Payment Methods

There are 3 basic ways of getting paid, cash, paper (cheques, postal orders, etc.) and digital (direct debit, bank transfer, card, or wallet).

The first two have the disadvantage of being physical, which means there is a high cost of processing involved, risk of losing payments, etc. Especially for CNP situations, these payment methods are not really fit for purpose.

We will focus on the last category. There are 6 subcategories. We are for now excluding virtual currencies such as BitCoin as this currency is currently more an investment product as a payment method.


There are a handful of international card schemes: VISA, MasterCard, American Express, ChinaUnionPay, Diners/Discover, and JCB. Most of these schemes offer both Credit and Debit cards.

CUP is the biggest scheme but is hardly used outside China (although a lot of Chinese tourists are using it). JCB is mostly a Japanese card and Diners (incl. Discover) mostly US. American Express is also a card that is stronger in the USA than outside, but can be of interest because it is popular among business users/high spenders. In European markets, VISA and Master Card dominate.

Outside China, Visa dominates transaction volumes, due to their large market share of cards issued, accounting for $3.273 trillion dollars in spending in 2010. The next largest payment network is MasterCard, which processed $2.047 trillion dollars in 2010.

Spending on the Visa network accounted for 52.4% of global payment volume in 2010, compared to only 32.8% for MasterCard, and 11.2% at American Express. Discover placed a distant fourth place, accounting for 1.7% of spending.

American Express users spend over $7,714 per year, per card, which far exceeds spending on any other network. As a basis of comparison, Visa users spend only $1,725 per year, per card.



Local Card Schemes

These card schemes are usually debit only, and were designed with point-of-sale and ATM use in mind – that is, they were devised in a pre-internet world, and as a consequence may not be ideally suited for use in a card-not-present environment. SEPA legislation has meant that these local schemes are now co-branded with one of the international schemes, though transactions processed via the international schemes may not achieve the preferential interchange rates.

Some schemes have completely closed down (e.g. Laser in Ireland) and have typically been replaced by VISA and/or MasterCard Debit cards.


A Real-Time Bank Transfer (RTBT) is an electronic transaction that transfers funds directly from the customer’s bank account to the merchants’ account in real-time. The customer is redirected to their bank’s website (or a third party website which facilitates such transactions) where they authenticate the transaction by entering their account details and some kind of transaction authorisation number (TAN), often generated from a secure device. In many cases the customer does not divulge their account details to the merchant, minimising the risk of those account details being compromised. As such, this kind of transaction is inherently secure and deemed to be a low risk of fraud. Additionally, many of these payment methods do no support “chargebacks”, which makes them very attractive to merchants. An RTBT may offer “multi-bank” support, allowing a merchant to accept transactions from customers of multiple different banks, or they may be “mono bank”, which means that specific payment methods must be implemented for customers of specific banks.


An eWallet is essentially an account into which customers may deposit funds, and which can be used directly to purchase goods or services. In this sense, eWallets function in a similar fashion as Real-Time Bank Transfers, with real-time authorisation of the availability of funds. Like RTBT methods, the customer’s account details are not shared with the merchant, and so the details are seen to be inherently secure. This significantly reduces the risk of fraud.

The main advantage of eWallets over RTBTs is that RTBTs are often created for use in a specific market or country, whereas e-wallets are generally designed with international use in mind.

Direct Debits

A Direct Debit is a transaction in which the customer provides their personal account details to the merchant, and issues a mandate to the merchant to withdraw sufficient funds to cover the cost of that transaction. An electronic direct debit differs from a traditional direct debit in that no paper mandate needs to be signed – permission can be given by phone or over the internet. No verification of fund availability takes place, and because the account details are shared with the merchant, those details are open to compromise. As such, these payment methods are deemed to be at a high risk of returns due to lack of funds and are frequently exposed to fraud. Customers can chargeback transactions that have been attributed to them, and so merchants must take care to manage these risks. Despite these limitations, this method of payment is the preferred method of payment in the German market.

Offline Payment Methods

All payment methods discussed so far are initiated online: the customer provides details of a payment instrument to the merchant at the time of purchase, often with some real-time verification of the details and the availability of funds. Offline payment methods – where the customer fulfills the transaction after the order has been placed – are still popular across many markets, and in fact dominate in some key markets (for example, Germany and Poland). Offline payment methods fall into a number of categories:

• Traditional, paper-based payment methods are still widely used – examples include payment by invoice, payment by cheque, and payment by postal order.
• Cash on delivery is also a preferred payment method in many markets – in its simplest form, the customer pays cash to the driver who makes the delivery. However, more sophisticated versions exist – for example, in Germany, many postal and courier services will arrange a kind of “escrow” delivery service, where delivery will be held until the customer confirms that the payment has been completed.
• Offline credit transfers are also popular: the merchant provides the customer with their bank account details when the order is placed, usually accompanied by some kind of reference number for reconciliation. The customer then fulfills the order by transferring the funds directly to the merchant’s bank account either at a branch or via phone or online banking. The merchant will not ship the goods until the funds have been confirmed as received.

Choosing Payment Methods

The criteria you should use to decide on which payment methods are best for you are:

1. Markets
2. Type of payment
3. Cost
4. Risk
5. Reconciliation.
6. Other factors


First of all, markets mean countries. A Payment Processor has market information on most European countries and can advise you what the prevalent payment methods are in a particular country. For example, the UK market is dominated – at least for now – by cards and direct debits. But in The Netherlands, you will need to offer iDeal as well, as this payment method has a dominating position in on-line payments.

Sometimes there is a lot of confusion about payment methods in a particular country. For example, in France, there is a national payment system called Groupement des Cartes Bancaires using the “Carte Bleue” brand. In practice, however, virtually all cards issued in France are co-branded with Visa or MasterCard.

Markets may also mean the socio-economic group you are targeting. For example, if you are targeting a youthful audience, they might not have credit or debit cards, but might have a PayPal account. This is for example the case for merchants who sell digital downloads to mobile phones.

Type of payment

Different payment methods are more or less suitable for different types of payments. All payment types support one-off payments. But what about other requirements?

The main one here is recurring payments. If your business is subscription or renewal based, you will need a reliable and cheap solution for taking these – it is still hard to beat direct debits. However, there is a hardcore of users, estimated at approx. 10% will not use Direct Debits, so you will have to offer at least another alternative.

If you have repeat business from the same customers, and you have web-based customer accounts, your payment methods have to be able to offer one-click payment solutions to make payments as easy as possible to ensure you maximise this repeat business.

Other merchants need an easy and reliable method for returning payments to their customers.


We will go into much more detail about the cost for cards later. When comparing payment methods, however, the following generalisations can be made:

Although cost is important for everyone, it becomes even more so if the ATV of your product or service is low.


We will be talking about fraud later. But again it is possible to make a general statement as to how much risk is associated with various payment methods.

Note: risk is defined as the chance of non-payment, including chargebacks, etc.

For some companies, risk is more of a factor than others. If you ship physical goods with a high ATV or vouchers you are a bigger target for fraud than if you are dealing with low ATV products or services or products such as insurance. How payments are taken is also important: online payments are riskier compared to call centre payments.


Esp. larger organisations need to be able to reconcile all payments quickly and easily with a minimum of errors. Process flows need to be in place and ideally, data will be available immediately to logistics/distribution, finance, and customer service operations.

Payment methods and their providers need to be able to provide the information you need. If you increase the number of payment methods you offer, this will also increase the effort required for reconciliation and associated reporting and cost.

