Credit Card Payment Processing Life Cycles

The following chain of interactions illustrates the credit card payment processing life cycle for MasterCard and Visa transactions, both in card-present and in card-not-present environment. Processing interactions and activities can vary slightly for any given retailer, merchant bank, or card issuer, based on factors including card and transaction type, as well as the type of payment processing system used.

Credit Card Payment Processing Life Cycles

Following are the stages of the bank card transaction process:

1. The customer presents a bank card for payment for purchases. In a card-not-present environment, the consumer provides the retailer with the card number, expiration date, billing address, and card security code.
2. The retailer swipes the card, key-enters the transaction amount, and submits an authorization request to the acquiring bank. For card-not-present settings, the account number and other data may be digitally-entered.
3. The acquiring bank electronically routes the authorization request on to MasterCard's or Visa's payment system.
4. The Association (Visa or MasterCard) routes on the request to the issuer.
5. The issuer approves or rejects the transaction authorization.
6. The Association routes the issuer's authorization response to the acquiring bank.
7. The acquirer forwards the response to the retailer.
8. The retailer receives the authorization decision and completes the payment accordingly.
9. The retailer deposits the sale's receipt with the acquiring bank.
10. The acquirer funds the retailer's account and electronically sends the transaction to Visa or MasterCard for settlement.
11. At this point the Association either:
    • Facilitates the settlement or
    • Pays the acquiring bank and debits the issuer's account, then immediately sends the transaction to the issuer.
12. The card issuer now:
    • Posts the payment to the cardholder's account and
    • Sends the monthly credit card statement to their customer.
13. The cardholder receives the statement and makes a payment.

Retailers or their agents that collect, save, process, or transmit transaction information are not permitted to store sensitive authentication data (contained in the card's magnetic stripe or chip). Card security codes (CVV2, CVC 2 and CID), or PIN Verification Value (PVV), even in cases when it is encrypted. Once an authorization is processed and a decision is received, whether an approval or rejection, such information must no longer be on file. The only details of the magnetic stripe that are allowed to be stored are customer name, 16-digit account number, and expiration date. This requirement applies to both face-to-face and non-face-to-face types of operations.