the merchant’s account.
- Card and payment networks: Companies like Visa, MasterCard, and American Express, open banking payment providers such as Brite Payments, and digital wallets such as PayPal facilitate communication between issuing and acquiring banks and set the rules for processing payments.
- Payment security: The technologies and standards (e.g. the PCI DSS), tokenisation, or encryption that ensure the safety and integrity of payment information, protect against fraud and data breaches, and, in the case of open banking-powered payments such as instant account-to-account transactions, employ strong customer authentication (SCA) to enhance security further.
Together, these components enable secure, efficient transactions between the buyer and seller.
How does payment processing work?
Payment processing works differently depending on whether it’s done traditionally or with open banking.
Traditionally, it involves multiple steps and several key players. However, open banking is more efficient and flexible for consumers and businesses.
Payment processing with open banking is a more streamlined approach that uses secure APIs to enable consumers to make direct payments from their bank accounts. There are fewer intermediaries with open banking, as open banking payments typically only involve the customer, the merchant, and the customer’s bank.
Open banking systems, such as those provided by third-party providers (TPPs), such as Brite, allow for instant payment transfers. This means the merchant receives the funds immediately or within a few minutes. This also eliminates card network fees, resulting in generally lower transaction costs for merchants. Read more about open banking and payment processing here.
With that being said, let’s take a look at how traditional payment processing works. If you would like to know more about one type of payment initiation made possible by open banking, you may also be interested in: ‘The Comprehensive Guide to Payment Initiation Services (PIS).
Step by step: Traditional payment processing
1. Transaction initiation
First, the payment is initiated. This happens when the customer makes a purchase and provides their payment method – e.g. a card or another payment method – at checkout.
Depending on the business they’re purchasing from, this is done through an online platform such as an e-commerce site or mobile app, or even at the POS in a physical shop.
2. Payment gateway
After the customer submits their payment details, they are transmitted securely to the payment gateway, which functions as a bridge between the customer, the merchant, the payment processor, and the card networks.
Next, the payment gateway encrypts the transaction data and ensures it’s transmitted securely to the payment processor.
3. Authorisation
Once the payment processor receives the transaction from the payment gateway, it validates the information and forwards the transaction details to the acquiring bank.
When the information has been received, the acquiring bank sends it to the card network for validation and authorisation.
4. Verification
Next, the card network forwards the transaction details to the issuing bank, and the issuing bank verifies the customer’s account for sufficient funds or credit. The bank will also assess the transaction for legitimacy and fraudulent activity.
Based on these factors, the issuing bank either approves or declines the transaction.
5. Authorisation response
Whether the transaction is approved or declined, the issuing bank sends the response back through the card network to the acquiring bank, which then forwards it to the payment processor.
Next, the payment processor sends the response to the payment gateway, which communicates the response to the business’ online platform or POS system.
6. Transaction completion
If the transaction is approved, the sale is completed, and the merchant provides the customer with the goods and services they purchased. If the transaction is declined, the merchant may request another form of payment from the customer.
7. Transaction settlement
After processing, the merchant sends the approved transaction to their acquiring bank for settlement.
The acquiring bank then requests and receives the funds from the issuing bank, after which it deposits them into the merchant’s account. The process is then complete.
Payment processing: Best practices for businesses
Businesses should follow best industry practices for payment processing to minimise the risk of fraud and maintain compliance with industry standards and regulations.
These include the following best practices:
- Use a reputable payment processor: Choose a processor that employs strong security measures and complies with industry standards. Research the processor before committing – a reputable processor should have positive testimonials.
- Offer multiple payment options: Different customers prefer different payment methods. Choose a processor that offers a variety of different payment options to cater to a broader audience.
- Create a secure payment environment: Choose a payment processor that adheres to the PCI DSS to ensure that cardholder data is handled securely. This includes regular security checks, maintaining secure networks, and implementing strong access control measures.
- Implement fraud prevention tools: To prevent fraud detection, you should use tools such as address verification systems (AVSs) to verify the customer’s billing address against the address on file with the card issuer. Implementing velocity checks to limit the number of transactions from a single card or IP address within a certain period can also help prevent fraud from automated attacks.
- Monitor transactions: Set up systems to monitor transactions in real-time for any signs of unusual activity, such as large transactions from new customers, multiple transactions in a short time frame, or transactions from high-risk locations.
- Educate employees: Provide ongoing training for employees on payment processing best practices, including recognising indicators of fraud, securely handling customer information, and responding to payment-related inquiries.
- Stay up to date on trends and regulations: To ensure compliance, stay up to date about changes in payment processing regulations, such as updates to PCI DSS, GDPR, or local data protection laws.
With these best practices, you can optimise your payment processing, enhance security, reduce the risk of fraud, and deliver a seamless experience to your customers.