Local payment methods often require a local bank account or even a local presence; this again will increase your administrative burden and cost.
You will, therefore, have to balance the part of the payments market you wish to cover versus the complexity and cost of reconciliation.

Other factors

A number of other factors that are important here are:
• Your offer of payment methods needs to be clear, your websites easy to use.
• Where possible you will want single solutions – robust, supportable and upgradeable.
• Solutions need to be compliant with regulation, whether in-house or 3rd party.
• Ease of integration, coupled with focused support from 3rd Parties
• Future proofing to ensure that the mobile and tablet technology can be delivered as integral to core business systems

Why accept cards?

• More convenient for customer and merchant – less cash handling
• Spontaneous sales, increased volume/value
• Displaces cheques – lower handling costs and security
• Speeds throughput at Point of Sale – faster turnover
• Makes sales over internet and phone possible
• Guaranteed funds and security of settlement
• Simpler back-office reconciliation and control; substantially reduces back-office costs

Card Payment Process Flow

Payment card processing (whether using a debit or credit card) is the process of reserving and taking funds from a cardholder’s card and crediting the merchants’ account with these funds. The merchant can carry out this process by sending transactions through a payment service provider i.e. A Payment Processor.

When taking payments by credit or debit card, two kinds of transactions are defined by the banking industry and the card schemes:
• Card Present Transactions
• Card Not Present Transactions

Most cardholders will be familiar with the more traditional Card Present (CP) transactions. CP transactions are those where the cardholder is present with their physical credit or debit card. To complete the sale the card is inserted into a card terminal to read the customer’s data from either the magnetic strip or the chip-and-pin device. In many countries, CP transactions require that a secret pin code be entered to authenticate the transaction, or alternatively the customer is required to sign a receipt to authenticate a transaction. The customer may be asked to produce identification to prove that they are in fact the cardholder. Because the customer is physically present with their card, and have authenticated their transaction either by entering their pin number or signing for the transaction, the transaction is considered to be largely non-repudiable, i.e. the customer cannot easily claim at a later date that they did not authorise the payment to be taken from their card. This information is provided for training purposes. This booklet does not deal with Card Present Transactions

Card-Not-Present (CNP) transactions are all those transactions where the customer is not physically present with their card, and it is these kinds of transactions that A Payment Processor exclusively deals with. CNP transactions can come in a variety of different forms:
• Internet (or E-Commerce) transactions
• Mail Order transactions
• Telephone Order transactions
• Fax Order transactions

In all of the cases described above, the customer provides their card information, but at no point is the card itself produced. Because the cardholder is not physically present with their card, it is not possible to confirm the identity of the customer using any of the means described above (although there are alternative means which can be used, and which are discussed later in the document). Merchants, therefore, need to be particularly careful when processing CNP transactions because, in the event of fraudulent use of a card, the legitimate cardholder can repudiate the transaction.


The stages of a card transaction are outlined below – A Payment Processor, as a payment services provider, are primarily concerned with the authorisation and batching stages of the process. However, it is important to understand all parts of the process, as questions may arise from customers on any or all of the elements below.

• Authorisation: The cardholder pays for the purchase and the merchant submits the transaction to the acquirer (acquiring bank) via a payments services provider such as A Payment Processor. The acquirer verifies the credit card number, the transaction type and the amount with the issuer (Card-issuing bank) and reserves that amount of the cardholder’s credit limit for the merchant. An authorization will generate an authorisation code, which the merchant stores with the transaction.

• Batching: Authorized transactions are stored in “batches”, which are sent to the acquirer. Batches are typically submitted once per day at the end of the business day. If a transaction is not submitted in the batch, the authorization will stay valid for a period determined by the issuer, after which the held amount will be returned back to the cardholder’s available credit. Some transactions may be submitted in the batch without prior authorizations; these are either transactions falling under the merchant’s floor limit or ones where the authorization was unsuccessful but the merchant still attempts to force the transaction through. (Such may be the case when the cardholder is not present but owes the merchant additional money, such as extending a hotel stay or car rental.)

• Clearing and Settlement: The acquirer sends the batch transactions through the card schemes (Visa/Mastercard etc.), which debits the issuers for payment and credits the acquirer. Essentially, the issuer pays the acquirer for the transaction.

• Funding: Once the acquirer has been paid, the acquirer pays the merchant. The merchant receives the amount totaling the funds in the batch minus either the “discount rate,” “mid-qualified rate”, or “non-qualified rate” which are tiers of fees the merchant pays the acquirer for processing the transactions.

• Chargebacks: A chargeback is an event in which money in a merchant account is held due to a dispute relating to the transaction. Chargebacks are typically initiated by the cardholder. In the event of a chargeback, the issuer returns the transaction to the acquired for resolution. The acquirer then forwards the chargeback to the merchant, who must either accept the chargeback or contest it. A merchant is responsible for the chargeback only if she has violated the card acceptance procedures as per the merchant agreement with card acquirers.


Card Authorisation is the process by which the customer’s card details are validated for correctness, and where their account is checked to ensure that there are sufficient funds to complete the transaction. Card authorisation is a complicated business, and the process of authorising a card transaction involves the input of a number of different stakeholders. When processing a card transaction through a Payment Processor, the card details are sent first to your acquiring bank, then to the customer’s card issuing bank via the card schemes. Despite the complexity of each transaction, the authorisation process itself is completed in real-time and takes no longer than 3 to 4 seconds to process.

Note: The card authorisation process is distinct from the transaction settlement process, in which transactions are actually funded.

When authorising a credit or debit card transaction, a number of key card details are used to identify the customer. These are:
• The Credit Card Number
• The Card Expiry Date
• The Card Security Code (the three or four-digit code usually located at the back of the card)
• Any Address Data provided for Address Verification (where supported, mainly UK based)

The Credit Card Number itself may be any length from 14-19 digits. The first six digits of the card number are known as the BIN or Bank Identification number – this identifies the card type (e.g. 4 for Visa and 5 for Mastercard) and the bank that issued the card. The Card Expiry Date is always in the form of MMYY. The Card Security Code (variously referred to as the CSC, CVV, and CV2) is usually three digits long and located on the back of the card. American Express cards have a four-digit CSC number which is located on the front of the card.

It should be noted that the only information guaranteed to be used in the authorisation of a card transaction is the Credit Card Number. The expiry date is usually, but not always, checked. The Card Security Code may be checked, but providing an incorrect Card Security Code will not always result in a card being declined. While A Payment Processor requires that a cardholder name be entered to complete every transaction, this information is gathered for reconciliation purposes only and is not used in any way in the authorisation process itself. The name provided by the customer may not match the name present on the card itself.

The diagram below shows the transaction flow for a standard credit or debit card transaction, outlining each of the key stakeholders in turn.

The card authorisation process is outlined below:

1 The Cardholder makes a purchase via the Merchant’s website. To pay for the purchase, the Cardholder enters key card details that identify their account.
2 The Merchant passes the customers’ card details to A Payment Processor for processing
3 A Payment Processor process the card details provided to the acquiring bank, the financial institution with which the merchant has signed a merchant services agreement. The acquiring bank checks that the transaction is allowed under the conditions of that agreement
4 The card details are processed, via the Card Schemes, to the bank that issued the customer’s card, the issuing bank. The issuing bank is identified based on the BIN Range of the card number provided. The Issuing Bank is the only authority who has access to the customer’s bank account details. The customer’s card details are validated, and the customer’s account is checked to determine if there are enough funds to cover the cost of the transaction. If the details are correct, and there are sufficient funds to cover the transaction, an authorisation code is returned to A Payment Processor granting authority to draw down the funds at a later date. A hold is placed on the funds on the customer’s account to prevent the account from being overdrawn.
5 The Transaction Result, and Authorisation Code (where applicable), are returned by A Payment Processor to the merchant. The transaction is now ready to be settled and funded.


