Credit Card Processing Flow

In the cloud world, setting up an on-line shop is one of the core business activities. Recently there were many cloud applications like Zoura, Magento, etc. Setting up an on-line store and connecting it with a payment gateway/processor has become easy now. There are many providers provide API to integrate payment gateway/processor to our on-line shop. Some of the providers are

• PayPal,
  
• Merchante Solutions,
• Authorise.net
• CyberSource
• ChasePaymentTech
• Paymentonline
• Zoura
• CCAvenue
  

The payment may be one time payment or recurring payment. The payment process is happening in two steps Purchase Authorization and Settlement

Purchase Authorization Process

In the Authorization process, the users' credit card validity is checked in addition to the availability of fund in the credit card. The following are the steps.

1. Customers will add the product to the cart in the online shop and checkout.
2. He will provide the credit card details and proceed to checkout.
3. The transaction will be send to the payment gateway by the Merchant's shop.
4. The Payment gateway route it to the Processor.
   
5. The Processor will send the transaction details to the Issuing bank (Visa/Master/AMEX) and validate the card details and check the availability of funds.
6. The issuing bank returns the Transaction result to the Processor.
7. The processor routes the result to the Gateway and from there the result is sent to the Merchant's shop to proceed for the further action (shipping of goods or decline message).

Capture and Settle Flow

In the Settlement process, the issuing bank will settle the amount to the merchant's bank.

1. Merchant request the payment gateway for the settlement of the transaction.
2. The gateway sends the request to the processor.
3. The Processor sends settlement payment details to Customer's credit card Issuing Bank; at the same time the Processor sends payment details to Merchant's Acquiring Bank.
4. The Issuing Bank includes the Merchant's charge on the Customer's credit card statement while the Acquiring Bank credit's the Merchant's account
   

Fraud Transaction

In many online shops, the big challenge is the fraud transactions. Even if we have the secured websites (SSL Certificate enabled), there will be many fraud transactions happen. To minimize this, we can enable the AVS (Address Verification Service) check enabled. In AVS check, the address mapped to the card also will be validated. In addition, we can check the Card Security Code (CVV2 for Visa and CVVC for Master and CID for AMEX). This is one of the good check against fraud. In the store this field should not be shown (show it as password ***).

PCI Compliance

The store should be PCI compliant to do online transaction. There are Four levels in the PCI for merchants.

Level 1: Visa/MasterCard transactions totaling 6 million or more per year. This level also includes anyone who has been caught with a data security breach.

Level 2: Transaction levels between 1 million and 6 million.

Level 3: E-commerce transaction levels between 20k and 1 million.

Level 4: E-commerce transaction levels up to 20k. This includes all merchants processing 1 million transactions per year, regardless of what channel they are in.

We have to scan the servers through approved vendors and we have to submit the Assessment Questionnaire, which may be self or by the approved vendors based on the level.

Online shop should not store the credit card. If you want to store the card details, you must have a higher level of PCI compliance with the scanning of servers with physical periodic auditing by approved vendors.

Saravanan