Card And Payment Domain

Share:

The payment processing industry is big business. The amount that people spend using card payments per year is growing. It’s easy to understand why the payments industry is so competitive. Traditionally, payment processing has been dominated by a few very large banks. However, recently smaller companies have been able to enter the market and compete on new software and great customer experiences.

One interesting trend is that the amount of people that use cash and checks as the payment method is falling off the cliff in favor of digital payments, in particular credit cards.

Payment and card Industries

The payment card industry consists of all the organizations that store, process, and transmit cardholder data, most notably for debit cards and credit cards. The security standards are developed by the Payment Card Industry Security Standards Council which develops the Payment Card Industry Data Security Standards used throughout the industry. Individual card brands establish compliance requirements that are used by service providers and have their own compliance programs. Major card brands include American Express, Discover Financial Services, Japan Credit Bureau, Mastercard, RuPay, UnionPay, and Visa.

Entity Involved in Payment Card Transaction

The Cardholder The individual initiates a transaction by swiping a credit or debit card issued in their name. The buyer receives merchandise from the merchant, which is paid for by the issuing bank.

The Merchant The store or eCommerce shop owner with whom the cardholder has initiated the purchase. The merchant generally accepts credit or debit cards to facilitate payments for transactions. They may also accept other methods of payment including cash, and contactless technologies.

The Acquiring Bank The merchant’s bank, which sends transaction and authorization details ahead to the card network for approval. The acquirer then plays a role in relaying the issuing bank’s response to the merchant. Sometimes, these actions will be performed in-house, or they may be done with a third-party payment processor or merchant services provider.

Acquirers are banks or financial institutions that represent one or more online payment methods. They acquire traders as partners and conclude contracts with them regarding the acceptance, authorization, and settlement of payment methods as means of payment for goods and services. They process the transactions and transfer the respective amounts to the merchant.

Any merchant who accepts credit card payments requires an acceptance contract. The acquirers again need an appropriate license from the card companies. Card companies such as Visa, Mastercard, American Express or Diners Club entitle the acquirer to issue cards with their own logo.

Acquirer vs issuer

The issuer or issuing bank is the commercial organization that underwrites the consumer. This line of credit is accessed through use of a credit or debit card, branded Visa, MasterCard, Discover, American Express and others. During any credit card transaction, the card issuing bank confirms the account holder is who he says he is, verifies that there are funds in the account to cover the purchase and authorizes the transaction.

Costs related to acquiring

The acquirer charges an amount for his service, usually representing a percentage of the sales. This fee also includes the interchange charges for the card issuing bank. Interchange charges vary widely depending on the country or region. If a dealer has many customers who buy from him with foreign cards, he can get a better rate from the acquirer than if only local cards are used. In addition to authorizing payment at the customer’s bank, acquirers are increasingly active in the detection of misuse.

Additional Services

In addition to the acceptance, authorization and billing, the acquirers are also responsible for ensuring that the merchant complies with the Payment Card Industry Data Security Standards (PCI DSS). Acquirers are also taking over more and more tasks in fraud management, detection of fraud and fraud prevention.

The Issuing Bank The cardholder’s bank or card-issuing payment account facilitator. The issuing bank will receive payment authorization requests through the acquiring bank, card network, or via the third-party processor, then relays an approval or decline response along the same channels to the acquiring bank.

The Processor For many merchants, their acquirer also serves as their payment processor. In other cases, though, these may be two separate entities. This processor serves to facilitate communications between the acquiring bank and the merchant. These third-party payment facilitators will assume responsibility for sending and receiving transaction details and authorization, which it will then provide to the merchant or bank.

The Card Network The debit or credit card associations operate branded card networks that facilitate global transactions for a given payment card. They also set the rules and guidelines all banks and merchants must follow to use said platforms and govern interchange fees. Nigeria’s most widely-used card networks are Visa, Mastercard, and Verve. The card network will accept authorization requests from the merchant’s acquiring bank/payment processor, then forward that information to the cardholder’s issuing bank for approval.

The payment processing value chain

The card processing value chain includes the companies that generate revenue directly off of a card transaction. Sometimes all the companies are known as payment processors as a general term, however, they each have very different roles.

Issuing bank (or card issuer) Card issuers (or issuing banks) are the players (banks or credit unions) that people get their cards from. Chase and Citi are a couple of the largest in the USA while TD and RBC are the largest in Canada. The issuing bank decides things like the interest rate that cardholders pay, the limit, foreign fees, etc.

