An overview of the different participants in the payments process.
This is you. You must have a Merchant Services Agreement with an acquiring bank with which a Payment Processor is certified as a Payment Services Provider. Also, the merchant will require the technical infrastructure to allow them to connect to the A Payment Processor Service.
A merchant will require the technical infrastructure to allow them to connect to a Payment Processor Service. That technical infrastructure may be in-house, but frequently merchants will be using third-party software or services.
The integration with a third party is driven by merchant/customer demands on a case by case basis, but no contractual arrangement (other than an NDA) exists between A Payment Processor and the third parties. A Payment Processor employs a co-operative strategy with the third parties who enable the technology between A Payment Processor and its merchant base.
Because of its large client base, A Payment Processor has much existing integration with third parties such as shopping carts, industry platforms, IVR solutions, etc. We can provide you with overviews of these on request.
It should also be considered integrating your payment solution with your business system. By merging payment processing with business solutions merchants can automate payment reconciliation with accounting, logistics, etc., cutting down on data entry and eliminating human error.
To process card payments a merchant needs access to acquirer’s systems. Acquirers will however not let anyone simply connect to them; it is necessary to go through a certification process. This process does not only cover the sending of real-time requests (such as authorisation request which check if the cardholder has sufficient balance on their card) but also the submitting of daily batch files (settlement files) which instructs acquirer to move funds from the cardholder’s account to the merchant’s account.
The process of certification is complex, time consuming and expensive: they take on average 3 months. And as rules continuously change or new services are developed, there are regular re-certifications required.
As this is simply not possible for a merchant, a gateway does this for them. Not only can the merchant take advantage of the scale of the gateway (spreading the certification cost), gateways will typically also certify in multiple acquirers. As the biggest cost in card processing sits normally with the acquirer, this provides the merchant with an opportunity to switch acquirer without having to do a new integration via a technology enabler.
In the Card Not Present space, the Payment Processor is the dominant player in the Irish market. In the UK, thanks to a combination of direct sales and white label solutions provided under the Global Payments and Elavon brands, A Payment Processor is also one of the leading providers.
What is acquiring?
- Acquiring is a risk-based business provided to merchants enabling them to accept plastic cards through various channels
- Provides Value-Added Features (VAS) -Gift Card, Electronic Bill Payment, DCC – that generate/share additional merchant revenue
- Authorisation, clearing and settlement (ACS) of international credit, charge and debit cards both domestically and globally
- Acquiring covers Point of Sale (POS) and Card Not Present (CNP) transactions, also in some nations ATM
- Provides Operational services to support processing of cards efficiently and smoothly
- Meets merchants’ needs to accept a form of electronic guaranteed payment for goods/services
It is important to distinguish between your acquiring bank and the bank with whom you have your account. In most cases, they are not the same. Elavon, First Data Merchant Services, Global Payment, and WorldPay are all independent acquirers. But even AIB Merchant Services is a separate organisation compared to AIB Bank (and is actually owned 51% by First Data). You can – for example – use Elavon as the acquirer and have your bank account with Bank of Ireland (although not every acquirer works with every bank).
An acquiring bank (or acquirer) is a bank or financial institution that processes credit or debit card payments on behalf of a merchant. The term acquirer indicates that the bank accepts or acquires card payments from the card-issuing banks within an association. The best-known (credit) card associations are Visa, MasterCard, Discover, American Express, Diners Club, Japan Credit Bureau and China UnionPay.
An acquiring bank enters into a contract with a merchant and offers it a merchant account called a Merchant Services Agreement. The arrangement provides the merchant with a line of credit. Under the agreement, acquiring bank exchanges funds with issuing banks on behalf of the merchant, and pays the merchant for its daily payment-card activities. The acquirer will provide the merchant with a MID (Merchant ID). Each MID is linked to one bank account (but multiple MIDs can be linked to the same bank account). You might need multiple MID because you will need to distinguish between transaction types (the fee you pay to acquirer will differ per type, more about that later).