Settlement is the process of taking the money that has been reserved on the cardholder’s card at the authorization stage and crediting it to the merchants’ account. Gateways send the transactions to the merchants acquiring bank in a settlement file on behalf of the merchant. This instructs the acquiring bank to debit the cardholders’ card and credit the merchants’ account with the authorisation amount.
There are 2 types of settlement that the merchant can use
Automatic settlement
This is where Realex will automatically settle the transaction on behalf of the merchant. The transaction is automatically put into an open batch once the transaction is authorised.

Delayed settlement

This is where the merchant wants to decide on when to settle the transaction. This may be because they want to check they have the goods in stock before debiting the funds from the customer’s card. The merchant can manually settle the transaction by using the Realex transaction management tool RealContol or they can settle it remotely via XML, sending the message from their own system for example. Once the transaction is manually settled it is put into the merchants’ open batch for the day. The merchant must settle the transaction manually within 28 days of the authorization. However, some acquirers might charge additional fees for “late” settlements.

A batch will be opened when an automatic settlement authorization is sent in from the merchant or when the merchant settles a delayed transaction. An open batch will be created for each Bank Merchant ID that the merchant is processing authorization through. Open batches are closed at 12 midnight for most acquirers and put into the bank’s settlement file. The settlement file is delivered to the bank the following morning. The following diagram shows the transaction flow from authorization to settlement for 2 merchants processing through the same acquiring bank: 

The following matrix shows the main Irish and UK acquirers and typical cut of time (note: taken from A Payment Processor).

Transaction Funding

Transaction Funding is the process by which funds for an authorised transaction are transferred from the customer’s bank account to your bank account. This is handled entirely by your acquiring bank – once the batch file has been delivered, A Payment Processor plays no further part in this process.

Timeline of an Authorisation

How long is an authorisation valid?

If you make a card sale via a standard authorisation (called “final authorisation) you should settle and the end of the same day.

Pre-Authorisations are valid for 30 days (MasterCard) or 31 days (Visa).

There are however exceptions, such as Maestro (7 days).

This means you can use an authorisation code received from an issuer for this period of time and still get your funds. After this period, your settlement request will fail.

How long are funds reserved?

The reservation will be used once the settlement is made.

If no settlement is made, reservations will be released much earlier than the period for which authorisations are valid. This is decided by the issuer.  Most issuers let reservations expire after 7-10 days. Some however keep a reservation for up to 21 days. 

If you settle late, you might incur late settlement fees, which can be quite expensive.

That is why using pre-authorisations are often the better way if you know you are not going to settle within this time-frame. Pre-authorisations also carry a fee, but not as much as the late settlement fee.  So:

  • A standard authorisation is the cheapest and should be used if you expect to settle immediately
  • A pre-authorisation is cheaper if you know you are not going to be able to settle immediately
  • If you don’t know when you are going to settle, you will need to analyse how often your settlement is within or outside the limit and you will have to calculate which option is most beneficial

Can you reverse a reservation on a card?

Pre-authorisations can be reversed, but final authorisations cannot.

Issuers are often prepared to reverse a reservation if they receive a letter from the merchant. You would need to furnish this to the cardholder who can present this to his bank. Not all issuers are prepared to do so though, and this is obviously a very time-consuming process. 


Merchants should authorise and settle for exactly the same amount. If they do not know the exact amount, they should use a pre-authorisation . A pre-authorisation is basically an estimate of the amount the merchant believes will be owed at the end of a transaction. 

This is very common in hotels, where on top of the room rental food and drink bills might be added. A merchants should analyse their trading history to estimate this additional cost. The pre-authorisation should then cover both the known cost (for the booking of the room) and the estimated additional cost.

However, only expected cost should be included in the estimate. To prevent reserving unnecessary reservations on a card,  it is not allowed to add costs that might arise, ‘just in case’. (For example for potential damage to a room).

Topping Up

If the amount pre-authorised does not suffice for a growing bill, for example, if the guest is running up an ever-increasing bar bill, the original pre-authorisation should be topped up. 

Topping up will NOT extend the term of the original authorisation for an additional 30/31 days. The total amount can be settled in one transaction using the original authorisation code and other mandatory data. In theory, you can top up a pre-authorisation as many times as you require. The increments do require customer authorisation OR a field called TRAN ID linking the top-ups to the first authorisation (you should talk to your gateway and/or booking system provider).


A pre-authorisation should be settled within 24 hours of the end stay of the guest (I am staying with the hotel example here). The settlement must be for a lower or the exact amount of the pre-authorisation.  If lower, the remaining amount of the pre-authorisation must be reversed, so the reservation will be removed from the card.  You should never settle for a higher amount.


Pre-authorisations do attract additional fees, which is the reason why you should use normal authorisations if you do know the exact amount as it will reduce fees.


Who is Who

An overview of the different participants in the payments process. 


This is you. You must have a Merchant Services Agreement with an acquiring bank with which a Payment Processor is certified as a Payment Services Provider.  Also, the merchant will require the technical infrastructure to allow them to connect to the A Payment Processor Service.  

Technology Enablers

A merchant will require the technical infrastructure to allow them to connect to a Payment Processor Service.  That technical infrastructure may be in-house, but frequently merchants will be using third-party software or services. 

The integration with a third party is driven by merchant/customer demands on a case by case basis, but no contractual arrangement (other than an NDA) exists between A Payment Processor and the third parties.  A Payment Processor employs a co-operative strategy with the third parties who enable the technology between A Payment Processor and its merchant base. 

Because of its large client base, A Payment Processor has much existing integration with third parties such as shopping carts, industry platforms, IVR solutions, etc. We can provide you with overviews of these on request.

It should also be considered integrating your payment solution with your business system. By merging payment processing with business solutions merchants can automate payment reconciliation with accounting, logistics, etc., cutting down on data entry and eliminating human error.


To process card payments a merchant needs access to acquirer’s systems. Acquirers will however not let anyone simply connect to them; it is necessary to go through a certification process. This process does not only cover the sending of real-time requests (such as authorisation request which check if the cardholder has sufficient balance on their card) but also the submitting of daily batch files (settlement files) which instructs acquirer to move funds from the cardholder’s account to the merchant’s account.

The process of certification is complex, time consuming and expensive: they take on average 3 months.  And as rules continuously change or new services are developed, there are regular re-certifications required.

As this is simply not possible for a merchant, a gateway does this for them.  Not only can the merchant take advantage of the scale of the gateway (spreading the certification cost), gateways will typically also certify in multiple acquirers. As the biggest cost in card processing sits normally with the acquirer, this provides the merchant with an opportunity to switch acquirer without having to do a new integration via a technology enabler.

In the Card Not Present space, the Payment Processor is the dominant player in the Irish market.  In the UK, thanks to a combination of direct sales and white label solutions provided under the Global Payments and Elavon brands, A Payment Processor is also one of the leading providers.

Card Acquirers

What is acquiring?

