blog

Credit Card Payment Processing: What You Need To Know

Posted July 20, 2022 by Jennifer G

The act of paying for something with a credit card is seamless. First, swipe or insert a card into a machine. Then, wait for the authorization to happen. Lastly, sign off on the purchase, if needed. All of this happens in a few seconds.

However, a lot goes on behind the scenes while you’re waiting for that quick authorization! We’ll discuss what happens when you enter your card, in addition to the security measures that are in place to protect your data long after you make a purchase.

Who takes part in the credit card payment process?

The players involved in the payment process include:

Cardholder: This is the customer that presents their card for payment of goods or services.

Issuer: The issuer (or “issuing bank”) provides the cardholder with their credit and a physical card. They are responsible for approving and declining transactions, customer billing, and collections.

Merchant: This is the business that sells goods or services.

Merchant Account: This is a type of bank account that allows businesses to accept credit, debit, and mobile payments. 

Acquirer: An acquirer (or “acquiring bank”) solicits, underwrites, and owns the accounts merchants need to accept credit cards. They can provide the technology permitting businesses to process transactions, take on chargeback risk, and deposit funds into a merchant’s bank account.

Payment Processor: Payment processors are organizations that partner with acquirers to open merchant accounts, handle support, manage payment processing, and build technology on behalf of acquirers.

Facilitating the payment process

Credit Card Machines

First, a credit card reader or terminal is needed. Today, there are various credit card machines available that can cater to any processing environment. 

Popular devices include point-of-sale (POS) terminals, which support credit cards with magnetic stripes and chips. Some are magnetic stripe (“magstripe”) only, in addition to devices specially made for an unattended or kiosk type of environment.

Near-field communication (NFC) readers are payment terminals that allow tap-to-pay capabilities for contactless credit cards and mobile wallets. 

Payment Methods

The payment transaction starts when the cardholder presents one of the following:

EMV chip card: A payment card containing a computer chip that can validate personal identification numbers (PINs), authorize purchases, verify account balances, and store personal records. Chip cards facilitate EMV® payment processing throughout Europe and the US.

Contactless card: A credit or debit card that does not require physical contact between the card and the credit card machine.

Digital wallet: Digital wallets store a cardholder’s payment information on a mobile app or smartphone device, enabling payment to happen without a physical credit card. Examples include Samsung Pay®, Apple Pay®, Google PayTM, and Fitbit PayTM.  

How does credit card processing work?

Once the card is entered into or “tapped” on the credit card machine, the authorization begins. Authorization is the process where the issuer approves or declines a transaction. Merchants use it to ensure customers have sufficient funds available when they purchase something.  

  1. The credit card information enters a payment gateway, which serves as a connector between the merchant and a payment processor (like Global Payments). 
  2. The payment processor will take this information and send it to the card brand (such as Visa or Mastercard). 
  3. The card brand sends this information to the issuer.

When the issuer receives the cardholder’s information, authentication begins.

  1. The issuer will verify that the cardholder has sufficient funds in the credit line to approve the transaction. 
  2. They may also check the card verification value (CVV) and ensure the billing address matches what is on file to prevent fraud.
  3. If the transaction is approved, the merchant receives authorization, and the issuer places a hold for the amount of the purchase on the customer’s account. The card reader or POS terminal should see a message that says, “Approved.”
  4. The merchant gives the cardholder a receipt at the end of the sale.

At this point, the payment verification process is complete.

How long does a credit card payment take to process?

Payment verification only takes a few seconds at the point of sale. Then, the payment process continues behind the scenes with the settlement process.

  1. Merchants send all approved transactions to the acquirer at the end of the day. This group of transactions is called a batch.
  2. The payment processor routes the batch to the card branch for settlement.
  3. The card brand forwards the transactions to the issuer.
  4. The issuer transfers the funds to the acquirer, and in the process, takes an interchange. Card brands set the interchange fee, and the acquirer is responsible for paying this fee to the issuer.
  5. The acquirer credits the merchant’s account with the approved transactions.
  6. The issuer posts the transaction on the cardholder’s account. The cardholder will be responsible for settling their debt at the end of their billing cycle.

Payment processing times vary, but on average, it takes one to three days. Additionally, batches sent during the weekend or a bank holiday get processed on the next business day.

How does a refund on a credit card work?

Even if a transaction is approved, a cardholder can dispute it for a refund post-purchase. These disputes are called chargebacks. The main reasons for chargebacks include fraud, receiving faulty goods or services, and technical errors, such as double charges. A successful chargeback would mean the return of funds to the cardholder. 

Check out our chargebacks guide for more information.

How do online payment methods stay secure?

The card payment industry has standards in place to protect cardholder information should a security breach occur. The Payment Card Industry Data Security Standard (PCI-DSS) lays out the minimum security features needed to limit the chances of compromised data.  