- Card Present: A Card Present (or Retail) transaction is one where the debit/credit card used is physically in the presence of the merchant. These types of transactions would normally be processed using a physical terminal supplied to the merchant by their acquiring bank and would be accompanied by chip & pin technology. The merchant would usually be able to avail of a much lower per-transaction rate from the bank as the risk associated with card-present transactions would generally be perceived to be much lower than in other environments. A Payment Processor does not provide support for Card Present transactions. A merchant cannot process through Realex using a MID reserved for card-present transactions
- MOTO: Mail Order/Telephone Order transactions are a type of Card Not Present transaction. The card details are provided to the merchant via mail or by phone. A merchant may use a MOTO MID for processing transactions via the Online Terminal or the Virtual Terminal (or for their own, remotely integrated MOTO system) but may not use this for E-Commerce transactions
- ECOM: E-Commerce transactions are another type of Card Not Present transaction. In this case, the application is for E-Commerce transactions – where customers enter their own card details via a website, without the intervention of the merchant. E-Commerce transactions would generally be considered to be high risk (relative to card-present transactions) and so carry a high per-transaction rate from acquiring bank. E-Comm MIDs can be used to process MOTO transactions – however, if the customer intends on processing a large volume of MOTO transactions, they may be better off applying for a separate mid (which may come with a better per transaction rate from the bank)
- Recurring: Recurring transactions are transactions where the merchant charges his customer on a regular basis, e.g. for membership or subscription. Repeat business where the customer regularly buys from the same merchant, is not recurring business, however. There are different rules per acquirer, but most acquirers require the first transaction of the series to be treated as a standard transaction and do require recurring transactions to be flagged as such. In most cases, you will be able to avail of better rates for recurring transactions as they are considered less risky.
Acquiring banks accept the risk that the merchant will remain solvent. The main source of risk to acquiring a bank is fund reversals. These can be voluntary refunds from the merchant to the cardholder or chargebacks. Due to the high amount of risk acquiring banks are subject to, it is them who will be responsible for ensuring the merchant is PCI compliant, will require security checks such as 3Dsecure, and will often require minimum balances to be kept in the merchant account.
Most acquirers also work with a Merchant Category Code. This is a four-digit number that classifies your business by the type of product or service it sells. This code also can have an influence on the rates you pay and might mean that additional rules get applied. E.g. for MCC 6012 merchants are required to send in additional information with their authorisation requests.
The main acquirers in the UK and Ireland are AIB MS, Elavon, EVO Payments, WorldPay, Barclays, First Data MS, Global Payments, Lloyds. Of not are also EMS Card and Amex.
A Payment Processor enables eCommerce merchants to process card payments with acquiring banks. Acquiring banks themselves are members of Card schemes, who regulate acquiring and issuing side of the business. The schemes are broken into two areas, debit and credit card schemes.
A Payment Processor is not a member of the VISA or MasterCard schemes but can act as an agent to process VISA and MasterCard transactions into scheme members i.e. acquiring banks. However, a Payment Processor is still required to comply with the regulatory environment i.e. the Payment Card Industry – Data Security Standard (PCI-DSS). The standard is aimed at protecting the card schemes brand by ensuring that any entities that process or store card data are following security guidelines as laid out under PCI. But more about that later.
Card Schemes are the owners of a payment scheme, into which a bank or any other eligible financial institution can become a member. By becoming a member of the scheme, the member then gets the possibility to issue or acquire the transactions performed within the scheme.
In Europe, the introduction of the Single Euro Payments Area has brought big changes. SEPA stands for the Single European Payments Area. The intention is to harmonise bank systems throughout the Eurozone so as to make cross-border payments easier and eventually to facilitate Eurozone banking from a single account in any one country. The Card Payments Directive provides for legislation to be enacted in all the EU countries in order to facilitate Eurozone banking. No national debit card scheme will operate in one country – a national debit card scheme must exist throughout the Eurozone or not at all. This is why schemes such as Laser, Switch, and Solo have disappeared and VISA and MasterCard have introduced their own debit cards. In some countries, local debit schemes still exist, but these tend to be “co-branded” with either VISA or MasterCard.
Not all acquirers support all card schemes. VISA and MasterCard are always covered, for example, AMEX is often not available via acquirer. In such cases, the merchant will have to get a Merchant Services Agreement directly with the scheme.
A card issuer is a bank or credit union that offers credit or debit cards. The card issuer makes the credit limit available (where applicable) to cardholders and is responsible for sending payments to merchants for purchases made with cards from that bank.
Data Protection Regulator
There is another regulator to which all participants must comply, the national data protection legislation. Because A Payment Processor stores customer data, they are classified by the Irish Data Protection Commissioner as a Data Processor. Many merchants are Data Controllers. A Payment Processor can give you advice on the main areas you would have to look into.