  • Acquiring is a risk-based business provided to merchants enabling them to accept plastic cards through various channels
  • Provides Value-Added Features (VAS) -Gift Card, Electronic Bill Payment, DCC – that generate/share additional merchant revenue
  • Authorisation, clearing and settlement (ACS) of international credit, charge and debit cards both domestically and globally
  • Acquiring covers Point of Sale (POS) and Card Not Present (CNP) transactions, also in some nations ATM
  • Provides Operational services to support processing of cards efficiently and smoothly
  • Meets merchants’ needs to accept a form of electronic guaranteed payment for goods/services

It is important to distinguish between your acquiring bank and the bank with whom you have your account. In most cases, they are not the same. Elavon, First Data Merchant Services, Global Payment, and WorldPay are all independent acquirers. But even AIB Merchant Services is a separate organisation compared to AIB Bank (and is actually owned 51% by First Data). You can – for example – use Elavon as the acquirer and have your bank account with Bank of Ireland (although not every acquirer works with every bank).

An acquiring bank (or acquirer) is a bank or financial institution that processes credit or debit card payments on behalf of a merchant. The term acquirer indicates that the bank accepts or acquires card payments from the card-issuing banks within an association. The best-known (credit) card associations are VisaMasterCardDiscoverAmerican ExpressDiners ClubJapan Credit Bureau and China UnionPay.

An acquiring bank enters into a contract with a merchant and offers it a merchant account called a Merchant Services Agreement. The arrangement provides the merchant with a  line of credit. Under the agreement, acquiring bank exchanges funds with issuing banks on behalf of the merchant, and pays the merchant for its daily payment-card activities.  The acquirer will provide the merchant with a MID (Merchant ID). Each MID is linked to one bank account (but multiple MIDs can be linked to the same bank account).  You might need multiple MID because you will need to distinguish between transaction types (the fee you pay to acquirer will differ per type, more about that later).

  • Card Present: A Card Present (or Retail) transaction is one where the debit/credit card used is physically in the presence of the merchant. These types of transactions would normally be processed using a physical terminal supplied to the merchant by their acquiring bank and would be accompanied by chip & pin technology. The merchant would usually be able to avail of a much lower per-transaction rate from the bank as the risk associated with card-present transactions would generally be perceived to be much lower than in other environments. A Payment Processor does not provide support for Card Present transactions. A merchant cannot process through Realex using a MID reserved for card-present transactions
  • MOTO: Mail Order/Telephone Order transactions are a type of Card Not Present transaction. The card details are provided to the merchant via mail or by phone. A merchant may use a MOTO MID for processing transactions via the Online Terminal or the Virtual Terminal (or for their own, remotely integrated MOTO system) but may not use this for E-Commerce transactions
  • ECOM: E-Commerce transactions are another type of Card Not Present transaction. In this case, the application is for E-Commerce transactions – where customers enter their own card details via a website, without the intervention of the merchant. E-Commerce transactions would generally be considered to be high risk (relative to card-present transactions) and so carry a high per-transaction rate from acquiring bank. E-Comm MIDs can be used to process MOTO transactions – however, if the customer intends on processing a large volume of MOTO transactions, they may be better off applying for a separate mid (which may come with a better per transaction rate from the bank)
  • Recurring: Recurring transactions are transactions where the merchant charges his customer on a regular basis, e.g. for membership or subscription. Repeat business where the customer regularly buys from the same merchant, is not recurring business, however. There are different rules per acquirer, but most acquirers require the first transaction of the series to be treated as a standard transaction and do require recurring transactions to be flagged as such. In most cases, you will be able to avail of better rates for recurring transactions as they are considered less risky.

Acquiring banks accept the risk that the merchant will remain solvent. The main source of risk to acquiring a bank is fund reversals. These can be voluntary refunds from the merchant to the cardholder or chargebacks. Due to the high amount of risk acquiring banks are subject to, it is them who will be responsible for ensuring the merchant is PCI compliant, will require security checks such as 3Dsecure, and will often require minimum balances to be kept in the merchant account.

Most acquirers also work with a Merchant Category Code. This is a four-digit number that classifies your business by the type of product or service it sells. This code also can have an influence on the rates you pay and might mean that additional rules get applied. E.g. for MCC 6012 merchants are required to send in additional information with their authorisation requests.

The main acquirers in the UK and Ireland are AIB MS, Elavon, EVO Payments, WorldPay, Barclays, First Data MS, Global Payments, Lloyds. Of not are also EMS Card and Amex.

Card Schemes

A Payment Processor enables eCommerce merchants to process card payments with acquiring banks.  Acquiring banks themselves are members of Card schemes, who regulate acquiring and issuing side of the business.  The schemes are broken into two areas, debit and credit card schemes.

A Payment Processor is not a member of the VISA or MasterCard schemes but can act as an agent to process VISA and MasterCard transactions into scheme members i.e. acquiring banks.  However, a Payment Processor is still required to comply with the regulatory environment i.e. the Payment Card Industry – Data Security Standard (PCI-DSS).  The standard is aimed at protecting the card schemes brand by ensuring that any entities that process or store card data are following security guidelines as laid out under PCI. But more about that later.

Card Schemes are the owners of a payment scheme, into which a bank or any other eligible financial institution can become a member. By becoming a member of the scheme, the member then gets the possibility to issue or acquire the transactions performed within the scheme.

In Europe, the introduction of the Single Euro Payments Area has brought big changes.  SEPA stands for the Single European Payments Area.  The intention is to harmonise bank systems throughout the Eurozone so as to make cross-border payments easier and eventually to facilitate Eurozone banking from a single account in any one country.  The Card Payments Directive provides for legislation to be enacted in all the EU countries in order to facilitate Eurozone banking. No national debit card scheme will operate in one country – a national debit card scheme must exist throughout the Eurozone or not at all.  This is why schemes such as Laser, Switch, and Solo have disappeared and VISA and MasterCard have introduced their own debit cards.  In some countries, local debit schemes still exist, but these tend to be “co-branded” with either VISA or MasterCard.

Not all acquirers support all card schemes. VISA and MasterCard are always covered, for example, AMEX is often not available via acquirer. In such cases, the merchant will have to get a Merchant Services Agreement directly with the scheme. 

Card Issuers

A card issuer is a bank or credit union that offers credit or debit cards. The card issuer makes the credit limit available (where applicable) to cardholders and is responsible for sending payments to merchants for purchases made with cards from that bank.

Data Protection Regulator

There is another regulator to which all participants must comply, the national data protection legislation.  Because A Payment Processor stores customer data, they are classified by the Irish Data Protection Commissioner as a Data Processor.  Many merchants are Data Controllers. A Payment Processor can give you advice on the main areas you would have to look into.

Choosing a Gateway

What are the main deciding factors for choosing the right gateway for your business?


Overall transaction processing fees consist of acquiring fees (which include fees for the card schemes and card issuers) and gateway fees. It should be noted that the cost resulting from gateway fees typically account for the smaller part of this cost.
• The gateway fee as % of your cost can simply be calculated by taking the Payment Processor’ flat fee and Average Transaction Value (ATV) over the past 12 months
• Depending on the Debit/Credit card split, how international your business is, and other factors, acquiring fees can be complicated. The base fees are 0.2% for debit cards and 0.3% for credit cards, but the Acquirers fees come on top of this and you will pay substantially more for international payments.

Reliability / Availability

A Payment Processor must recognise that availability of payment processing is of paramount importance for all merchants who operate and sell in the real-time authorisation environment. You should, therefore, choose a payment gateway with world-class availability figures and comprehensive DR. You will be looking for 99.99% uptime or higher.
Independence & Multi-Acquirer Setup
An all-in-one acquiring/gateway agreement can seem quite tempting. However, looking at the choice strategically, having a gateway agreement that is tied to acquiring creates an obvious interdependency, gives no flexibility, and reduces the merchant’s negotiation power.

