Payment processing – what it is, how it works, and best practices

For consumers, payment processing is often as simple as a single swipe or tap. While this only takes seconds, many different steps and triggers are happening behind the scenes to complete the transaction. For business owners, payment processing can seem complicated and difficult to understand.

But that doesn’t have to be the case. Payment processing is a series of systems and stages that make sense once outlined clearly and effectively. In this article, we’ll break down the steps for payment processing, explain how they interact with your business and your customers, and help you prepare to accept credit and debit card transactions with confidence.

Specifically, you’ll learn about:

• What payment processing is
• How payments are processed
• Payment gateways
• Payment processors
• Merchant accounts and processed payments
• Security best practices for payment processing
• How to prepare for payment processing

What is payment processing?

Payment processing is the series of actions that occur when digital payment transactions are initiated by a business. This includes everything from processing a card and opening secure gateways to communicating with issuing banks and consumer accounts.

Out of the 29 million businesses in the United States, 36% accept credit and debit cards for payment. What’s more, the average consumer uses a digital payment method for 75% of their transactions each year. That’s a lot of swiping and tapping. But why is it so popular?

The benefits of payment processing are plentiful. For one, today’s technology allows for these transactions to be quick and effective. Information is sent securely from merchant terminals to consumer banks and back in a matter of seconds. These systems manage all of the communication between issuing banks, credit card companies, and financial institutions. And they do it all without requiring the cashier to understand or get involved in the process.

Some of the different types of payments that are processed include:

• Debit and credit cards — physical cards issued by banks permit holders to borrow funds in exchange for products or services.
• Digital wallets — software applications, typically on mobile devices, that allow for electronic financial transactions.
• Bank transfers — electronic fund transfers that typically occur between businesses.
• Electronic checks — payment via paper checks converted into automated clearing house (ACH) transactions.

How payments are processed

Before exploring the different parts of payment processing, it’s important to understand the process as a whole. Let’s take a look at the high-level steps required for payment processing and then dive deeper into its components.

To start with, a customer presents their card to a retailer either in person or online. The card data, including the cardholder name and account number, is passed through a payment gateway, which then sends the details to the merchant’s bank. The payment processor uses that information to notify the card’s issuing bank of the transaction.

Having been alerted of a transaction, the consumer’s bank confirms whether there are sufficient funds available for the purchase to take place. At this point, the transaction is either approved or declined. In some cases, this is also the step where fraud is detected. (We’ll discuss security in detail later in this article.)

When the payment is approved, the issuing bank lets the retailer know by communicating with the payment processor. The transaction is recorded, and every person involved, including the merchant and the consumer, is notified via the payment gateway.

While this might sound complicated, we’re going to take a closer look at what gateways and processors are below. The key components to keep in mind are that gateways help transmit data, and processors are responsible for handling the transaction that results in a purchase.

Payment gateways explained

Payment gateways are pivotal to the process as a whole. A payment gateway is a service that links together all of the entities involved with a transaction and helps disparate systems communicate with one another. It comes into play at the start and end of a card transaction.

In short, a payment gateway makes it possible for banks (merchant and consumer) to communicate with one another to make a transaction. Specifically, payment gateways:

• Establish secure connections to transmit data between parties via encryption
• Send card data to the payment processor for the transfer of funds
• Inform the merchant and consumer when the payment is complete

Most point-of-sale (POS) systems and card terminals have payment gateways built into their structure to streamline the components a business needs to manage. In addition, there are payment processors that offer gateway options for use.

Payment processors explained

If gateways are the components that connect banks, processors are the entities that handle the actual logistics of those requests. A payment processor is a system that allows for transactions to happen between merchants and consumer banks. As the name implies, it processes credit and debit card payments based on the requests it receives through the gateway.

Payment processors authenticate the transmitted information to confirm that it is valid with all of the banks involved. The processor is responsible for the actual transfer of the funds, if approved, between the issuing bank (the consumer) and the merchant account (the retailer).

As a go-between for banks, merchants, and consumers, payment processors come in a wide variety and are designed to handle transaction fulfillment. They operate as a business themselves, using several different models through which they charge merchants for their services. These services take a number of forms, including:

• Subscription. These charge monthly or yearly fees but could also include per-transaction charges for services. Popular examples include Stax and FreshBooks.
• Interchange plus. These charge interchange fees per transaction on top of a set additional fee for processing. A typical charge would be 2% of the total transaction plus an additional fee of 0.5%. Popular examples include Helcim and Dharma.
• Flat rate. These charge static one-time fees per transaction, but their costs tend to be higher than other options. Popular examples include PayPal and Square.

Merchant accounts and processed payments

Another component critical to the payment process is a merchant account. These are different from bank accounts and only used for credit or debit card processing. Merchant accounts act as holding areas for funds during the settlement of pending transactions.

Merchant accounts come into play after a card payment is processed and funds are approved. From there, the money is transferred from the issuing bank to the merchant account for holding and processing. After 24–72 hours, the funds are then moved out of the merchant account and into the business’s bank account for access and use.

Merchant accounts are an essential part of payment processing, but they also allow businesses added flexibility to accept recurring payments and subscriptions that require resubmission and holding.

Security best practices for payment processing

Security remains a crucial part of every step in the payment process. Many systems come equipped with encrypted gateways to prevent data from being interpreted if it is inadvertently accessed. However, security is also to be implemented at other stages of the process — and with good cause. Data breaches can be incredibly costly and cause harm to a business and its reputation. To avoid this, keep a couple of tips in mind.

Look for a point-of-sale system that works with EMV chip cards. EMV stands for Europay, Mastercard, and Visa and refers to the microchips that are embedded in the front side of most newer credit and debit cards (which the three companies created). These chips are designed to help protect against fraud since they can only be interpreted by specialized readers, limiting pathways for theft and data fraud.

Businesses can also familiarize themselves with the Payment Card Industry Data Security Standard (PCI-DSS). This information security standard is often required of merchants in order for them to conduct credit and debit card payment processing, guaranteeing a minimum level of security. These guidelines help inform what data should and should not be retained by a retailer during and after a transaction. Read the complete PCI-DSS and current requirements for more information.

Preparing for payment processing

The payment process is designed to both simplify and diversify the ways that merchants accept funds from consumers by providing a streamlined and secure means to collect digital payments. Understanding how this process works, even at a high level, can help business owners prepare to accept payments securely and efficiently. With an eye on security, merchants can safely transact payment collection while also maximizing the options available to their customers.

If you’re preparing to accept credit and debit card payments for your business or looking to update your payment process, Adobe Commerce is here to help. A truly unified platform for payment processing, Commerce is a flexible, efficient way for businesses of all sizes to handle almost any transaction. Perhaps most importantly, Commerce keeps consumer data safe by complying with the latest in encryption and data security standards.

Sign up for a demo of Adobe Commerce to find out how it can help you make sure your business is ready to accept a variety of payment types.