You may be surprised at the number of steps involved - and at the critical role played by an Acquiring Processor such as First Data. Credit card sales that are processed through a terminal also complete the same process as described below for an internet transaction but the security issues are not as detailed.
1. A consumer decides to buy something - On the internet the merchant's commerce-enabled Web site prompts the customer for credit card information as well as "bill-to" and "shipping" addresses.
(At the storefront location the Merchant simply swipes the credit card on the POS system magnetic stripe card reader or credit card terminal for an authorization that the funds are good.)
2. On the internet the customer enters the information into a form secured by the SSL (Secure Sockets Layer) protocol - SSL encrypts the transaction data and sends the secured form over the Internet to the merchant. The form should appear on a webpage with HTTPS. The "S" means the page is secure. If there is no "S" in the HTTP, then the consumer should NOT enter any private information including credit card information. In addition, email is not a secure method of sending credit card information. If a form is being sent to the Merchant via email to obtain the credit card information then this is a huge red flag. Credit card information should also not be stored on the server of the Merchant as this opens the Merchant to both hackers and employee theft.
3. Using the payment software incorporated into the merchant's Web server, the encrypted transaction data is now sent to the acquiring processor, (i.e. First Data Merchant Services), for authorization - The merchant can send the data via an Internet gateway service, which will reformat the information so that it is compatible with the acquiring processor's systems. Alternatively, in cases where the merchant has installed software on its Web server, which is compatible with and approved by the acquiring processor, the transaction data can be sent directly to the processor via a private dial or leased line.
(At the storefront location the POS system or credit card terminal communicates through a dial up phone line connection. More and more Merchants are moving to an internet connection.)
4. Whether a storefront or over the internet, the acquiring processor then communicates the transaction data to the consumer's (issuing) bank - The issuing bank now authorizes a certain amount of money and issues an authorization code, or declines the transaction. The authorization decreases the customer's available credit, but does not yet put a charge on his bill or move the money to the Merchant. At this point, the Acquiring Processor will communicate with the Merchant's Web site, which will notify the consumer that the purchase has been approved.
(At the storefront location the POS system or credit card terminal receives an approval code back from the Acquiring Processor that the funds are good.)
5. Once the transaction has been authorized, the next step is a capture - After authorization and prior to capture, the Merchant is still able to "void" a transaction without paying discount fees. The capture uses the information from the successful authorization to charge the authorized amount of money to the consumer's credit card. In line with bank card (VISA®/MasterCard®) association rules, a merchant may not capture a transaction until the goods have been shipped. So there may be a lag time between authorization and capture.
6. The last step in the process is to settle the transaction between the merchant and the acquiring processor - As captures and credits come in, the merchant accumulates them into a batch, which will then be settled as a group. When submitting a batch, the merchant's payment-enabled Web server connects with the acquiring processor (i.e., First Data) to finalize the transactions. If the merchant is using an Internet gateway service, such as Cardservice International's LinkPoint Secure Payment Gateway, it will decrypt the transaction and reformat it for the acquiring processor. When the acquiring processor receives the information and settles the batch, it sends payment instructions to the issuing and merchant banks, which will result in monies being transferred to the merchant's bank account.(If the consumer should return the goods after the transaction has been captured, a "credit" should be generated which typically will have the same discount and transaction fees as the original captured transaction. This means the Merchant pays double for credits.)