As an independent gateway, a Payment Processor allows the merchant to connect into several major acquirers in the UK and Ireland (see also above).
This gives the benefit of being able to switch acquirers without having to go through a new integration. Or a merchant could have a multi-acquirer setup; a Payment Processor can provide this with only one single integration.

Service – Account Management

When everything is working fine, you might be tempted to go for the cheapest provider. It is however when something goes wrong that you find out if you are with the right provider. Apart from that, you should look for a gateway provider that keeps you informed on new payments industry developments and is in regular contact to ensure that any developments on your side are matched with capabilities on the side of your provider.

Security & Compliance

The security of data is an obvious requirement when considering any provider who will support your operations. In the electronic payments industry, PCI DSS is the industry standard that all operators must attain compliance.

A Payment Processor must comply with PCI DSS Level 1, the highest level of PCI compliance.

A Compelling Product Offering

To best meet the needs of its merchants, a payment gateway must provide a range of services and features and support for the right channels.

Call centres are expensive to run but if you have one you do need to offer the opportunity for clients to place an order and pay there and then. As there are substantial PCI implications of taking card numbers over the phone, you might consider taking payment via a solution that allows the customer to enter their card in their phone. A Payment Processor has several partners who offer such solutions.

To save cost, many clients are now moving their customer to pay via IVR or online; which is fast and effective. IVR is, of course, more suitable for customers who are paying an invoice rather than shopping and paying, for which online payments are more suitable.

Especially in sectors where payment is made for purchases on a spur, or for payments taken by your mobile staff, payments taken via tablets and mobiles are becoming more and more important.

Finally, it is possible to take the customer out of the payment loop altogether if you would introduce recurring payments. Storage of card details brings you to the highest level of PCI compliance requirements. When using a third party you should however ensure you have agreed that you can get your card back if and when required and at what cost. Furthermore, you should ensure that card details can easily be updated and maintained and that old data is periodically removed. Finally, more and more processors are also offering a scheduler service.

Integration Options

Most payment processors now offer:

  • Fully independent solution, where the merchant keeps control over all parts of the process but does accept PCI liability. Your systems communicate to the processor via API’s, which are however different from processor to processor.
  • Hosted pages, where the payment processor takes over some of the PCI liability. The merchant does lose full control, but more and more pages are customisable and this also has the advantage that new services are integrated by the processor all the time, which you as a merchant can than easily integrate into. Some merchants prefer to use an iFrame.

In both cases, you should ensure that your and the processor’s pages are fully mobile compatible. For call centres we also increasingly see that they use the same online page as that which is presented to customers on the web.

There are variations on the hosted solution, such as iFrames, which will allow you to keep your URL visible.

Choosing Your Acquirer


Inter-regional Transaction

A transaction where the Issuer of the card used is located in a different Visa/MasterCard Region to that of the Merchant.

Intra-regional Transaction

A transaction where the Issuer of the card used is located in the same Region as that of the Merchant.

Domestic Transaction

A transaction where the Issuer of the card used is located in the same country as the Merchant.

Acquiring license

Acquirer requires a license from card schemes before they may acquire merchants in a certain region

Qualified Rate

Acquirer offers rate based on certain criteria is met. i.e. ecomm trans is 3D Secure/AVS/CVV, CP transaction is authenticated by pin etc. If this criteria is not met an exception charge is applied. Majority of acquiring banks can not check in real time if transaction is qualified.

Interchange Plus

A method of pricing, merchant is charged basic interchange rate of transaction + a set BPS or cent/pence.

Blended Rate

Same rate is offered across multiple card types/regions/channels.

Multicurrency acquisition

Multicurrency Acquisition means the processing and acquisition of transactions in multiple currencies

Pan-European Licence

Acquirer can acquire merchants any country as per card scheme list of countries covered. i.e. UK Acquirer can acquire Non-UK domiciled entity.

Cross-Border Acquiring

If a merchant operates in more than one European country they could have a MSA with one bank that enables them to accept cards in several countries as opposed to having a MSA with a acquirer in each country. Whether or not the merchant can achieve domestic interchange rates in their countries depends on acquiring bank’s platform. In some cases Cross Border Acquiring Restrictions means acquirer can only acquire ‘International Merchants’ (those that operate in a minimum of 3 countries in Europe region.


An acquiring bank:
• is a licensed member of MasterCard, Visa, American Express or Diners that screens and accepts Merchants into its bankcard program, processes transactions, and completes financial settlement for them
• acquires transactions performed using a credit/debit card issued by a bank other than itself
• accepts risk for each Merchant that is included in its bank program
• must carefully weigh up the risk against the potential profit for each merchant application
• must pay both the card issuer and the relevant card scheme from any fees charged to the merchant

The bank accepts or acquires credit card payments from card-issuing banks within one or more associations. The best-known (credit) card associations are Visa, MasterCard, American Express, Diners, Japan Credit Bureau, and China UnionPay.
An acquirer supplies a merchant account that allows a merchant to accept credit card payments. From the merchant, account money can be directed to a bank account at the merchant’s bank.

Acquirer pays interchange fees which are fixed rates set by the card associations, and which vary by the type of card used and where the card was issued versus where the merchant is located. These interchange fees provide the income for the card issuer. Acquirer also pays scheme fees, which are dependent on volume processed. This is one of the reasons why there is a strong trend towards consolidation in the market.

Acquirers earn their money by marking up the interchange fees, or by charging a fixed rate (either an amount, which would be more typical for debit cards) or a percentage, which would be more typical for credit cards). In the latter case the estimate of the mix of cards and country of origin are important, as an incorrect estimate could mean that acquirer would lose money.

Acquiring Banks assume much of the risk in the credit card processing network because merchant accounts are a line of credit and not a holding account like a current account. In the event a merchant becomes insolvent, and suffers fraud or chargebacks, acquiring bank suffers the loss if the funds cannot be recovered either from the merchant or the customer. For this reason, most Acquiring Banks require any individual/entity wishing to accept credit cards to undergo a credit check and/or supply financial data before establishing a merchant account.

Card associations typically consider a participating merchant to be a risk if more than 1% of payments received result in a charge back. Visa and MasterCard levy fines against acquiring banks that retain merchants with high chargeback frequency. To defray the cost of any fines received, acquiring banks are inclined (but not required) to pass such fines on to the merchant.

Leading European Acquirers are ConCardis, First Data, Credit Mutuel, Banque Populaire, BNP Paribas, Swedbank, Global Payments, Credit Agricole, Barclays and WorldPay. The main Irish and UK acquirers are:
1. Allied Irish Bank Merchant Services – a joint venture between AIB Bank and First Data Merchant Solutions
2. American Express
3. Bank of Ireland – offers its merchant service through EVO Payments
4. Barclays Merchant Service
5. Bank of Scotland – offers its merchant service through First Data Merchant Solutions
6. Clydesdale Bank – offers its merchant services through WorldPay
7. Elavon Merchant Services
8. HSBC – HSBC offers its merchant services through Global Payments
9. Lloyds Banking Group Merchant Services – partly owned by First Data Merchant Solutions
10. Ulster Bank/NatWest/RBS – offer their merchant services through WorldPay
11. Santander – Santander offers their merchant service through Elavon
12. WorldPay Business Services
13. Yorkshire Bank – offers its merchant services through WorldPay

Acquirer Licences

For an acquirer to be able to sign up merchants for their MasterCard and Visa transactions a license from the card schemes in the relevant country or region is required. Historically, for this to take place, an acquirer has needed to have a presence in each country concerned. This enabled a license from the card schemes to be obtained and with it the relevant settlement BINs (Bank Identification Numbers) against which transactions are cleared. These BINs are loaded onto acquiring platforms for this purpose.

