Digital Payments- the different stakeholders in a retail payment ecosystem.
How does one pay by card & money gets transferred from one account to another?
When a customer shops at a retail outlet, he often pays with a debit or a credit card.
Let's see how it works-
1. Cardholder swipes card at a POS terminal and authenticates using a PIN
2. POS belongs to a payment processor and is always linked to a merchant a/c or an acquiring bank a/c. Similarly, a card is issued by an issuing bank.
So this part is clear.
The Cardholder has a card that is issued by an issuing bank & is linked to cardholder's a/c and a Merchant has a POS terminal & is linked to his Merchant a/c or acquiring bank a/c
There is one more party involved which is the card association or a MasterCard or Visa network
Now coming to the payment flow-
The entire card payment can be broken into 3 key steps-
1. Authorisation- This happens when a cardholder swipes a card at a Point of Sale (POS) terminal. The POS terminal sends information to card associations with payment details.
The card association sends the request to the issuing or cardholder's bank. Basis response (approval/ decline), the card association sends a response back to the payment processor. card association sends it back to the POS terminal to authorize the payment.
2. Authentication- The credit card association requests authorization from the issuing bank. Issuing bank validates details and places a hold on the transaction amount. Merchant POS terminal batches approved /validated transactions for batch settlement.
3. Settlement- The actual transfer Merchants POS terminal sends batches to the card processor which sends it to the issuing bank. Issuing Bank finally debits the account and transfers the amount to the card association after deducting issuing fee.
The card association deducts the interchange fee and forwards the amount to the acquiring bank which deducts the acquiring fee before crediting the Merchant's acquiring account.
Phew ! I hope I have kept it simple this far.
Is the Merchant onboarding process really instant?
With Businesses going digital & demand for payments continuously on the rise, Let's understand a typical merchant onboarding scenario as in order to accept online card payments merchants need to have a merchant account
Merchant Actions-
Merchant Acquirer-
The acquirer takes the onboarding application & does the credit & risk underwriting process. In case all the information provided is correct & underwriting process is successful, a Merchant Identification Number (MID) is generated and linked to the settlement account of the merchant. A merchant acquirer will identify the merchant through this unique MID.
MID is important as every time a card is swiped MID is sent with the transaction details to the card associations for further processing.
Today Merchant acquirers are trying to make this process as seamless & digital as possible through the use of API's & reducing the number of clicks while also ensuring that they onboard high-quality merchants with a low to medium-risk profile.
What do you suggest to ensure an end-to-end digital process that can onboard merchants in seconds?
The New Buzzword- Card Tokenisation
To promote safe & secure digital transactions, Reserve Bank of India (RBI) has announced that no entity in the card ecosystem other than issuing bank & card network shall store the actual card data.
All the remaining entities have been asked to remove sensitive customer data saved at their ends & replace it with card tokens. RBI has extended the deadline for card tokenisation till June 30, 2022 ,post which customers either have to enter the card details for transaction or opt for tokenisation. Tokenisation will not have any major impact in the customer shopping experience except for making it safer to transact online.
The Customer Journey-
领英推荐
Usually when a customer shops online, he gets an option to save his card details with the e-commerce portal. This helps the customer save time when next he makes a purchase from the portal & he can simply authorise the transaction with his Cardholder Verification Value (CVV) & one-time password (OTP). Now the e-commerce portal will generate a token and store the token instead of storing the cardholder details & the customers can authorise the payment simply with an OTP.
? Card tokenization is the process of replacing sensitive customer details with an algorithmically generated number that is impossible to trace back to the original data or information. Now only the issuing bank or card network will have access to cardholder details.
? The Advantages of card tokenization-
Some Popular Card Tokenization solutions-
Credit Cards – Innovations shaping the future !
So somewhere I read “Boy taking that hard earned cash out of a wallet cured lavish spending in a heart beat”.
So true, that is one of the reasons banks so heavily promote Credit Cards as it not only creates an additional source of revenue for banks but also increases the customers spending.
Let’s have a look at the recent innovations related to credit cards-
1. Bio-metric Credit Cards- Cards with built-in scanners that authorize payment through a fingerprint instead of a PIN that was required to be manually entered.
2. Tap N Pay- Credit cards enabled with Tap N Pay can be simply tapped on a Point of Sale to transfer money. For example?HDFC Bank?Credit cards.
3. Virtual Cards- A Virtual Card is non-physical card available only in digital form. Similar to a physical card, a Virtual card also has a 16 digit number , an expiry , and a CVV like any other normal card. It can be used to make online payments & can be easily accessed using your mobile app. For example?ICICI Bank?Credit cards.
4. Numberless Cards-These cards have no visible number printed on them which automatically enhances the security. All data, including card number and user details, are securely encrypted into the embedded EMV chip found on the card, and the surface of the card only has a branding of the card issuer. The transactions are usually authenticated either by a one time PIN?or App authentication. Example- FamCard by?FamPay, Leading Spanish bank?Grupo Santander?Banco Santander.
PCI DSS for businesses in the post pandemic world !
The growing popularity of e-commerce in the post-pandemic world has brought retailers online as well as increased the digital payment adoption by businesses. The fast-paced growth has brought new opportunities and risks combined and a need to provide safe and secure transactions for customers.?Businesses need PCI DSS compliance to ensure safe digital transactions & protect their systems from security thefts.
Payment Card Industry – Data Security Standard (PCI-DSS) is a set of requirements designed to ensure that cardholder data is processed, stored & transmitted in a safe manner. Any organisation that accepts, processes or transmits cardholder data must comply with PCI DSS requirement. PCI DSS compliance is enforced by payment card companies including MasterCard, VISA, AMEX, Discover & JCB.
PCI Compliance levels- PCI compliance has 4 levels depending upon the volume of transactions.
While compliance levels 2, 3, and 4 can be achieved by submitting an Annual Self – Assessment Questionnaire, level 1 compliance is granted to a business after rigorous internal audits conducted by a relevant Quality Security Assessor.
PCD DSS has 12 core requirements-
About the Author:
Juhi Sharma?is a payment enthusiast with 9+ years of experience in payments and product management. Before joining IBM, she worked for banks such as HSBC, Credit Agricole Corporate & Investment Bank, and ICICI Bank.
Juhi has done her post-graduation from Welingkar Institute in Marketing and B.E (Electronics and telecommunications) from Mumbai University.
Note- The views and opinions expressed or implied in this post are my own from the view of a user.
#Payments?#digitalpayments #cardpayments #merchantacquiring ?#banking?#fintech?#paymentfintech??#productmanagement?#bankinginnovation?#digitaltransformation?
Article-0015