Card brand (or credit card network or card association). A card brand (or card network or card association) is the player that sets interchange rates and governs the rules of the program. That’s Visa, MasterCard, Diners, Discover, etc.

Acquirer (or payment processor or underwriter) This is where definitions can get complicated. An acquirer (or acquiring bank) actually processes credit card transactions, take on the underwriting risk, and holds the merchant account for merchants. Sometimes people use the term “processor” as a general term for “payment processor” or “merchant services provider” but they are technically different.

Service provider (or merchant service provider or payment processor) Merchant service providers provide sales, support, and software to merchants. Sometimes they build their own software, and sometimes they white-label it. These are the players that merchants primarily work with. These can also be called an ISO (Independent Sales Organization) or just a payment processor. They come in a wide range of sizes from very small boutique businesses to multi-national organizations. Merchant service providers are one of the most interesting players in the value chain because they can be one of the most nimble and innovative players, bringing significant value to merchants.

The breakup of revenue in payment processing

The payment processing value chain works together to enable merchants to accept credit cards and to ensure consumers have a safe, efficient, and secure way to pay. For this service, companies in the value chain split up an overall fee of around 2.3% of the transaction amount.

Let’s look at an example where a consumer pays $100 for a pair of shoes. To start off, the merchant gets around $97.70 and the credit card value chain gets $2.30.

The credit card issuer takes the most of the fees, around 67%. The issuer does the hard work of getting a credit card into the hands of the consumer in the first place. Next, the service provider takes around 16% for providing the software, support, and service. Then the rest is roughly evenly split between the acquirer and credit card brand.

Payment Authorization

Payment Authorization is a process through which the amount to be paid on a payment method is verified.

In case of credit cards, authorization specifically involves contacting the payment system and blocking the required amount of funds against the credit card. Other payment types may or may not require this authorization step. This is configurable in Sterling Order Management in the sellers payment rule. If an order requires payment processing, the order is not picked up for scheduling or other processing until it is authorized.

Card Authorization Rate

Card authorization is used to determine if the card being used has sufficient funds to process the transaction. Without authorization, the sale will not be approved.

Card authorization rate is the number of successful transactions divided by the total number of attempted transactions. Let’s say you have an 80% transaction rate. That means eight of ten transactions were approved. An 80% authorization rate implies a 20% failure rate (two of ten transactions failed).

What Causes Low Card Authorization Rates?

Outdated Technology — If your merchant services provider or bank uses outdated technology, you’ll suffer from lower authorization rates. Old technology gateways likely won’t have the best fraud screen methods, data updates, local routing systems, or retry systems.

High Risk Processing — It’s common for merchants that fall into a high-risk processing category to have lower authorization rates. That’s because these industries have an increased risk of fraud. Some credit card companies might automatically decline transactions that seem suspicious. In other cases, the transaction attempts will actually be fraudulent.

Inadequate Fraud Prevention — In theory, authorization declines are in place to reduce the risk of fraud. So merchants with poor fraud prevention practices will see lower authorization rates.

Account Changes — As technology changes, thousands of new cards are issued on a daily basis to accommodate new features, such as contactless payments. Cardholder information changes with these updates. For those of you who collect recurring payments, you’ll see authorization rates drop as new cards get issued to your customers.

Changing Regulations — There are always new laws being enacted worldwide, especially when it comes to data protection. For example, regulations like PSD2 (Revised Payment Services Directive) calls for enhanced authorization stipulations in the EU. Some transactions will require two-factor authentication.

Cross-Border Payments — It’s common for transactions to be declined if the payments originate from a different region than the processing bank. For example, if an Italian-issued credit card gets processed by a regional bank that’s only in the US, it has a higher chance of being declined. Currency mismatches are another leading cause of declined authorizations.

Payment service provider

A payment service provider (PSP) is a third-party company that assists businesses to accept electronic payments, such as credit cards and debit cards payments. PSPs act as intermediaries between those who make payments, i.e. consumers, and those who accept them, i.e. retailers.

PSPs establish technical connections with acquiring banks and card networks, enabling merchants to accept different payment methods without the need to partner with a particular bank. They fully manage payment processing and external network relationships, making the merchant less dependent on banking institutions.

PSP can also offer risk management services for card and bank based payments, transaction payment matching, reporting, fund remittance and fraud protection. Some PSPs provide services to process other next generation methods (payment systems) including cash payments, wallets, prepaid cards or vouchers, and even paper or e-check processing.

PSP fees are typically charged in one of two ways: as a percentage of each transaction, or as a fixed cost per transaction.

