axis payroll Year End Updates are now available »

Credit & Debit Card Processing for Beginners

Many companies that have traditionally dealt with account customers are now increasingly moving towards accepting payments by credit and debit cards. The reasons may vary but typically include;

  • improved cash flow means that it is possible to offer more competitive rates to trade customers
  • less credit control overheads
  • less risk
  • growing markets, potentially reached through an eCommerce-enabled web site, means new customers, and payment by card can avoid the need to open credit accounts, speeding up the supply of the first order
  • increasing numbers of smaller businesses are finding it hard to pass the level of credit checks necessary to get trade accounts
  • businesses are moving from trade-only to a combination of trade and retail

Whatever the reasons, moving into card payment processing for the first time can involve a daunting range of new terminology.

Acquiring Bank

When you wish to begin accepting payment cards, you will sign up for an account with an Acquiring Bank, who will collect the funds on your behalf. Acquiring banks and their "brands" include, for example, Lloyds CardNet and NatWest Streamline.

Issuing Bank

The Issuing Bank is the bank that issued the credit card to your customer.

Merchant Account

When you sign up with an Acquiring Bank, your account is called a Merchant Account and you are referred to as the Merchant.

Transaction Types

When the customer is stood in front of you and physically hands over their card, this is a Customer Present or Point of Sale transaction. Since the advent of Chip and Pin, this is almost always processed through a Payment Terminal, although these are often referred to as PDQ Machines, but this is a brand name and so is akin to referring to a vacuum cleaner as a hoover.

When the customer is not stood in front of you (i.e. you do not physically see the card) then this is a Customer Not Present transaction, often abbreviated to CNP.

CNP transactions fall into two types - those originating via the Internet are called eCommerce transactions whilst all other CNP transactions are called MOTO transactions. MOTO stands for Mail Order/Telephone Order.

Payment Service Providers

It is not possible for ordinary companies to interface their IT systems to those of the Acquiring Banks. When you want your software systems to collect payment details and pass them on to your Acquiring Bank to collect the funds, you must go through an intermediary. These intermediaries are called Payment Service Providers, or PSPs.

Latest information on the PSPs supported by axis diplomat and/or axis vMerchant can be found on the Payment Service Provider PSP Interfaces module overview.

How Do PSPs Work?

As far as your Acquiring Bank is concerned, the PSP is emulating a Payment Terminal (or PDQ machine). The card details are collected by the PSP. The PSP sends the details, including transaction details, such as the total amount, to the Acquiring Bank and receives either Approved or Declined, and passes these details back to your own IT system.

Authorised and Paid Transactions

When your PSP contacts your Acquiring Bank with the details of a transaction, it can do one of two things - it can Authorise the transaction or it can collect the funds with a Payment transaction. Authorised transactions do not result in the transfer of funds, but are merely a check on the validity of the card details supplied, and that the customer has sufficient funds available. It does result in a "shadow" being placed on the available funds for the amount being authorised. For example, if a customer has £1250 of credit available and you authorise a £400 transaction then his available credit drops to £850.

When you ship the goods against an authorised transaction, your software will then contact the PSP to arrange collection of the funds at that point.

A credit limit "shadow" will last for a varying length of time, depending on the issuing bank. Typically this is around 10 days.

How Secure Is It?

In order to be allowed to communicate with the Acquiring Banks, a PSP's own systems must be incredibly secure. Once your PSP has collected the information from the shopper, or your telesales operator, the PSP will return a unique reference so that your systems do not need to know the card details, only the PSPs reference number. This eliminates the need to hold customer's card details on your own system.


When you are interacting with a secure web site, it's address will begin https:// instead of http:// and the web browser will show a padlock icon (where exactly will depend on the browser - browsers such as the later versions of Internet Explorer, Firefox and Google Chrome show the padlock in the top right corner, at the end of the address bar, earlier browsers showed it in the lower right corner).

The ability to secure a web site in this way is provided by having an SSL Certificate installed on the web server that confirms the identity of the web site owner (or publisher).

