Given the fact that you are reading this article online, chances are that you would have shopped online and made a payment online as well. You could have shopped online on a website or app and paid using a debit or credit card, wallet, netbanking or UPI.
Of course, we hope that the payment processes have been smooth ones. But have you ever wondered what happens behind the scenes when you make an online payment?
Well, wonder no more. This is the story of what happens when you pay online using a card – either a debit card or credit card.
By the way, in my previous blog, I wrote about the evolution of cards. You might want to read that one as well.
Coming back to this one, I have spent over a year working at Razorpay and realized that people are shopping and making payments online but have limited insights on how the entire system works. If you are interested in learning more, keep reading.
Here are three reasons why you should read this article:
- Reason to flaunt – If you know how the card payment system works in an online setup, you can flaunt it to others!
- Appreciate how a system so complex works trustfully and seamlessly most of the time for you!
- Reaching out to the right person or authority in the time of need. You’ll understand this by the end of this article.
How to Apply for an SBI ATM Card? – Types, Fees & Charges
First things first, you should know the who’s who in the online payment ecosystem:
- Consumer – Any individual who is making a payment online. Also called the ‘cardholder’ in the Banking & Financial Services Industry
- Merchant – Any business that sells goods or services online and has facility or means to process card payments online. Usually, this is a website or mobile application where customers shop
- Issuing Bank – Any bank that issues a debit or credit card to their customers. Most banks would display their name, logo and contact information on their cards
- Acquiring Bank – Any bank that has the obligation with a merchant to process their online card payments. In cases of successful transactions, money is deducted from a customer’s account by the issuing bank and then subsequently transferred to an acquiring bank
- Card Network – Often called ‘Card brands’ or ‘Card schemes’; these are companies that connect the issuing bank and acquiring bank to facilitate an online payment. Rupay, Visa, MasterCard or Amex are examples of this. Your card generally has their logo too
- Payment Processor – Companies such as Razorpay that provide simple and effective solutions to merchants and enable them to accept payments online. A payment processor adds value by being a single point of contact for merchants and several third-party banks and processing online payment transactions with better success rates
- Payment Gateway – This is the technology that processes your online card payments. This is usually owned by a bank, in most cases, the acquiring bank. Think of this like a counter or window in a traditional banking setup that is exclusive for online payments. Just like an offline banking transaction, protocols are followed here as well to verify payment requests. Every payment gateway is connected via card networks. Every bank has its own payment gateway and these vary in success rates to process an online payment depending on various factors
- 3DS Transaction – Card payment transactions are also called 3DS transaction i.e. 3 Domain Secure Transaction. The reason why it is called 3 Domain is because 3 major players are involved in processing the payment from customers to merchants namely the Issuing Bank, the Acquiring Bank, and the Card Network
[bctt tweet=”Did you know that the very first digit of your card represents the card network? Number 3 is for Amex, 4 – Visa, 5 – Mastercard, 6 – Rupay. Go ahead and verify this against your cards!” username=”Razorpay”]
Now that you know the who’s who of the online card payment ecosystem, let’s move on to the steps involved in the processing of an online card payment.
Say you have added your product or service into your online shopping cart and decide to checkout by making a payment. Again, since this article is cards only, it is understood a customer will select an option to pay by card – either debit or credit.
Overall, the entire process of paying by card can be broken down into the following three stages:
- Authentication
- Authorization
- Capture
Stage 1 – Authentication
Authentication is the process of confirming a cardholder’s identity. This stage verifies whether the card number is correct or not as well as if the customer making the transaction is genuine or not. Think of this stage like your banking official asking for your identity or verifying your signature in an offline payment transaction. This stage only verifies the identity and doesn’t check a customer’s account balance nor does any kind of fund transfer.