Understanding types of Payment Service Provider (PSP)

Aggregators

This type of PSP is the most one-stop shop of the 3 PSP categories. The beauty of this model is the ease of everything, from initial sign up to integration to settlement and reporting. One contract, one point of contact and one payout.

A well-known example is Stripe. If you’re thinking that Stripe is actually a Payfac, that’s true but a Payfac (Payment Facilitator) is synonymous with PSP Aggregator. Fyi, the term ‘Payment Facilitator’ is used because this is the type of account an Acquirer provides to the Aggregator. You may also be thinking this model seems like a silver bullet. To some merchants it is at it solves some major headaches, not least the sign up for an account reducing from weeks to minutes. However, this model is not applicable to all merchants. In general, it’s smaller merchants who are considered low risk on account of things like: sector in which they operate, number of chargebacks, average transaction size. The risk focus is because the Aggregator is responsible for onboarding and underwriting which in a traditional model is the responsibility of the acquirer.

There is also a risk element for the Merchant. As mentioned above, the sign up process is very quick. Just go to Stripe and sign up to see how fast you have your account and integration credentials. Compare this to the signing up with an Acquirer which takes weeks lots of paperwork and a risk assessment. The way PSP Aggregators short circuit the process is because as a Merchant you receive a ‘Sub-Merchant ID’ from the Aggregator. The Merchant ID (MID), issued by an Acquirer, belongs to the PSP Aggregator. Hence, the Merchants transactions are submitted to the acquirer using the Aggregator’s ID rather than the Merchants. Why does this matter? It matters because for any reason, the Aggregator can pause or cancel the Merchants, Sub-Merchant account. Preventing the Merchant from processing payments. The model works on low risk for the Aggregator. If the risk metric (as defined by the Aggregator) becomes too high they must act. For these reasons, PSP aggregators do not appeal to medium and large online merchants. And vice versa.

In addition, from a Merchant perspective, the rate paid to the Aggregator for processing payment can be considerably higher than if the Merchant has a direct relationship/contract with an acquirer. If high volumes and/or transaction values, over time this can be a considerable cost.

Distributors

Distributor PSPs provide a single interface (e.g., a REST API) to enable a Merchant to integrate and thus to gain access to Distributor PSPs payment ecosystem. Without the Distributor PSP the Merchant would need to integrate to multiple payment systems and to maintain those integrations.

In this model, the Merchant is responsible for signing contracts with third parties such as acquirers and other payment vendors. Payments are settled directly to the Merchant. In this case if a Merchant processes via multiple payment processors/acquirers the Merchant will receive multiple settlements. This results in more complex reconciliation when compared with the Aggregator model.

With respect to choice, in terms of acquirers and processors, the Distributor model provides more flexibility to the Merchant than the Aggregator Model. A Distributor often has many existing integrations within their ecosystem and where an integration does not exist but is required by a potential Merchant, Distributors will often invest in their platform by creating the new integration. Rates are transparent as the Merchant receives a separate processing fee from the PSP and the processor/acquirer.

An example of a Distributor PSP is Adyen. As with many of the larger payment organizations, they provide other functions to Merchants and describe themselves as a ‘full-stack Payment Service Provider’. For example, in various locales Adyen provides acquiring services.

‘Ingenico Payment Services’ is another example of a Distributor PSP. Although Ingenico is often thought of as a Point of Sale (POS) payment terminal provider, with their acquisition of Ogone (2013) Ingenico also became a PSP. In fact, Ingenico has now merged with it’s French rival ‘Worldline’

Collectors

The Collector model is a hybrid of the Distributor and Aggregator. The term Collector represents the function the PSP performs in receiving payment from the various acquirers/processors, on behalf of the Merchant. The PSP then consolidates multiple settlements into one, streamlining the settlement of funds to the Merchant thus simplifying reconciliation.

Payment Gateway vs. Payment Processor

A payment gateway is distinct from a payment processor, payment processor is a service that connects the customer’s bank to the merchant account and facilitates the actual movement of money. You can think of these as two halves of the transaction: a payment gateway collects customer information for payment, and a payment processor uses that information to contact the customer’s bank and the merchant account, debiting one account and crediting the other.

Payment service providers vs. merchant account providers

The terms “payment service provider” and “merchant account provider” may sound similar, but they describe two different types of organizations. While both make it possible for businesses to accept online payments, merchant account providers designate a separate account and merchant identification number, or MID, for each business they serve, as opposed to PSPs, which combine multiple businesses under a single account and MID umbrella.