Not all SSL Certificates are the same, however - some are more secure than others. This is not a feature of the technology behind the certificate itself so much as the processes the owner had to go through in order to obtain the certificate (in other words, the application process is more rigorous for some certificates than others). Newer browsers identify the more secure SSL certificates by changing the colour of the address bar. These newer more secure certificates are known as EV SSL.

The level of certificate security that is appropriate to your business may well be governed more by the expectations of your customers than by the realities of the security of the site. In other words, your customers may begin demanding the highest level of SSL security so that they know you are who you say you are. This will be particularly true of businesses that rely on passing trade (e.g. people finding the site via search engines) rather than regular loyal customers.

3D Secure

In order to address merchants concerns over card security, two schemes have been introduced by the card issuers - one by MasterCard, called MasterCard SecureCode and one by Visa called Verified by Visa. Collectively, these are known as 3D Secure. These schemes work at the checkout pages of a web site by taking the shopper to an extra page that is supplied by their own issuing bank, which asks them for details that supposedly only the true owner could know.

From the merchant's point of view, the advantage of 3D Secure is that you can be more sure that the person placing an order is who they say they are since they have been through that additional verification process. Generally, if a transaction has been verified by 3D Secure and subsequently proves fraudulent then the issuing bank will accept liability. If a fraudulent transaction had not been verified by 3D Secure then the merchant must accept liability. Since 3D Secure only applies to eCommerce transactions, this means that web transactions can have a lower risk than MOTO transactions.

How Much Does It All Cost?

Your Acquiring Bank will have negotiated a rate with you, which will typically be a fixed fee for processing debit cards and a percentage rate for processing credit cards. The rate will be based on their assessment of the number of transactions you are likely to process (generally speaking, the more you put through, the cheaper each transaction gets), the perceived risk of your transactions and your own credit rating. Expect to pay in the region of 2.5% for processing a MOTO credit card transaction.

When you process payments via a PSP, you still pay the usual transaction charges to your Acquiring Bank but, in addition, the PSP will make a handling charge on the transaction as well. This will normally be a flat charge (typically around 10p) per transaction, regardless of whether it is a credit card or a debit card but expect a flat monthly fee if your transaction levels are low (typically around £20 per month).


Call Back
This site uses cookies. By continuing to access this site you are accepting the use of cookies by this site.
Read more about cookies...

Cookies are small text files stored on your device when you access most websites on the internet.

This Website uses cookies in order to make the Website easier to use, to support the provision of information and functionality to you, as well as to provide us with information about how the Website is used so that we can make sure it is as up to date, relevant and error free as far as we can. Further information about the types of cookies that are used on this Website is set out in the box below.

By using this Website you agree to our use of cookies. You can choose to restrict or block cookies set on the Website through your browser settings at any time. For more information about how to do this, and about cookies in general, you can visit Please note that certain cookies may be set as soon as you visit the Website, but you can remove them using your browser settings.

However, please be aware that restricting or blocking cookies set on the Website may impact the functionality or performance of the Website, or prevent you from using certain services provided through the Website. It will also affect our ability to update the Website to cater for user preferences and improve performance.

We don’t sell the information collected by cookies, nor do we disclose the information to third parties, except where required by law (for example to law enforcement agencies).

We may sometimes embed content from 3rd party websites such as YouTube. As a result, when you visit a page containing such content, you may be presented with cookies from these websites. We do not control the dissemination of these cookies and you should check the relevant third party's website for more information.

Cookies We Use

Cookie Description
CookieConfirm The presence of this cookie is used to remember the fact that you have confirmed that you are happy to accept cookies
ASPSESSIONIDxxxxxxxx This is a Session Cookie (session cookies are temporary and are erased when you close your browser). It identifies you from one page to the next and is used, for example, to keep track of your logged-in status.
UserID, account, password These cookies are used to remember your login credentials for when you next visit our website. They are only created if you choose the “Remember Me” option on the login page.
_utma, _utmb, _utmc, _utmz These are cookies created by Google Analytics and are used to provide us information on which web pages are the most popular, and the most popular search terms used by visitors arriving at our site.