Electronic Payment/Validation of CC and Debit Card numbers
QUESTION: Hi Andrew,
Who in the transaction process performs validation of the credit card or debit card number? Is it VISA/Mastercard/etc., or is it the issuing bank (e.g., Citibank)? Who stores these credit and debit card numbers that are validated against?
ANSWER: Hello Thomas,
Thanks for reaching out to me. The way a transaction flows, it goes over the associations network (association being Visa, MC, Discover) to the bank that issued the credit card to the cardholder. The issuing bank is where the authorization or decline ultimately is decided. That response is then transmitted back to the merchant's terminal. This data transfer is known as "interchange". The card is validated against the record that is held by the issuing bank (and of course there's significant data encryption required in the transmission).
If the transition is successful, the funds then move from the card issuer, less the interchange fee, to the merchant acquirer (credit card processor), and from there to the merchant's bank account, less the processing costs from the acquiring bank. The bulk of the fee goes to the issuing bank, at pre-determined rates based on the card type #credit, debit, rewards, commercial, etc), how the transaction was entered (keyed, swiped), what information was included (IE zip code, invoice and tax amount if applicable, etc), the type of merchant accepting the transaction (IE restaurant is different from retail is different from supermarket, etc).
Here is a graphic that may be helpful: http://en.wikipedia.org/wiki/File:Gao-report-on-interchange.gif
Did that help? If any further questions, or if I can be of any direct assistance on this, just let me know - firstname.lastname@example.org
Andrew Moran, CPP
---------- FOLLOW-UP ----------
QUESTION: Thanks for spelling this all out clearly
So do most or all issuing banks hold credit card information under their control? I was looking online and saw that some issuing banks use payment processors like First Data, and was wondering why. This also makes me unsure who is holding and managing CC info, the processor or the issuing Bank.
Thanks for the reply. You've really been doing some digging!
The issuing bank is the only party in the transaction that can approve or decline the transaction. If you think about it, that's the only way it would make sense; First Data, for instance, doesn't know if your card has funds available on it or not, its essentially just "asking" the issuing bank#
What the payment processor essentially just send the authorization request it to the issuing bank, and display the response back to the terminal# Then at days end, all the authorizations are settled, and an ACH file is generated to send to the acquiring bank, which then sends the funds to the merchant, and waits for the incoming funds from the card issuing bank#
Not to further confuse things, but some banks are both acquirers and issuers# That is, they issue cards to their customers, but also act as an acquirer for funding merchant transactions# But even in this case, there needs to be a payment processor to connect the request at the merchant's store to the cardholders account; there has to be a "road" from the terminal to the cardholders account, if you will# This is how a credit card transaction differs from an ACH or a wire transfer, and is also how real time authorization takes place - its a two way communication, not a one way fund transfer#
I did some googling, and although I don't usually direct people to a competitors website, they do a good job of explaining it here: https://www#ippay#com/index#php?q=merchant_processing_overview.
Also, out of curiosity, what triggers your question today? I was actually thinking of discontinuing my listing on All Experts because almost every question about PayPal, and almost always someone outside the US I cant assist anyway. Your question is refreshing.