Because merchant account providers give each business its own separate account, it can take some time (as much as a few weeks) to be approved so you can start getting paid — and you can expect a thorough vetting process as your individual risk as a business is assessed.

PSPs, on the other hand, take on the combined risk of all their customers, so the approval process is simple and almost instantaneous. This difference in risk also affects account stability, however. Once you’ve made it through the merchant account approval process, your account should remain stable, barring any extreme circumstances. The collective risk PSPs take on makes them more likely to hold, freeze or terminate accounts they decide are too risky.

There are other significant differences as well. PSPs typically provide a turnkey solution with a set price that may include a range of features and even hardware. Merchant account providers often offer a customizable solution tailored to the unique needs of each business.

What are the Features of Merchant Service Providers?

The features that you unlock with a merchant service provider account will depend on the kind of service you choose. Some companies only offer you processing services, while others help with things like PCI compliance and protection from chargeback fees.

Most merchant service providers will give you a wide selection of services and products that make it easier to run your store online. All businesses need to acquire either a merchant account or a payment service provider account to take payments online. However, it’s up to you to determine which strategy is the best for you.

Some of the most common features of a merchant service provider account include:

A merchant account: Merchant accounts are essential accounts that act as a middleman between your customer’s bank account, and your business bank account. Full merchant accounts give you an ID number that help you to protect against issues like fraud. If you have a payment service provider account, then you can also accept payments, but you don’t get the same level of support or protection. Your merchant account is where the money from your customer’s payment card will be stored before they’re deposited into your bank account.

Credit card terminals: Credit card processors can come in physical, or virtual format. If you’re a retailer with a brick and mortar store, then you may need credit card processors that you can use with customers in person. You can get a card reader from your merchant services account provider. However, payment service providers can sometimes offer terminals too. Square and PayPal have their own card reader options, for instance. Different terminals come with their own unique features. For instance, some will allow you to take contactless or pin-free payments. Others will support payments from smartphones.

Point of Sale systems: Point of sale systems aren’t the same as card terminals and payment processing hardware. Instead, these solutions combine the functions of your card terminal with a computer display with included software. The software on your POS will help you to manage things like inventory, and analytics. You can monitor your sales, gather information for tax purposes, and more with this technology. Many leading point of sale systems come with add-on options, like receipt printers and dedicated scanners.

Payment gateways: Payment gateways are another common feature for both merchant accounts and payment service provider accounts. These gateways bridge your service provider’s processing networks with your website so that you can take payments over the internet. Sometimes, you’ll need to pay a monthly fee for your payment gateway if you want to access this feature. This is on top of any processing fees that you need to spend too.

Payment Processing Security

Online payment security is about safeguarding your business. Being vigilant about protecting personal information and protecting customers against fraud attacks on the internet has become important and crucial for businesses.

With more people switching to eCommerce for their shopping needs, this is even more important.

Many merchants don’t understand exactly how online payments work, but it’s important to know there are many players in the process. In addition to you, the merchant, other parties involved in it include issuing banks, card brands, acquirers, and payment companies.

When customers trust eCommerce businesses with their money and information, it’s the business’s responsibility to keep that trust and ensure a secure purchasing experience.

SSL for Secure Connections

An SSL certificate is a digital certificate that authenticates a website and enables an encrypted connection. SSL, Secure Sockets Layer, is a security protocol that creates an encrypted link/connection between the browser and server.

SSL certificates ensure the security of online transactions and the privacy of client information. So, if you see a padlock icon next to your website’s URL it means it has been protected.

How does SSL work?

SSL ensures that the data transmitted between the user and the website is secure and cannot be read by anyone else. SSL uses an encryption algorithm that encrypts data during transit, which prevents any fraudulent activity.

The data includes sensitive information like name, address, credit card number, or any other financial information.

Here’s the complete process:

· A browser connects to the website, which is secured with SSL.

· The browser requests the webserver to confirm if the connection is encrypted.

· The web server then sends a copy of its SSL certificate to the browser.

· The browser verifies whether the SSL certificate is trusted.

· The web server then returns the digitally signed acknowledgment to start the encryption session.

· Encrypted data is then shared between the browser and the server.

PCI Compliance Certificate

PCI compliance is a set of requirements that are intended to ensure that all companies that store, transmit, or process credit card information must maintain a secure environment. The PCI security standards include specification frameworks, tools, measurements, and materials to help organizations ensure the security of cardholder information.

PCI Compliance consists of 4levels:

· Level 1: This applies to merchants who process more than six million card transactions annually.

