Merchant Accounts 101

The Credit Card Processing System


There are five main players in the credit card processing system. They are the:


1. Credit card issuing bank

2. Consumer

3. Merchant services account

4. Acquiring processor/acquiring bank

5. Merchant bank


The credit card processing system has been carefully set up to insure that all parties involved will be able to take advantage of this efficient way of doing business. The credit card authorization process is basically the same whether your business actually swipes or inserts the credit card through the credit card terminal, keys in the credit card on the pad of the credit card machine, or accepts the consumer’s credit card online. The main difference is the variable levels of security involved with the different ways to process credit cards. The following is a step by step explanation of how credit card processing works.

Retail/Storefront Credit Card Processing


  • Consumer goes to merchant’s place of business, chooses goods and/or services, and gives the merchant their credit card for authorization


  • Merchant swipes the card on the credit card processing terminal, or inserts the EMV chip, and the credit card machine dials the acquiring processor for credit card authentication


  • Acquiring processor sends credit card transaction to card association, which in turn sends the request for authorization to the issuing bank


  • Issuing bank accepts or declines the credit card transaction and sends message to the card association


  • The card association contacts the credit card processor with the authorization, and then the request to deliver goods and services is given to the merchant by way of the POS terminal


  • Merchant sends the credit card processing company “fulfillment notification to permit settlement” meaning that the goods and services have been delivered or are ready to be shipped


  • The capture takes place when the credit card authorization information is given to the issuing bank and the consumer’s credit card is charged for goods and services requested/received


  • When the merchant decides to settle batch, the acquiring processor finalizes the credit card transaction with the issuing bank and they transfer money into the merchant’s bank


  • This entire process takes place in less than ten seconds.

Internet Credit Card Authorization


  • Consumer goes to web site and chooses goods and/or services


  • Consumer enters credit card information into a secured form that is sent over the Internet via Real Time Online Processing software (i.e., which then sends the encrypted transaction to the acquiring processor for credit card authorization


  • Acquiring processor sends transaction to card association, which in turn sends the request for credit card authorization to the issuing bank


  • Issuing bank accepts or declines the credit card transaction and sends message to the card association


  • The card association contacts the credit card processor with the authorization, and then the request to deliver goods and services is given to the merchant by way of the online credit card processing software


  • Merchant sends the credit card processing company “fulfillment notification to permit settlement” meaning that the goods and services have been delivered or are ready to be shipped


  • The capture takes place when the credit card authorization information is given to the issuing bank and the consumer’s credit card is charged for goods and services requested/received


  • When the merchant decides to settle batch, the acquiring processor finalizes the credit card transaction with the issuing bank and they transfer money into the merchant’s bank


  • This entire process takes place in less than ten seconds.


Mail/Telephone Order Credit Card Processing


If the merchant is a mail order/telephone order company, either scenario can be used for credit card processing. If the merchant uses credit card processing hardware, instead of swiping the credit card or inserting the EMV chip through the credit card terminal, they can key in the information. If the merchant prefers to use software for credit card authorization, then this can be done using a virtual terminal. A virtual terminal will allow the merchant to process credit cards over the Internet by securely logging in through the gateway provider and imputing the credit card processing criteria manually.

Credit Card Authorization


The credit card authorization happens when the issuing bank approves the credit card transaction. A credit card authorization number is issued to the merchant services account and payment of goods/services is guaranteed as long as:


  • A valid card has been used by the authorized cardholder


  • The cardholder has signed the credit card sales draft


  • The credit card transaction is not disputed by the cardholder

Credit Card Deposits


After the credit card authorization and the goods and services are rendered, a credit card deposit goes into the merchant’s account and a debit to the cardholder’s credit line is applied. With COCARD’s credit card processing service, this will happen in no more than 72 hours. Usually the authorization and deposit happen at the same time. But, if for some reason the goods/services are delivered at a later date, then the merchant services account must conduct a separate deposit transaction.

Credit Card Sales Draft


A credit card sales draft must be completed and imprinted  for all credit card sales. The credit card sales draft is a legal and binding contract and serves to protect all of the parties involved in the credit card processing system. If the consumer’s credit card is swiped or inserted through a POS credit card terminal, then the credit card printer should print out a hard copy of the credit card sales draft . If you are a mail/telephone order or Internet based company, your credit card sales draft will be electronically produced.


A manual imprinter should be used if:


  • Merchant has to manually punch in the credit card number, expiration date, etc.


  • Merchant does not have a credit card printer


The following should be on all credit card sales drafts:


  • Retail/Storefront Credit Card Processing


  • Credit Card Number


  • Credit Card Authorization and Reference Number


  • Customer Signature


  • Expiration Date


  • Date of Credit Card Sale


  • Amount of Credit Card Sale


  • Description of Goods and Services

Trust and the Credit Card Processing System


The credit card authorization system is designed to protect everyone involved in a credit card transaction. The system protects:


  • The Merchant – By guaranteeing that payment will be received for goods and services delivered to the consumer


  • The Issuing Bank – Chargebacks will guarantee that the issuing bank will not lose money if the goods and services are not rendered


  • The Cardholder – The cardholder’s bank will issue money back from the merchant’s bank if the goods and services are never received


Chargebacks are rare, but they can be damaging to your merchant services account.

Billing Information and Supplies


Any fees for credit card processing or charges for supplies for credit card equipment will be debited to the merchant services account on a monthly basis. Also, each card association will send out a monthly statement.

Description and Explanation of Discount Rates, Transaction Fees, and Other Fees


The discount rate is a percentage of each credit card transaction that is charged to the merchant services account by the credit card processing company. The discount rate varies depending on each merchant services account. Higher risk merchant services accounts have higher discount rates. For example, there are swiped credit card rates and keyed credit card rates.


Swiped rates are for storefront merchant accounts that physically handle the customer’s credit card, such as swiping it through the credit card terminal or inserting the EMV chip. This form of credit card processing is less susceptible to fraud so it carries the least expensive discount rate.


If a merchant account does credit card transactions through the mail, on the telephone, or over the Internet, the risk is higher because:


  • Cardholder is not present at the time of the credit card sale


  • Credit card could be illegally produced


  • Credit card could be stolen


  • Unauthorized use of the credit card


The discount rate for this type of merchant services account, because of the risk involved, will be slightly higher.


Rates have declined over the years as technological advances have made credit card acceptance more efficient and less susceptible to fraud. The first credit cards issued were Diner’s Club cards for use in New York City restaurants, and then Visa popularized credit card acceptance. In the beginning, there were no means of protecting merchants and issuers from fraud. A consumer would go into a place of business, present their credit card, and the merchant would go to a magazine-like publication to determine if that credit card account was legitimate. With the advent of the magnetic stripe and electronic data capture, the ability to detect fraudulent activity and delinquent accounts was greatly enhanced.


The reason for the difference in rates is because the merchant services account receives payment from the credit card processing company before they receive anything. The credit card processor is taking a risk, trusting that the merchant will provide the goods and services that were promised when the credit card transaction took place.


A merchant account’s discount rate can be negotiable if the volume of credit card transactions warrants special attention. Be aware that a lower or higher discount rate is not a good indicator of the quality of service from a credit card processor. Always investigate all aspects of a credit card processing company, and never go with someone just because they have low rates.


The transaction fee is a separate charge from the discount rate.

Credit Card Processing Equipment and Credit Card Processing Software


Once your merchant services account is approved, your credit card equipment will be programmed and shipped. All credit card equipment will be shipped by ground unless other arrangements are made by the merchant.


Customer service on credit card processing equipment and credit card processing software is available 24 hours a day, 7 days a week. Your hardware replacement will be dependent upon the manufacturer’s warranty. COCARD Merchant Services stands behind all of its credit card equipment manufacturers by offering free replacement for as long as you process credit cards with COCARD Merchant Services if there is a defect from manufacturing. COCARD Merchant Services will overnight replacement equipment and repair and return your credit card equipment.


Supplies needed for credit card equipment such as paper, ink ribbons, drafts, etc., are available through COCARD Merchant Services.


What is a merchant account and why do I need one?


If you have a retail, restaurant, mail-order/telephone-order or e-commerce business that wishes to accept credit cards directly as a form of payment, you need a merchant account. A merchant account allows a business to accept credit cards, EMV, debit cards, gift cards and other forms of payment cards. The merchant account provider handles the transfer of funds between the customer making a purchase and the merchant providing goods or services. This is also widely known as payment processing or credit card processing.

I already have a terminal. Can I still use it?


If you have existing equipment, we can often reprogram your current terminals so that they can be used with your new processing account.

What are my monthly fees?


COCARD prides itself on honest, straightforward pricing and competitive rates. We assess a Statement Fee and a low monthly minimum; we do not charge our merchants batch fees or annual fees.

Is there a fee to apply?


No, COCARD does not charge an application fee.

When will I know if I’m approved?


COCARD Merchant Services has a 98% approval rate on merchant accounts, and our goal is to get you accepting credit and debit cards as quickly as possible. Usually, approvals take place within 24-48 hours, but delays can occur if our underwriting department needs more information about a business. Your account manager will stay in touch with you throughout the application and setup process and will work with you to resolve any issues with your application.

Can I use my existing bank account?


Absolutely. Your funds will be deposited directly into your local business account, allowing you to maintain your current banking relationship.

What is a chargeback?


Chargebacks occur when a customer disputes a charge on their credit card statement. These are commonly due to unauthorized purchases or dissatisfaction with a product or service. Merchant banks issue chargeback fees to cover the retrieval of information in the dispute; if it is determined that the customer has a valid claim, the customer will be refunded and the merchant’s account will be debited.

Is it better to run debit as an online or offline transaction?


Whether it is more beneficial to run a debit card transaction as an online or an offline debit varies depending on the type of merchant account and on the amount of the ticket. Generally, online debit is more cost-effective with higher ticket amounts; however, the more that ticket amounts climb, the more likely customers are to pay for purchases with their credit cards. Also, if merchants have PIN pads out on their counter, more customers will run their cards through using their PINs on low-ticket, higher-cost transactions, negating the benefits of the lower prices on the bigger ticket items.

Do I have to wait for my monthly statement to see my transactions?


No, COCARD can access reporting features online for real-time transaction histories and other account information.

How much are interchange fees?


Interchange fees, which are posted on the Visa and MasterCard websites, range from less than 1 percent to 3 percent plus a per item fee for various transaction types. Rates vary based on the type of industry, the type of card used and the type of sales transaction. For example, sales conducted over the phone present a higher risk of fraud than in-person transaction, so the rates are higher. Credit cards present more risk than debit cards, and rewards cards are even higher still.


Because interchange fees are the fees that the card associations charge credit card processing companies, your costs will also include additional fees from your payment processor.

Who sets interchange fees?


Visa and MasterCard set the rates for interchange.

How often do interchange fees change?


Twice a year, usually in April and October, Visa and MasterCard review their interchange rates and decide whether or not to revise their fee structures.

Would just accepting cash be cheaper?


There are expenses associated with accepting cash as well. Cash transactions carry the risk of human error or theft; cashiers must count and make change accurately, and merchants must transport deposits to the bank or use a safe. Also, accepting credit card payments can increase sales by enabling customers without cash to make purchases. Reputable credit card processing companies allow you to reduce your costs and enjoy the benefits of processing credit card payments.

How much does it cost to implement an EMV- capable terminal?


EMV card readers cost between $400 and $700 but are often discounted through payment processors such as COCARD, where it might even be free.

What’s a processing gateway?


A processing gateway is a web-based service that authorizes payments for e-businesses and online retailers as well as brick and mortar businesses.

Do I need to buy any equipment?


This depends upon your business type. Many COCARD customers process payments through a virtual terminal, using only a computer and internet connection. If you do need to purchase a Point of Sale system, credit card machines or other equipment, COCARD’s dedicated account managers will work with you to determine your business needs and recommend the best solutions.

What are your rates?


COCARD charges extremely competitive rates. If you are currently processing credit cards and would like a complete complimentary rate analysis, we’ll ask you for three months of your current processing statements.

Once I’m approved, how do I actually start accepting credit cards?


Getting started is easy! A member of the COCARD support team will walk you through setup and run a test transaction.


Are there toll-free numbers available for authorizations and settlements? What are those hours?


Yes, toll-free numbers for authorizations and settlements are available 24 hours a day, seven days a week.

How can I avoid chargeback fees?


Along with accruing fees, excessive chargebacks may lead to the closure of a merchant account. The best strategy is to avoid them altogether! There are ten basic things that merchants can do to protect themselves when it comes to credit card processing. They are:


  • Make sure the cardholder is legitimate


  • