The end of the year is around the corner, and as every year, most of us wait until November to buy the next amazing learning course that will help us take that leap in our careers.

In this article, we will see who the players are involved when we swipe our physical card or click the pay button on a checkout online page.

When we land on the checkout page of the Merchant that just released the amazing course we would like to buy, we need to be sure we own and have a card, so we are the Cardholders. Sometimes it could be a physical piece of plastic with a magnetic stripe at the top and a chip. Sometimes it could be a virtual card that is just the card number shown in an app, which can be used for online transactions. Sometimes the card could be tokenized, meaning that it is a card stored in the phone’s wallet, like Apple Pay or Google Pay, and then used to “Tap and Pay.”

The card is provided by an Issuing Bank, in Italy could be Intesa San Paolo, Unicredit, etc. The process of going into the physical location of a Bank to open up a checking account is called Know Your Customer (KYC), because we would need to answer a series of questions that help the bank identify us such as the name, social security number, date of birth, physical address, phone number, potentially some other form of identification like a driver’s license, etc. This is done primarily to prevent bad actors from entering the financial system. It checks to make sure that we are not funding terrorist activity or have not participated in money-laundering activities.

Then, the Merchant, needs a machine that can read the card that is provided by a Merchant Acquirer, such as Nexi, for example. For online merchants, this is referred to as a payment gateway such as Stripe.

Thirdly, the linkage between the card and the card reader is the Payment Network, such as Mastercard or Visa. The Payment Network provides the rails for card-based transactions to occur. They sit in between Acquirers and Issuers and pass messages back and forth to make the transaction happen. The Payment Network also sets the communications rules and standards that the Acquirers and Issuers need to adhere to.

These are the players involved at the moment of the card swipe:

• Issuer: An Issuer or Issuing Bank’s function is to underwrite the user by giving them a bank account, a debit card, and potentially access to credit facilities.

• Issuer processor: The Issuer needs a technology provider that can connect with the payment networks. Usually, the Issuer Processor will have a piece of hardware in their data centers and a fast network connection directly to the payment networks to approve or decline a transaction. Sometimes, the Issuer may have built this technology in-house or may rely on a third-party Issuer Processor to handle this.

• Merchant Acquirer: The Merchant Acquirer goes out and acquires Merchants and provides them with the tools and facilities to accept and process card-based payments.

• Payment Network: Sometimes referred to as a “Card Scheme” or just as a “Network.” Examples of Payment Networks include Visa, Mastercard, and American Express. These Payment Networks provide the rails for card-based transactions to occur.

To recap, when we click on the pay button of the checkout page, we enter into the authorization process (we will go further on that in the next chapter). This state typically lasts three seconds or less, but within those three seconds, a lot is happening. A message goes from the payment terminal to its Acquirer Processor with the amount of the transaction, location of the transaction, Merchant type, and the card number. The Acquirer Processor then determines that this is a Mastercard and routes it to the Mastercard Network. Mastercard then sees this transaction and, based on the card’s number, it looks for the first six digits of the card, also referred to as the card’s Bank Identification Number (BIN), and determines that this BIN belongs to ISP Bank. Mastercard sends a message to ISP Bank with the card number, amount of the transaction, location of the transaction, and Merchant type. ISP Bank’s Issuer Processor then looks at this data and decides whether this transaction should be approved. The key things it will ask based on the information it has received from Mastercard are:

• Is the user card active?

• Does the user have enough money in his account to cover the cost of this transaction?

• Can the user card be used at this Merchant?

• Does this transaction raise any sort of fraud flags based on location, prior activity, or type of Merchant?

If all of these questions get answered favorably, then ISP Bank’s Issuer Processor will send back a message to Mastercard that the transaction is approved. It will place a hold with the amount of the course on our bank account, and the transaction will appear as “Pending”. Mastercard will then relay this decision from the Issuer to the Acquirer. The Acquirer Processor will then send a message to the payment terminal to approve the transaction. The terminal (in our case, the Stripe checkout page) then makes the button background green to indicate the approval of the transaction, then we usually get redirected to a success page, and a confirmation email is sent with the receipt of the order.

In the next chapter of this series, we will deep dive into the Authorization process part.