Credit card processing tends to follow the same transaction life cycle, whether your customer pays with credit cards in person or uses a credit card online or by phone. The specific credit card processing events and activities may vary from one merchant or card issuer to another, but the basic life cycle is the same.
If you’re going to accept credit cards from your customers, it’s a good idea that you understand how the credit card processing life cycle works, how the money ends up in your account, and what happens if something goes wrong with the cycle.
Authorization of Card
1. The credit card user presents their credit card to make payment in person, or enters their details into a form or to a customer service representative by phone.
2. The merchant swipes the card or the account details are digitally entered into the system for submission to the merchant account for processing.
3. The merchant bank electronically requests card authorization from the card issuer (Visa, MasterCard, Discover, American Express).
4. The card issuer approves or declines the transaction, and sends the response back to the merchant bank.
5. The merchant bank sends response back to the merchant, and the merchant processes the transaction based on whether the card is approved or declined.
Clearing and Settlement of Payment
1. The funds from the credit card payment are deposited into the merchant’s bank, the merchant’s account is credited and an electronic submission of the transaction is sent to the credit card processor.
2. The credit card processing system, facilitates payment, pays the merchant bank, debits the cardholders account, and sends the transaction on to the card issuer.
3. The card issuer posts the transaction to the cardholders account and sends the monthly statement to the cardholder for payment.
4. Cardholder receives their credit card statement and sends payment.
Maintaining Consumer Credit Card Safety
As a merchant accepting credit cards, you should understand your role in keeping the credit card data safe throughout the credit card processing life cycle. Your data storage systems should not maintain any of the magnetic-stripe data received after a customer swipes a card and the transaction has been processed. After the card is authorized, all information taken from the swiping of the card must be deleted. You can maintain account number, expiration dates and names from credit cards if you do so in a CISP-compliant manner, but no other information can be stored.
If you use the CVV2 number for verification purposes in some or all of your credit card transactions, you must not store that data or document it in any way digital or otherwise.
Businesses are often liable for losses customers experience due to compromised credit card data that occurs due to merchant neglect and lack of adequate data security measures.
No comments:
Post a Comment