Here is how this stage works:
- The merchant, let’s consider Swiggy for this example, securely shares the card details, transaction amount and order number with the payment processor – Razorpay
- The Razorpay risk evaluation system validates the transaction by making various risk checks in order to avoid any fraudulent or duplicate transaction. If Razorpay suspects any transactions as dubious, the payment will fail here itself and Swiggy will be informed about the same
- Next, Razorpay’s smart routing algorithms select the best acquiring bank’s payment gateway. Sometimes, a bank server system may be down or may be under maintenance or maybe overloaded with more capacity than it can handle. Here lies the real expertise of Razorpay’s data science-backed smart routing algorithms that assesses hundreds of parameters in real-time to identify the best performing payment gateway to maximize the success rate for every payment
- The acquiring bank’s payment gateway interacts with the appropriate card network i.e. Amex, Visa, Mastercard or Rupay
- The card network further interacts with the issuing bank in order to perform an authentication of their customer. This is the step where a customer sees the 3D Secure page and is asked to enter their code or One Time Password (OTP)
- Once the OTP is entered, it will be verified by the issuing bank and if it is correct, the transaction will be allowed to the next step – authorization. If the entered OTP is incorrect or the time allowed to enter OTP expires, a failure message is conveyed
Stage 2 – Authorization
Okay, the identity is verified, time to move funds around. While you are making a payment transaction online, you will generally not get to know when this stage is happening since this happens in the background without any interaction from the customer. However, during an offline transaction on a Card Swipe or POS Machine, you may see a glimpse of this stage after you enter your Personal Identification Number (PIN) – the screen briefly shows the text “Authorising…”
Steps in this stage are:
- The acquiring bank’s payment gateway will connect via the card network to the issuing bank to understand whether the card can be charged or not. This is required because it may be possible that the card account has exhausted their limit or has insufficient funds
- The issuing bank examines the card account’s health and ensures sufficient balance for the transaction to process. If the result of the evaluation is positive, the customer account is charged and an amount equal to the transaction amount is blocked
- The issuing bank then sends either a successful authorization or a declined with a reason as a message to the card network, which in turn then passes it onto the acquiring bank. This is generally when the issuing bank alerts their customer about the transaction
- The acquiring bank’s payment gateway then communicates this message with Razorpay who then sends it to the merchant. For the merchant to receive the online payment amount in their account, they will have to follow steps in the next stage – Capture. For customers, their journey completes here.
Stage 3 – Capture
What is still pending until now is the transfer of funds from the issuing bank into the merchant’s account. Remember, in the last stage, for a successful transaction, the amount was charged or blocked. This now has to be claimed by the merchant.
This stage is again a background process and is pretty much simple yet complicated:
- Razorpay, on behalf of the merchant, makes a capture request to the acquiring bank. The money is then moved from the issuing bank to the acquiring bank
- Razorpay then works with the acquiring bank to settle the transaction amount to the merchant
- The capture request for online card payments has to be made within 5 days of the transaction. If it is not done, the amount, as per guidelines of Reserve Bank of India (RBI) will have to be reversed by the issuing bank in the cardholder’s account
With this, the entire process of making an online payment by cards is now complete! And now you know it’s more than just entering an OTP!
At the start of this article, I told you about why it is interesting to know how this system works and how you can benefit from this.
If you have ever experienced a scenario when you received an SMS from your bank about a transaction being charged on your card but you did not get a successful message from the merchant. Now you should be able to understand:
- Reason of failure: Yes, even machines, like humans, fail. You can guess where the system could have failed. The reasons could be a loss of internet connection in between the steps, expiry of time to complete a request, use of refresh option in a browser, etc
- Reversal of money: For any failed transactions, most of the time, systems are designed to automatically reverse the money involved. Hence, there is no reason to panic as your money is safe. That is why you see messages like “Any amount deducted from your account will be automatically refunded within 7-10 days“
There are a lot of other detailed concepts involved in facilitating a successful online payment by cards. We have more such stories coming up in the next few weeks that will take this initiative forward and help you understand how Razorpay is disrupting the online payment systems through its innovation as well as being 100% compliant with RBI rules and guidelines.
All the data, policies and processes in this article are specific to India payment system in India only.