August 17, 2015
Back to the Basics: A CNP Payments and Fraud Primer
By Karisse Hendrick, Editor-at-Large, CardNotPresent.com
As kids, many of us dream of becoming a fireman, a ballet dancer, a ball player or a pop star. A card-not-present payments and fraud professional? Not so much. For most, ending up in your current career was a happy accident. There are no college courses that prepare you to set up or manage CNP payment processing, nor are there are any standardized courses on fraud management. Because there’s no clear career path, everyone comes to their job with a varying degree of understanding regarding the plumbing of the industry.
At CardNotPresent.com, we often are asked for a basic explanation of the overall payments process by individuals throughout the ecosystem and at many levels of experience. A review of basic information can help merchants understand the partners they need and help providers better understand the role they play in the ecosystem. This overview of the payment acceptance process is the first in our “Back to the Basics” feature article series. If this is a review for you, pass it along to someone you think it will help. We have developed an infographic to accompany this article you can print out and refer to often. If you don’t need it as a resource, someone in your organization does.
The Payment Acceptance Process
The payments acceptance process is the foundation of the payments and fraud industry. It is the lifeblood of card-not-present commerce because it is the process by which merchants get paid. As such, it is important to fully understand this process to know what partners you need, their role in the overall process and also to troubleshoot any payments issue you may have. It is easiest to picture the process as a conversation. Two of them, actually, and when they are complete, funds have moved from a customer’s credit card into the merchant’s bank account. The first conversation that occurs is known as the authorization process, and the second is the settlement process.
The objective of the authorization process is to ensure that the credit card is valid and to reserve the funds for the merchant. Every time a credit card is entered into the shopping cart checkout page, this process is initiated. A payment gateway in the CNP environment is similar to a credit card terminal in a physical store. It allows the payment details to be communicated from the merchant to their merchant processor. Some fraud prevention companies act as the gateway, to allow the data from the transaction to be processed for fraud prevention. The merchant processor then routes the card to the appropriate issuing bank, utilizing the delivery servers of each card network (e.g., if a Visa card issued by ABC Bank is used by the consumer, the processor will facilitate the communication with ABC Bank using Visa’s server, VisaNet).
Once the issuing bank has approved or authorized the transaction (i.e., established that the consumer in question was issued that particular card and has enough available credit) that response is routed back to the merchant using the same methods of communication. Should the merchant be enrolled in 3DSecure, those details are processed in tandem with the authorization process. It is after the authorization process that a merchant should be initiating their fraud review process, whatever form that takes (we will examine this particular part of the process in an upcoming article focused on the various types of fraud products and how they work together).
Once a transaction has undergone fraud review and been approved by the merchant, the transactions for the day, or for a pre-determined time, need to be settled. This is sometimes called “batching” as the transactions are settled in a group or batch. During this second conversation, funds are pulled from the customer’s account at the issuing bank and deposited into the merchant’s bank account. The merchant processor will settle and deposit Visa, MasterCard and Discover transactions to the merchant account (though some merchants may have a separate merchant account directly with Discover). For American Express transactions, the merchant processor will pass transactions through to American Express to settle those transactions directly. These totals may be on reports from the processor, but the merchant may see these transactions in their bank account on a different date. Additionally, American Express may deduct the processing fees from each batch, rather than monthly like most processors do.
Should a customer change their mind or the merchant need to cancel the transaction prior to the settlement process, this is done through processing a void, or removing the transaction from the batch to be settled. If this needs to occur post-settlement, the customer should be issued a refund. In order to qualify for the best interchange pricing, a transaction should be settled within three days of the authorization. In the case of physical goods that need to be shipped, this may not be possible, as according to the network regulations, customers should not be charged until the goods are in transit. If the customer orders multiple items that cannot be shipped at the same time, the merchant can break up the authorized amount, to only settle the amount in each shipment.
Knowing the process in which a transaction is authorized and settled provides clarity in all areas of a card-not-present transaction. It can help Customer Service better serve customers when they inquire about a billing issue, the IT Development team to know the best way to set up the payments acceptance process, and the payments team in trouble shooting any issue that may arise. In upcoming articles, we will explain how to read a merchant statement and how to optimize the fees being assessed, the various fraud tools in the industry and how they can be utilized, and will follow up with the chargeback process.