Last updated at Tue, 25 Jul 2017 20:44:37 GMT

Hi Everyone,

This is our second PCI 30 sec newsletter.

One cannot move through the PCI ecosystem without basic understandings of the payment processing terminology and workflow. So let's have a look behind the scene.

The payment processing terminology

In a nutshell, the payment transaction could be depicted as follow:

We have cardholders that make payment card purchases from merchants, merchants that send payment transaction data to their acquirers, and acquirers that send payment transaction data through the payment brand network to the issuer.

  • The cardholder is the person that actually has the payment card and uses it to purchase goods or services.
  • The merchants are the organizations accepting payment.
  • The acquirer is the bank the merchant has a contractual relationship with.
  • The issuer is the organization that issued the card to the cardholder.
  • The payment brands are the credit card organization (Visa, MasterCard, Amex, Discover, JCB).

Note:

Visa and MasterCard never will issue cards. Their cards are always issued through a bank (Issuer) or other organization.  American Express, Discover, and JCB International  issue cards directly. They also acquire those transactions.

The payment processing workflow

It encompasses the following operations:

  1. Authorization
  2. Clearing
  3. Settlement

Authorization: At the time of purchase, the merchant requests and receives authorization from the issuer to allow the purchase to be conducted, and an authorization code is provided.

The process includes:

  1. The cardholder swipes or dips card at the merchant location.
  2. The merchant's bank (or acquirer) asks processor to determine the cardholder's bank (or issuer).
  3. The processing network determines the cardholder's bank and requests approval for purchase.
  4. The cardholder's bank approves the purchase.
  5. The processor sends approval to merchant's bank.
  6. The merchant's bank sends approval to the merchant.
  7. The cardholder completes the purchase and receives a receipt.

Clearing: In the Clearing process, the acquirer and issuer need to exchange purchase information to complete the transaction.The process includes:

  1. The merchant's bank sends purchase information to the processor network
  2. The processor sends purchase information to the cardholder's bank, which prepares data for the cardholder's statement
  3. The processor provides complete reconciliation to the merchant's bank

Settlement : The merchant's bank pays the merchant for the cardholder purchase and the cardholder's bank bills the cardholder.This process includes:

  1. Cardholder's bank (Issuer) sends payment to the processor.
  2. The processor's settlement bank sends payment to the merchant's bank (Acquirer).
  3. Merchant's bank pays the merchant for cardholder's purchase.
  4. Cardholder's bank bills the cardholder.

That's all for today folks.

Cheers

Didier Godart
Risk Product Manager
Rapid7
didier_godart@rapid7.com
32498.78.77.44
Moderator PCI ASV voice on LinkedIn