This BIN is visible on your credit card: it is the first 6 digits. This is why you are allowed to store the first 6 digits of the card number; the BIN is really handy because it can help you tell what type of card it is and who issued it. To be able to do the latter, you will need BIN files. Unfortunately, there is no 100% accurate BIN file available anywhere; please talk to us if you require more information.

If the bank did not have a presence in a certain country, an alternative way of obtaining BINs is to form a partnership with a bank in the country or countries where the acquirer wishes to do business. For example, Streamline has such a relationship with ANZ, the result of which is that Streamline has ANZ BINs domiciled in Australia and New Zealand set up on Streamline.

For a merchant, this is relevant, because it can make a difference in the fees to be paid as will be explained below.

Global license

Airlines are the only industry that can avail of global acquiring.

Pan European license

Visa and Mastercard versions of Pan European covers different countries. A Pan-European license does not mean the acquirer can offer domestic rates in every European country.
Cross Border Acquiring

If a merchant operates in more than one European country they could have an MSA with one bank that enables them to accept cards in several countries as opposed to having an MSA with an acquirer in each country, this is known as cross border acquiring and the banks are known as cross-border acquirers.

Card Schemes have cross-border acquiring programs that enable these banks to offer merchants a single contract covering multiple European countries, as per Visa and MasterCard respective European countries.

The merchant avoids the complexity and expense of separate contracts in each country.

The benefits of cross-border acquiring are:
1. Streamline operations – This type of centralised acquiring means no need for separate terms of business, separate settlement periods and complicated behind-the-scenes reconciliation. It streamlines the merchant’s operations and saves administrative costs.
2. Benefit from increased choice – Merchant will have increased choice and commercial freedom to select an acquiring bank outside their domestic market. This could be particularly useful if acquiring bank has specialist services or expertise that you can’t find in your own market i.e Gaming.

A cross border licence does not necessarily mean the merchant can achieve domestic rates, acquirer must build domestic rate tables into their platform.

Example of Cross Border Acquiring – Avis.

Avis had an MSA with an acquirer in each country that they were present in. In approx. 2000 they moved to Barclays whose cross border acquiring services replaced the local acquirers.


The term ‘multicurrency’ is applied to a merchant who accepts transactions in a currency or currencies other than the currency of the country that they are domiciled or registered in. Settlement to the merchant may also be in a currency other than their local currency. Settlement may be on a like-for-like basis (between the currencies which acquirer supports), e.g. euro transactions settled to the merchant in euro. Alternatively, settlement may be on a cross-currency basis, e.g. euro transactions settled in Sterling. With a cross-currency settlement, the acquirer generates additional revenue through the exchange rate used in the conversion process.

Another term that is used is ‘cross border’. This applies to a merchant whose transactions originate outside of the merchant’s country.

Multicurrency Acquisition

Multicurrency Acquisition means the processing and acquisition of transactions in multiple currencies.
Key sectors requiring a facility outside a single country are:
1. International Airlines – this is still the only trading sector where acquiring can be done on a global basis
2. Car Hire and Hotels – although worldwide businesses, unlike airlines, the card schemes still do not allow global acquisition.

Merchant Services Agreement

It is a contract that sets out the terms and conditions of an agreement between the Merchant and the acquirer. It is a standard contract for most SMEs but custom for corporate merchants. Sets out all terms of the contract for example
• Bonds
• Pricing
• Other Fees
• Card Types
• Currencies
• Commerce Type (e.g. MOTO, ECOM, etc.)

The MSA includes details on funds transfer (when) and settlement, either gross (full amount) or net settlement (minus the fees). Before an MSA is issued, an in-depth analysis is required by the acquirer. Because of the higher complexity and often higher risk, and MSA for a corporate client can take months, whereas for most SME’s it would be weeks. The acquirer needs to set its fees very accurately as it needs to be competitive but if set too low, the acquirer will lose money; and also take into account any risk they take on. If the risk is higher, fees are higher, a (large) bond may be required and settlement times might be longer.


Crucial to the maintaining of a positive balance over time is the limiting of reversal of funds; Rebates/Refunds voluntarily initiated by merchant and chargebacks forcibly initiated by the cardholder.

Chargebacks are the biggest risk to any acquirer as they could potentially be at risk for up to 6 months of transactions. Example:
• Merchant X comes out with a new product for €30
• During the first-month sales are over €100,000
• To build on momentum Merchant X decides to spend all their cash on a Marketing campaign
• Several days later they find out that the original product has a bug in it and needs to be replaced
• As they do not have the cash they simply apologise to the cardholders and say they won’t be able to honour the warranty that was included
• The cardholders call their banks and issue chargebacks
• Acquiring bank attempts to debit the merchant but there are insufficient funds
• Acquiring bank is liable

To offset risk, merchants are often asked to have a minimum balance in the account with the acquirer.


The majority of Merchants may not be aware of different price plans that are available as acquirers tend to ‘hide’ their ability to offer alternatives to basic pricing such as interchange plus as it reduces margins. Not all acquiring platforms can support more complex pricing models, many can support basic pricing only. Newer platforms can offer more flexible pricing.

The main pricing models available are:

Blended Rate; single Rate for both credit (2-5%)and debit Cards (€0.17-€0.30). It is the most basic and costly option for the Merchant MSC rates are priced for each product – credit & debit and split by card scheme. Acquirer builds their margin into the MSC rates and takes the risk based on pricing assumption. Any downgrades, merchant errors, etc. are absorbed by acquirer

Discount Pricing; known as 2-tier (CNP) or 3-tier (CP), based on 2 or 3 rates: Qualified, Mid-Qualified (CP) and Non-Qualified. Qualification depends on type (e.g. ECOM), region (e.g. domestic) and security measures implemented (3dsecure/AVS/CVN) and rates are higher for non-qualified transactions.

Premium Products; Acquirers price products based on the various card type and scheme fees for products that attract high interchange rates are passed onto the merchants. Examples include premium products, commercial cards, business cards etc.

Interchange Plus; cheapest option for merchants, generally only available to larger clients. It is transparent but complicated and not offered by all acquirers. It will take a lot of managing by acquirers. Actual interchange fees and assessments are passed at a cost to the merchant with acquirer applying a fixed mark up to each transaction and usually a per-transaction fee. E.g. 0.3% (30 basis points) + €0.10 per transaction. Interchange plus pricing passes the specific interchange rate determined by the acquirer along with scheme fees and acquirer margin. Some acquirers e.g. Lloyds Cardnet charge the scheme fees and margin as one fee rather than isolate the two categories

As well as the transaction fees many MSA will include additional fees; often Merchants may not know about these until it is too late and they receive additional charges.
• Monthly Minimum
• Exception charges
• Cardholder Service Fee/Maintenance Fee
• Annual/Quarterly Fee
• Early Termination Fee
• Batch/Settlement Fee
• Processing Cost, each Acquirer must maintain and develop secure connections to the other players in the transaction life cycle. The cost of this is factored into any MSA
• Scheme Fee, this is an assessment fee that the Merchant must pay to the Scheme network that processes the transaction. This is usually 0.0925% for Visa and 0.095% for MasterCard
• Chargeback Fee

In summary:


Interchange is the fee paid between the issuing and acquiring banks every time a Visa/MC card is used. It should not be confused with the fees paid by merchants to their banks.
Following a transaction, the merchant’s bank pays a fee to the cardholder’s bank. This helps banks share the costs of issuing Visa/MC cards and the cost of signing up merchants to accept those cards.