· Level 2: This applies to merchants who process between one and six million card transactions annually.

· Level 3: This applies to merchants who process 20,000 to one million card transactions annually.

· Level 4: This applies to merchants processing less than 20,000 card transactions annually.

Why PCI is important for your business growth?

The major benefits of PCI compliance are:

· PCI improves its business reputation with payment brands.

· Compliance means that your system is secure and the customers can trust you with their personal information.

· PCI prevents data breaches and payment card fraud.

· PCI serves as a globally accepted standard.

· Compliance contributes to the corporate security strategy.

· PCI improves the efficiency of IT infrastructure.

PCI DSS (Payment Card Industry Data Security Standard) Objective

The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions, and protect cardholders against misuse of their personal information. The PCI DSS was created jointly in 2004 by four major credit-card companies: Visa, MasterCard, Discover and American Express.

Build and Maintain a Secure Network and Systems

A secure network must be maintained in which transactions can be conducted. This requirement involves the use of firewalls that are robust enough to be effective without causing undue inconvenience to cardholders or vendors. Specialized firewalls are available for wireless LANs, which are highly vulnerable to eavesdropping and attacks by malicious hackers. In addition, authentication data such as personal identification numbers (PINs) and passwords must not involve defaults supplied by the vendors. Customers should be able to conveniently and frequently change such data.

Protect Cardholder Data

Cardholder information must be protected wherever it is stored. Repositories with vital data such as dates of birth, mothers’ maiden names, Social Security numbers, phone numbers and mailing addresses should be secure against hacking. When cardholder data is transmitted through public networks, that data must be encrypted in an effective way. Digital encryption is important in all forms of credit-card transactions, but particularly in e-commerce conducted on the Internet.

Maintain a Vulnerability Management Program

Systems should be protected against the activities of malicious hackers by using frequently updated anti-virus software, anti-spyware programs, and other anti-malware solutions. All applications should be free of bugs and vulnerabilities that might open the door to exploits in which cardholder data could be stolen or altered. Patches offered by software and operating system (OS) vendors should be regularly installed to ensure the highest possible level of vulnerability management.

Implement Strong Access Control Measures

Access to system information and operations should be restricted and controlled. Cardholders should not have to provide information to businesses unless those businesses must know that information to protect themselves and effectively carry out a transaction. Every person who uses a computer in the system must be assigned a unique and confidential identification name or number. Cardholder data should be protected physically as well as electronically. Examples include the use of document shredders, avoidance of unnecessary paper document duplication, and locks and chains on dumpsters to discourage criminals who would otherwise rummage through the trash.

Regularly Monitor and Test Networks

Networks must be constantly monitored and regularly tested to ensure that all security measures and processes are in place, are functioning properly, and are kept up-do-date. For example, anti-virus and anti-spyware programs should be provided with the latest definitions and signatures. These programs should scan all exchanged data, all applications, all random-access memory (RAM) and all storage media frequently if not continuously.

Maintain an Information Security Policy

A formal information security policy must be defined, maintained, and followed at all times and by all participating entities. Enforcement measures such as audits and penalties for non-compliance may be necessary.

AVS (Address verification service) Verification:

An address verification service is used by the credit card processor and the issuing bank to detect any suspicious transactions and to prevent fraud. The AVS is primarily intended to verify the buyer’s information is correct utilizing the street name or zip code of the owner.

How does AVS work?

Despite entering the correct billing address, there is the possibility that your transaction will still be declined. This is where AVS can help.

When used effectively, AVS helps in minimizing chargebacks. By using it, you can confirm whether the billing address entered by the customer matches the one in the cardholder’s account.

At the time of checkout, customers enter their address, which is then compared to the address on the issuing bank file. Payment Gateways can use the AVS code in real-time to identify how to proceed with the transaction, and whether it should be approved or declined.

Tokenization:

Tokenization is a process of replacing sensitive information with tokens into random strings of various characters. During the payment process, tokens are used to represent the cardholder’s information, such as a 16-digit card number or other sensitive details of the bank account.

This method is used because the Payment Card Industry Data Security Standards (PCI DSS) promote the adoption of payment tokenization. Since it provides merchants with a one-to-one replacement for PANs (Primary Account Number), it can be stored outside the PCI DSS environment. As a result, the merchant’s server does not store any sensitive information.

How does tokenization work?

Tokens are automatically generated in real-time during the payment so that it doesn’t slow the process. The merchant stores customer data securely so that the tokens can be used to charge subsequent purchases. With tokens, merchants will not be able to store or see the credit card numbers, which protects both customers and merchants from fraudulent activity.

