[ glossary ]


Once a visitor has submitted a secure web form with his/her credit card details, a chain of events unfolds. Here's what's happening with the transaction, step-by-step:
  • The customer enters his/her credit card into a secure form. The contents is sent via SSL (so, the URL starts with https:// ) to your web site.
  • After the credit card information received, your web site submits an electronic "request for authorization" in order to capture funds from the cardholder's credit card account in the amount of the purchase. This request is send via the processor company to the relevant credit card processing network. The request is processed right away to validate credit card account and check the availability of funds. If this step is successful, the processing network sends back an authorization code (typically, a six-digit number). The authorization code is your authorization to capture funds from the cardholder's credit card account. Several transaction are commonly grouped in a batch. Most small web site will have only one "batch" per day.
  • After receiveing the authorization code you need to issue the customer a "receipt". In most cases, a receipt is simply an e-mail specifying the details of the transaction. You may also show a receipt web page to your customer.
  • To get the actual money to your bank account you need to capture the funds for which you've just received authorisation. When the shipment of product occurs (or immediately after the transaction for content/service sites), you may go to the web site of processor company and mark the transaction as completed.

    In the interface you would have transactions grouped by batch. For every credit card transaction, you will have detailed information as well as information about the transaction's "risk". Risk is calculated based on the credit card usage pattern and other transaction details. For example, if a computer from which credit card number was entered is outside of US (as determined by its IP address) or the entered credit card billing address does not match one in the bank records, the "risk factor" increases.

    At this step you can also choose to mark some transaction in the batch as cancelled - for example, if you deem the risk too high. You issue settle the batch command what mean to capture the funds for all transactions (except cancelled) in the batch.

  • Within 2 to 3 business days, the funds associated with the batch you "settled" are deposited electronically into your bank account.
  • Hopefully, that's when the transaction ends. However, a possibility we'd like to mention concerns chargeback. If your visitor has used a stolen credit card or if your customer is legitimate, but was not satisfied with goods or service he/she received (or didn't receive), the credit card owner may contact the issuer and dispute a transaction. A chargeback occurs when a customer contacts a credit card-issuing bank to initiate a refund for a purchase they made on a credit card. The best tools to avoid chargbacks, a signed receipt or manual imprint of the credit card unfortunately are not available to online merchants. As a merchant, your position in disputing a transaction is rather weak. You'll definitely be better off verifying the transaction before approving it, especially if it was marked as "higher risk" by the processor. Many merchants who ship actual goods or have substantial volume of transactions have dedicated personnel who contact credit card owners in order to verify suspicious transactions. Merchants who do not ship any goods (e.g. classified advertisement sites, etc), do not perform such verification of every transaction and often "just live with it". Your bank may increase your fees if the percentage of chargebacks goes about a certain threshold.