Encryption is one way to protect cardholder data. With laws becoming more stringent over time, in addition to increasing cybersecurity threats, encryption uses a numeric binary code to shield sensitive data such as the cardholder’s name, account number, expiration date, and service code. The more random the encryption code is, the more difficult it is for hackers to gain access.

Tokenization is another way of protecting cardholder data, particularly the cardholder’s account number. During an online transmission, a token replaces the account number with a unique string of characters. Tokenization differs from encryption in that each token is original and can apply only to a specific merchant and cardholder.  

Finding the best payment processor

Now that you understand how complex the payment process can be, it’s essential to choose a processor that will enhance your business.

A reliable payment processor will integrate with your software to provide a seamless checkout and bookkeeping experience for your clients. Additionally, they will enhance cardholder data protection by helping you and your customers stay PCI compliant, ensuring secure payments every time.

Contact us to learn how our solution can benefit your business and add value to your software.


EMV® is a registered trademark or trademark of EMVCo LLC in the United States and other countries. www.emvco.com.

Apple Pay® is a trademark of Apple, Inc. All trademarks contained herein are the sole and exclusive property of their respective owners.

Google PayTM is a trademark of Google, Inc.  All trademarks contained herein are the sole and exclusive property of their respective owners. Any such use of those marks without the express written permission of their owner is prohibited.

Samsung Pay® is a registered trademark of Samsung Electronics Co., Ltd.

FitBit PayTM is a registered trademark of Fitbit, Inc. and/or its affiliates in the United States and other countries.

Originally published at https://www.globalpaymentsintegrated.com.

Posted in: Dental Practice Management Software, Dental Software, Dental Technology, Dental Web-based Solutions, Leave a comment/ No Comments »
Tagged : ,,,,,

Strengthen your Risk Management Plan Today

Posted January 31, 2017 by Alexa S.

Risk Management Quote

As individuals, society, and organizations, we take risks regularly as a necessary step to grow and develop. Forecasting and evaluating what is needed to incorporate risk management and minimize negative impact is not something that everyone or every organization takes time to focus on. It is important to make sure that your dental practice has adequate tools to combat threats and ensure security. Your business must evolve and adapt to ensure it is minimizing risks while maximizing growth potential. However, risk management is not always a one size fits all solution.

As we continue through our risk management series, there are three important areas where XLDent can help you strengthen your risk management plan today.

Offsite Backup Storage

How frequently are you backing up your patient and practice data? Are you making sure your backup system is secure and HIPAA compliant? With XLBackup, you have a managed, fully automated, online, off-site, data protection service that can help you keep a potentially serious business risk under control. By using XLBackup, you enable your dental practice to quickly restore lost files, images and critical data to get your practice up and running in a disaster recovery situation. Let’s break down the important considerations in a backup solution.

  • Managed service: The XLBackup service includes professional management of your back up solution. This includes storage management and optimization, data integrity and verification checks, and annual disaster recovery fire drills.
  • HIPAA Secure: Incorporates critical secure elements such as HIPAA compliant encryption technology, storage in multiple data centers and Federal Information Processing Standards.
  • Automatic Data Healing: This automated process runs in the remote data center, performs in the background, and scans the entire storage to ensure data integrity by checking data blocks and comparing digital signatures for inconsistencies.
  • Data De-Duplication: Essentially, you won’t have multiple copies of everything causing a headache in a recovery situation. Data is compared based on its content to the appropriate repository and a pointer is used to point from the data’s original location to the library location.
  • Local Storage: Backup on a local device so immediate restoration at LAN speed can occur.

XLBackup is compatible with all Dental Practice Management and Image Management solutions. It is an absolutely necessary component of your electronic dental records risk management.

SecureMail – HIPAA Compliant Email

Need to send sensitive patient information via email? Don’t risk PHI by sending with just any email client or service. With SecureMail, you’ll be able to send information and file attachments that are protected from accidental exposure and data theft. At the same time, SecureMail ensures compliance, guards your reputation, builds customer trust, and reduces business process cost. It also includes the added security of being able to track and confirm sent, received and open emails. SecureMail is a cost effective, cloud-based service that is available to any practice, regardless of dental practice management system.

Credit Card Processing

Credit and debit transactions that use EMV technology are an important milestone in managing risk in card payment transactions. Point-to-point encryption (P2PE) combines secure devices, applications and processes to encrypt data throughout the transaction, making it an integral part of your card payment solution. XLCharge not only makes it easy with integrated payment processes right inside the XLDent practice management software, but also offers you a level of security you can depend on.

These are just a handful of ways your technology choices guide you in developing a viable risk management plan. Let XLDent take some of the stress out of your risk management.

Posted in: Dental Practice Management Software, Dental Technology, Leave a comment/ No Comments »
Tagged : ,,,,,,,