If you’re launching a new site and want to accept credit cards, you’ll soon learn how many companies are involved in every transaction. And, once you run into the first few declined credit cards, you’ll learn about a few companies that didn’t seem to be there before. Let’s dive in.

When you enter your credit card on a website, it sends the credit card information over an encrypted channel to a payment gateway. The payment gateway’s primary responsibility is to authorize payments and communicate with the merchant’s bank. Banks communicate with the payment gateway using a proprietary network and/or protocol.  Since your website is not processing billions of transactions a month, your bank does not want to integrate with you.  So, the payment gateway effectively becomes the middle man.

However, if the merchant bank is small (compared to a bank like CitiBank, Chase, or Bank of America), the merchant bank likely uses another company to communicate with the payment gateway.  This middle man is known as a merchant service provider.  Unless you run into some very tricky problems authorizing transactions, you are not likely to know this company exists.  In most cases, the merchant service provider does their job and stays completely in the background.

Now that the merchant bank has the transaction information, it routes the details to the customer’s credit card company — Visa, MasterCard, Discover, American Express, etc.  Since Discover and American Express are usually issued directly to a customer (and not through an issuing bank), these card companies return an authorization or declined message.  Otherwise, the credit card company must now connect to the customer’s credit card issuing bank.  Finally, the customer’s bank can authorize or decline the transaction and the message routes all the way back to the originating e-commerce site.  On average, the whole authorization process can take 2-3 seconds due to all the parties involved in the transaction.

To summaries the authorization flow, the credit card information goes from the user’s browser to the e-commerce website to the payment gateway (optionally) to the merchant service provider to the merchant bank to the credit card company to the user’s bank for approval.

At the end of the day, the merchant’s bank must settle the transactions (assuming the funds were captured, or approved for transfer).  The merchant bank then works with the credit card company and users’ banks to transfer the funds.