An overview of the online payment process
Customers usually carry payment cards (debit or credit cards) in purses or wallets, which they use to pay for goods and services. When a cardholder pays a merchant with a payment card, the merchant usually uses a payment gateway to process the payment. A payment gateway is an e-commerce service that authorizes payment card-based transactions. The payment gateway performs several tasks to process the transaction, but it's its main task is the encryption of payment card information before submitting the transaction for authorization to a payment processor. A payment processor interacts with the bank that issued the customer's card (known as the issuing bank or issuer) that ultimately authorizes or declines the transaction. The payment processor may be implemented by the payment gateway, a third party, or the merchant. A merchant would implement a custom payment processor to, for example, integrate with a custom inventory and ordering system.
Merchants that do not manage inventory may deal only with a payment gateway. Payment gateways provide libraries or frameworks that apps can link to. When processing a payment, the app hands off a payment token to the library, which processes the payment and returns the result (authorized or declined) to the app. The gateway performs all the tasks necessary to authorize the transaction and transfer the payment amount from the card issuer to the merchant's acquiring bank. The
acquiring bank (also known as the acquirer) is the bank that receives the cardholder's payments and credits them to the merchant's bank account (which is a special type of account used to receive payment from payment cards, also known as a merchant account).
Merchants that need to integrate with custom ordering and inventory management systems need a more hands-on approach to payment processing. This is the scenario discussed in this book.
First, let's talk about how online payment systems work. The payment process takes place in two phases:
In a successful authorization, an
authorization hold is placed on the customer's card, reserving the funds that finance the transaction. Later, the merchant consumes or settles the transaction to transfer the funds from the customer's card into the merchant's account.
The following steps describe the authorization process:
The customer presents a payment card to pay for a product or service.
The merchant encrypts the card's information and sends an authorization request to the payment gateway.
The payment gateway then forwards the authorization request to the payment processor.
The payment processor forwards the authorization request to the appropriate payment card association (Visa, MasterCard, American Express, Discover, and so on).
The card association forwards the authorization request to the issuing bank, which ultimately approves or declines the transaction. Some card associations, such as Discover and American Express, are also issuing banks.
The issuing bank receives the authorization request from the payment processor and sends its response (authorized or declined) to the payment processor. The issuing bank then holds a transaction authorization or authorization hold that links the merchant, payment card, and amount approved (the funds are reserved but not debited from the cardholder's account).
The payment processor forwards the issuing bank's response to the payment gateway.
The payment gateway, in turn, forwards the response to the merchant, who relays the information to the cardholder.
Either immediately, or at the end of the day, the merchant starts the settlement process to receive the funds. This process is similar to the procedure used to request the payment authorization; however, instead of authorizing the transaction, the issuing bank moves the authorization hold to a debit and prepares the transaction for settlement with the acquiring bank:
The merchant submits the approved authorization to its acquiring bank through the payment processor.
The acquiring bank makes a settlement request to the issuing bank.
The issuing bank makes a settlement payment to the acquiring bank.
The acquiring bank deposits the approved amount into the merchant's bank account.