Guides

Deep dives into payment processing, PCI, fees, gateways, POS, and chargebacks. Examples may mention providers like Elavon, Stripe, PayPal, and Adyen for context only.

Overview

How Card Payments Flow

1) Authorization — A card is tapped, dipped, or a PAN is entered online. The terminal or gateway sends an authorization to the acquirer/processor, which routes it to the card network and the issuing bank. The issuer approves or declines.

2) Clearing — Approved transactions are submitted in a batch for clearing; amounts and fees are prepared for settlement.

3) Settlement — Funds are moved to the merchant’s account, typically T+1 to T+3. Payout reports help with reconciliation.

Tip: Tokenization replaces raw card data with a surrogate token, reducing PCI scope and improving security for recurring or subscription payments.

Costs

Understanding Fees

Interchange is paid to issuing banks and varies by card type (debit/credit/premium), transaction method (card present vs. online), and region. Assessment/Scheme fees go to the card networks. Processor markup is the provider’s revenue and can be priced as flat (e.g., x% + y¢) or as Interchange++ (pass‑through plus fixed markup).

Card‑present vs. Card‑not‑present (CNP) — CNP usually costs more due to higher fraud risk.
Cross‑border — extra fees may apply for international cards or currency conversion (DCC).
Monthly/annual — statement fees, PCI program fees, chargeback handling fees, and hardware costs.

How to compare offers: ask for a clear pricing table, effective rate, settlement timing, contract term/early termination, and any reserves or rolling holds.

Security

PCI DSS in Practice

PCI DSS is a global standard for handling card data. The goal is to minimize storage, encrypt transmissions, and harden systems. Most small merchants complete a Self‑Assessment Questionnaire (SAQ). Common SAQs:

SAQ A — fully hosted pages (no card data touches your server).
SAQ A‑EP — hosted payment fields but the merchant site can affect the page.
SAQ B/B‑IP — simple terminals or IP‑connected standalone devices.
SAQ C/SAQ C‑VT — payment applications on merchant systems or virtual terminals.
SAQ D — anything else; most demanding.

E2EE/P2PE encrypts card data from the entry point. Tokenization removes raw PAN from your environment. 3‑D Secure adds an extra authentication step for online payments and may shift fraud liability to issuers.

Online

Gateways & Integrations

Gateways connect websites or apps to processors. Key features include hosted payment pages, client‑side SDKs, webhooks, and reporting APIs. Look for vaulting, recurring billing, and support for alternative payment methods (APMs). Many processors offer their own gateways; some common examples include Converge (by Elavon), as well as independent providers. Choose based on features, fees, and developer experience.

In‑person

Point of Sale (POS)

POS options range from countertop terminals to tablet‑based systems and mobile readers. Consider receipt printing, SKU/inventory, tipping, multi‑store support, offline mode, and integration with accounting or ecommerce platforms. For unattended or transit use cases, look at contactless and EMV‑certified hardware.

Risk

Chargebacks Playbook

Chargebacks occur when cardholders dispute transactions. Common reasons: fraud/unauthorized use, not‑as‑described goods, processing errors. Prevention tactics include AVS/CVV checks, 3‑D Secure, clear descriptors, prompt shipping with tracking, and responsive support.

Representment basics: gather evidence (receipts, delivery confirmation, correspondence), respond within the network timeframe, and tailor your rebuttal to the reason code. Track win/loss rates and root causes to improve policies.