The Lifecycle of a Credit Card Payment

Editor’s Note: This blog entry was originally published on August 1, 2018, and was updated on June 9, 2020.

It sounds easy - a consumer hands a credit card to a merchant and buys a product or service. The money is debited from the customer’s account and credited to the merchant’s account.

It happens millions of times each day. But how? Who plays what role in the business behind the curtain?

This blog demonstrates the “magic” behind the credit card transaction process. In this post and accompanying infographic, you’ll see the role Global Payments Integrated plays in the credit card transaction lifecycle. This includes the payment application provider, the (front-end) processor, and transaction gateway. Our parent company, Global Payments, Inc., serves as the back-end processor and works directly with the card brands.

And remember – this all happens in a matter of a few seconds.

Who is Involved in a Credit Card Transaction?

There are numerous parties involved in the credit card transaction process flow, including:

  • The customer who presents their credit card for payment when buying goods or services
  • The merchant who sells the goods or services
  • The merchant’s bank who transmits the credit card transaction to be approved
  • The payment processor who processes the credit card transaction
  • The credit card issuer, which includes banks, credit unions, and other financial institutions that issue credit cards
  • The card brand, such as American Express, Discover, MasterCard, or Visa

The Credit Card Transaction Process

These 10 steps show the credit card transaction process:

1. The customer initiates a purchase

The credit card transaction process begins when the customer presents their credit card for payment. They may swipe or insert their credit card, or simply tap if they have EMV contactless capabilities.

2. The merchant requests authorization after processing the card information

From here, the merchant’s bank processes the card information and then requests authorization from the appropriate credit card network, such as American Express, Discover, MasterCard, or Visa.

3. The payment gateway routes card information to the processor

The credit card issuer authorizes the transaction by sending back a unique code. If the credit card is declined, the customer will get a message at the point of sale.

4. The processor, Global Payments, Inc., submits an authorization request to the credit card association

Next, Global Payments, Inc. submits an authorization request, which includes the credit card details and transaction details to the credit card association.

5. The card brand submits an authorization request to the issuing bank

An authorization request is sent from the card brand to the issuing bank and includes the credit card number, card expiration date, billing address, card security code, and the payment amount. 

6. The issuing bank approves the authorization request

Once received, the issuing bank reviews the request and either approves or denies the transaction. A response is sent to the merchant via the same channels.

7. The card brand routes the authorization to the acquiring bank

If the transaction is approved, the merchant receives an authorization and the issuing banks place a hold for the amount of the purchase on the customer’s account.

8. The acquiring bank forwards the authorization to the merchant

From here, the acquiring bank forwards the authorization to the merchant’s POS terminal, which then collects and processes all approved transactions.

9. The merchant accepts the transaction and completes the purchase

The transaction is accepted by the merchant and the customer’s purchase can be completed.

10. The customer receives the purchased goods or services

Finally, the customer receives their goods or services. Within the next month, the customer will receive the bill from their credit card issuer for any changes they have made.


Lifecycle of a Credit Card Payment


Credit Card Transactions and PCI Compliance

With every credit card transaction that takes place, it’s important that customers’ sensitive information is protected. For ISVs who provide software solutions to merchants, this means that all products must be PCI compliant. This ensures the security of credit card transactions.

The PCI data security standards for the payment card industry are the minimum criteria merchants should strive for in order to avoid data breaches. There are 12 PCI DSS requirements, which detail proper methods for storing credit card numbers and beyond.

What Happens When a Credit Card Transaction Gets Declined?

A declined credit card transaction can be caused by many factors, including:

  • Insufficient funds
  • Incorrect credit card information
  • International charges
  • Technical issues experienced by the credit card company or issuing bank
  • Fraud prevention measures (i.e.: if a customer makes multiple purchases that seem unusual)

If you provide payment processing capabilities through your software solution for your merchants, it’s important to have an efficient solution to ensure your merchants’ business isn’t affected by declined transactions.

With Global Payments Integrated, our automated system of updating expired or outdated card information saves your merchants the time, effort and expense of tracking down the information manually. In addition, our Decline Minimizer solution proactively retrieves card update information from major card brands and makes it available to your customers, greatly reducing payment declines of card-on-file transactions.

Contact us today for more information on our payment solutions and how we can make your software stronger, safer, and more secure.