In a nutshell, the process is as follows:

· The customers enter credit card details in the payment form.

· A token is created in the payment gateway API.

· The token is sent back to the merchant server.

· The merchant then securely processes the payment with the token, which represents the cardholder’s data.

3D Secure Authentication:

3D Secure authentication is an added layer of protection that requires customers to complete an extra verification step with their card issuers during the payment process. A 3D transaction will allow the cardholder to confirm a transaction before it is carried out.

This means, if the cardholder is using a Visa or MasterCard to make the purchase, a code or verification notification will be sent to ensure the authenticity of the cardholder.

3-D Secure is a protocol designed to be an additional security layer for online credit and debit card transactions. The name refers to the “three domains” which interact using the protocol: the merchant/acquirer domain, the issuer domain, and the interoperability domain.

3D Secure 2 (3DS2) introduces “frictionless authentication” and improves the purchase experience compared to 3D Secure 1. It is the main card authentication method used to meet Strong Customer Authentication (SCA) requirements in Europe and a key mechanism for businesses to request exemptions to SCA.

The cardholder’s bank can use this information to assess the risk level of the transaction and select an appropriate response:

• If the data is enough for the bank to trust that the real cardholder is making the purchase, the transaction goes through the “frictionless” flow and the authentication is completed without any additional input from the cardholder.

• If the bank decides it needs further proof, the transaction is sent through the “challenge” flow and the customer is asked to provide additional input to authenticate the payment.

How Does 3D Authentication Work?

· At checkout, customers need to enter their card information.

· Assume that you, the merchant, have 3D authentication enabled. Through a pop-up window, the customers will be asked to verify their identity.

· Next, the bank will send a secret authentication code to the registered mobile number.

· Customers need to enter this one-time applicable code to make a payment.

· After the code is verified, the payment is accepted, and the purchase is completed.

Anti-fraud Tools:

The most common type of credit card fraud occurs when the card is stolen or lost, or when the cardholder’s personal information is used to make unauthorized transactions. These frauds may lead to consequences like the loss of revenue and resources, chargeback fees, or the possible termination of the account. Therefore, an anti-fraud tool is crucial to ensure secure transactions.

What role will anti-fraud tools play?

· Real-time help to stop criminal fraud

· Prevent unnecessary bank proceedings

· Dispute chargebacks

Up-to-date Operating System:

Keeping your operating system updated is an essential security practice. Technology that is outdated is vulnerable to increased risks and financial losses. ​​​​Outdated technology may also lead to data breaches, which can erode customer trust and affect your credibility.

To ensure security, the operating system must be updated with the latest patches as soon as they are released.

How does an up-to-date operating system help?

· Safer transactions

· Increased customer trust

· Encrypted data with no data breaches

EMV-CHIP READERS

If you are processing payments in person, you need to be EMV-Chip equipped. EMV technology and chip cards are designed to help stop counterfeit cards in-store at physical points of sale by using a dynamic cryptogram that makes each transaction unique. Following the creation and implementation of EMV chips cards, the liability for breach was shifted onto the business, rather than the processor or bank. If your point of sale does not have the technology to process EMV chip cards and a breach occurs with EMV enabled cards, you will be held liable and will have to pay any costs incurred. By utilizing EMV technology, you enhance your protection from the potential fraud liability of accepting counterfeit cards. This protection benefits both your business and your customer when implementing these extra safeguards to process payments securely.

Conclusion

Payment processing has been evolving over the past two decades. There are several payment processing trends that are ongoing and will have a significant impact on the industry over time. The key trends we see are the growth of eCommerce, the prevalence of mobile devices, open banking, and digital currency (i.e. cryptocurrency). Clearly, Payments will continue to leverage these trends to build a better experience for merchants and reduce the cost of payment processing.

Reference

GETTRX: https://www.gettrx.com/payment-processing-security-7-things-to-consider/

NerdWallet: https://www.nerdwallet.com/article/small-business/payment-service-providers

E-commerce Platforms: https://ecommerce-platforms.com/glossary/what-is-a-merchant-service-provider

ClearlyPayment:https://www.clearlypayments.com/blog/credit-card-and-payment-processing-industry-overview/

PayLobby: https://pay-lobby.com/en/guides-payment/online-payment/the-differents-types-of-payment-providers

TAIGA Travel: http://taigatravel.net/understanding-types-of-payment-service-provider-psp/