Interchange enables cardholders, merchants and their banks to participate in the transaction process.

Interchange fees apply only to the purchase part of the transaction, not refund.

Interchange fees depend on many factors:

Then there are also qualifying factors, one of the most important is timeliness.
1. Timeliness checks is one of the most crucial factors for interchange qualification with any delays by the merchant or acquirer processor having an impact on the level
2. The number of days can vary within MCC e.g. Airline where up to 15 days is allowed between the transaction date and file submission date.
3. In the UK, the time period for submission is 3 business days rather than 4 business days like other markets and therefore it is important that acquirers submit files in accordance with the reduced time period
4. The time period is determined between the transaction data – authorisation or clearing date that is used to populate the correct field – and the clearing submission date
Another factor is errors. MasterCard tends to reject transactions, which will then have to be resubmitted. If the data is incorrect, Visa does not reject the interchange qualification record but will downgrade the transaction normally to the worse rate. Visa will provide details of why items have been downgraded and acquirer will need to alter their processing platform accordingly

Other factors are:
• The presence or absence of magnetic stripe data
• The submission of enhanced transaction data
• A merchant’s card turnover and transaction volume

As mentioned above, location is an important factor in determining the interchange fees:

Inter-regional Transaction

A transaction where the Issuer of the card used is located in a different Visa/MasterCard Region to that of the Merchant.

Intra-regional Transaction

A transaction where the Issuer of the card used is located in the same Region as that of the Merchant.

Domestic Transaction

A transaction where the Issuer of the card used is located in the same country as the Merchant.

1. Not all countries offer domestic interchange i.e. Malta . Maltese merchants are charged Intra-regional rates in their own country. . Pan-european means can acquire non-uk domiciled entity. Does not mean they can offer domestic. Acquirer would have to add interchange rates to platform.
2. Spain – Spain have high domestic interchange rates. It is difficult for external acquirers to enter Spanish market due to bilateral agreement between Spanish acquirers and Spanish issuers. The high domestic interchange rates are prohibitive for acquirers who do not have an issuing arm in Spain. What acquirer loses in the deal the issuer gains, this is not a problem if FI has both acquiring presence and issuing presence in Spain. On a side note, domestic interchange rates are split by MCC.
3. In France, acquisition is directly linked to banking activities and therefore acquiring banks are competing for the main banking activities of the merchants, not simply their card or transaction processing business. In the UK acquirers are in direct competition with each other often on a purely acquiring basis.
4. In some countries the domestic Interchange may be higher than Intra rates.
5. Appropriate rates must be used in each region. i.e. intra rates cannot be used instead of domestic to achieve better rate in cases where intra is lower than domestic.
6. Visa and MasterCard publically display their interchange rates.

Interchange by country can be found on webpages referenced below.


Based on the transaction types you process, you might be charged higher or lower fees.

Card Present: A Card Present (or Retail) transaction is one where the debit/credit card used is physically in the presence of the merchant. These types of transactions would normally be processed using a physical terminal supplied to the merchant by their acquiring bank, and would be accompanied by chip & pin technology. The merchant would usually be able to avail of a much lower per transaction rate from the bank as the risk associated with card present transactions would generally be perceived to be much lower than in other environments. A Payment Processor do not provide support for Card Present transactions. A merchant cannot process through Realex using a MID reserved for card present transactions

MOTO: Mail Order/Telephone Order transactions are a type of Card Not Present transaction. The card details are provided to the merchant via mail or by phone. A merchant may use a MOTO mid for processing transactions via the Online Terminal or the Virtual Terminal (or for their own, remotely integrated MOTO system) but may not use this for E-Commerce transactions. Rates for MOTO tend to be higher than card present, but lower than E-Comm.

E-Comm: E-Commerce transactions are another type of Card Not Present transaction. In this case, application is for E-Commerce transactions – where customers enter their own card details via a website, without the intervention of the merchant. E-Commerce transactions would generally be considered to be a high risk (relative to card present transactions) and so carry a high per transaction rate from acquiring bank. E-Comm mids can be used to process MOTO transactions – however, if the customer intends on processing a large volume of MOTO transactions, they may be better off applying for a separate MID (which may come with a better per transaction rate from the bank). Using tools to offset risk, such as 3DSecure, often means you can avail of reduced rates.

Scheme Fees

• Both card schemes use the fees generated to contribute towards local market activities designed to increase both usage and acceptance.
• Any item which is not processed by the scheme will not attract a processing fee but will attract a brand fee as defined by the card scheme.
• Depending upon the volume processed by acquirer, it is possible that an acquirer will move the between the tiers.
• Typically, acquirers will review their tiers on a quarterly basis as part of a pricing review to ensure the correct rate fees are being applied to merchant.

Acquirer Margin

All acquirer costs – risk, processing, staff, operating costs etc and profit margin need to be included in acquirer margin which can be charged either as a flat fee per transaction, a percentage of value or as a fixed monthly sum
• Based on an interchange plus plus pricing, acquirer needs to generate revenue in their margin to cover a variety of fees,
• These fees typically cover operational and processing services along with risk management and acquirer profit margin.
• There are a number of approaches that are taken with acquirer margin and is the only area where the merchant and acquirer will negotiated.
• Acquirers may change their approach for merchants that fall into high risk segments in order to protect their risk exposure.
• For example, an acquirer may want to charge a % rate for high risk merchants e.g. Airlines
• This could include a mixture of a flat fee per transaction along with retained funds on account


This often gets neglected when setting up new payment systems. As a result your finance department often spends a considerable amount of time ensuring that all payments are reconciled.


Batches are the payment instructions to the bank. This should, therefore, be the same as the funds that are received in your bank account.

You should consider a few points, however:

1. Depending on the times’ batches are sent to acquiring banks (see the previous section) and agreement with your bank, payments will be received a number of days after they have been authorised. This is different for the various payment methods, e.g. AMEX typically has longer funding periods than VISA/MC.
2. Refunds can really throw your reconciliation out as they typically take a few days longer than authorisations to hit your bank account.

Finding your transactions

We strongly recommend you use reference fields to send information with authorisation that will help you find and reconcile payments. Preferably this is a field that is also sent to the acquirer and comes back to you in case of chargebacks.

Finding your payer and card information

If you are saving card information, you should use card and payer references that make sense to you. For example, use a unique customer number for the payer and if possible the first 6 and/or last 4 digits of the card.


You should check the reports that your processor offers as standards and see if they meet your needs. If not you should get the processor to send you daily, bespoke reports. If you require a high degree of automation these should be automatically delivered via FTP. One other solution is to use the responses you get on the individual payment request and update your database on an ongoing basis. This should enable you to run your own reports.

Chargebacks and Fraud

What are chargebacks?

It is a reversal or unpaid transaction in the card processing space that results in the removal of a transaction amount from the merchants’ account.

In most cases (there are exceptions), the end customer initiates the chargeback. They will ask their issuer to reverse the transaction, who will in turn instruct the acquirer to move the funds back. A merchant is then given a limited time frame to contest the chargeback and must adhere to the time frames given or he can not dispute. If the chargeback is not contested (in time) or acquirer does not accept the merchant’s contest, the acquirer will as per above, deduct the funds from the merchant’s account. In general, acquirers will err on the side of the end customer in case of disputes.

Card Schemes monitor all chargebacks that are processed and can fine or close down a merchant classified as high risk. High-risk merchants (typically >1% of transactions) can be subjected to fines for each chargeback that is received.

Note: CP merchants have chip & pin or signature which allows the merchant to sidestep liability, with CNP the merchant is always liable unless 3Dsecure is used. More about that later.

Most Common Chargeback Reasons

• The customer claims not to have authorized or does not recognize the transaction/Fraud
• The customer claims non-receipt of goods
• The goods or services were defective or not as described.
• The card has been used before the effective ‘start’ or ‘valid from’ date or after the card has expired
• A Merchant has failed to respond in time to a request for a copy of the transaction or a RFI
• The Merchant did not obtain an authorization code
• The card used in the transaction was not a valid card
• A refund was not processed or has not been credited to the same the Merchant account that was originally debited
How a Merchant can prevent chargebacks
• Use a clear DBA (Doing Business As) this is the second most common cause of chargeback after fraud
• Add the contact details to the Cardholders statement this can reduce the number of chargebacks by >60%
• Response to RFI in time with as much documentation/evidence as possible. If the window of opportunity is missed the Merchant forfeit’s their right to dispute a chargeback
• Obtain authorisation for the full amount of the sale declined transactions should not be split into smaller amounts
• Never process expired cards even though they may be authorized, likewise with Manual transactions as these cannot be contested
• Get signed proof of delivery
• Never allow a delivery to be redirected after shipment.

Transaction Authentication and Fraud Prevention

It is important to understand the difference between transaction authorisation and transaction authentication as this often creates confusion with merchants new to credit/debit card processing in a Card Not Present environment.

Transaction Authorisation is the process by which a merchant gains authorisation to debit an amount from a customer’s account from the bank that issued the customer’s credit card. This authorisation is based on the credit card number provided and the availability of funds in the customer’s account. When a transaction has been authorised, this means that authorisation has come from the customer’s bank to debit funds from account, but does not necessarily imply that the customer has authorised the transaction. The cardholder always has the right to dispute any charge that appears on their card statement, starting off the chargeback process.

In a cardholder present environment, the merchant can be reasonably assured that the customer has authorised the transaction because they are present with their card, and by having the customer sign the receipt or enter their secret pin number into a Chip & Pin terminal, they have valuable additional evidence with which to dispute any chargebacks.
Unfortunately, in a cardholder not present environment such as over the internet or phone, the situation is less secure. As such, merchants employ various transaction authentication measures to reduce their liability.

Anti -Fraud measures typically include pre-authorisation checks (know your customer, delivery address, delivery vs. payment address, 3DS, etc.), authorisation checks (CVN) and settlement checks (manual review before settlement).

A payment processor should at least offer the following:
1. Basis fraud scoring
2. 3DS
3. Card Security Code Checking – The card security code – known variously as the CVN, CV2, CVV2, CSC and a number of other acronyms – is a three or four-digit number present physically printed or embossed on the credit or debit card, but crucially, not present on the card’s magnetic strip. Because the CSC is not present on the card’s strip, it cannot be “hacked” from the card data if the card is compromised in the process known as card skimming. By providing the correct CSC with a transaction, the merchant can be reasonably assured that the customer actually holds the card in question. Some banks will decline transactions automatically on the basis of an unmatched CSC – but others do not, providing CSC checking as an advisory service only

3D Secure

3D Secure (3DS for short) is the generic name given to the authentication servcies that is developed by the card schemes. 3DS attempts to ensure that the payer is who he says he is by forcing the card holder to log onto their own bank’s website and enter a password.
In the UK 3D Secure is very widely accepted and does indeed fulfill an important role in reducing fraud. In other countries acceptance is much lower and can lead to loss of business.

It is also important to consider what your competitors do and how easy it is for a customer to switch to them.

3D Secure Scenarios and when you have liability shift

There are various outcomes, but this is the important part:

Note that Amex does NOT accept a shift in liability for the first category.
Apart from the scenarios above, there is also a category of transactions which is not completed: enrolment request was received, but actual verification never took place. In the majority of cases, this is because the customer decided to discontinue the process, for example, because they would not know their password or did not want to register for 3D Secure at the time. It is important that you will get statistics on this from your processor, broken out to as much detail as available.

Transactions are not automatically declined depending on the result. It is the choice of the merchant to either accept the risk or decline transactions. It is possible to devise a structure that would allow you to have different rules for different types of transactions, e.g. for specific countries or with higher values.

Note: It is also important that you have the ability to switch 3D Secure off altogether in case you see a sudden drop in authorisations, issues with the 3D Secure service, or big jumps in traffic.

Fraud Management Systems

If you experience a high level of fraud, it is advisable to consider implementing a specialised fraud management system.

Payment Optimisation

You should ensure you get statistics from your processor on your decline levels, broken down into as much detail as possible. Decline levels differ strongly, from 90% in general to 50% for gambling and even lower for some forms of finance products. You will also typically see higher decline levels the further away you go: highest in UK/Ireland, a bit lower in Western Europe, lower still in Eastern Europe/North America and considerably lower in Russia or Latin America.


A decline is not an error. That might sound obvious but sometimes is misinterpreted. A Payment Processor provides you with a range of error codes (available from our resource centre) for when things do go wrong. In these cases, the payment request did not get processed. Declines fall in three categories:

101 – Generic decline, which we will investigate further below.
102 – Referral; this is best described as an extra safety check by the issuer. For example, if you go on holidays to a faraway destination you are always advised to let your card issuer know; as it might otherwise require the merchant where you want to use your card to make a call before the purchase gets approved. Similarly you can call your acquirer to get an authorisation code if you receive a 102. On your website, you should treat these as 101 declines.
103 – Lost or Stolen cards. Never proceed with the order and never retry a card that received a 103 response. It will never get authorised.


A 101 does not always mean that the customer does not have funds in their account. You will get customers calling you to say that that they called their bank that everything is in order; there are funds, so therefore it must by you, the merchant – who is rejecting the transaction.

A Payment Processor does not reject transactions. A 101 always is a response received from the banking system, either decided by acquirer or the issuer.


There are many. Insufficient funds are a (main) reason, but not the only one. Transactions get declined because the CVN was not or incorrectly filled in (note: an incorrect CVN will have a higher chance of rejection than a missing CVN; contrary to expectation neither will always lead to decline); incorrect expiry date (you have to submit one; again an incorrect date is no guarantee for a decline).

Issuers and acquirers can have complex decline rules. As they are managing risk, they can decline transactions for certain merchants, values, countries and or combinations of these. If you are a UK based merchant taking transactions from across the world you will find decline rates lowest in the UK, and declining the further you go (Western Europe, Eastern Europe, USA, Rest to the World).

Extra Information

A Payment Processor should provide as standard a comment with authorisation code. This information is coming directly from the issuers or acquirer and is not amended by A Payment Processor. Depending on the banks involved this information is more or less informative.
You should check if your processor offers an additional code that gives more information about the reason for the decline. It is by no means a silver bullet, but it will help identifying declines that are because of insufficient funds and will also identify a number of soft and hard declines.

Soft declines are transactions that may be successful on re-attempting. Hard declines should never be re-attempted.

Recurring Payments

If you are using recurring payments, we strongly advise you to use the same customer number for each payment relating to that customer.

It is also very important to have processes in place to keep the expiry dates up to date. Too many merchants allow the cards to expire and see their declines rates go up as a result. According to PCI, you can keep the expiry date in your system. You should contact your customer before the expiry date is reached and update it. (A Payment Processor can also provide you with reports from our tokenisation database with cards that are going to expire in the coming three months; it is also possible to update the expiry date in our database via an update message so that you do not have to create a duplicate entry).

Decline Analysis

You should periodically do a decline analysis helping you to establish decline patterns on days, times, issuing country, value, etc.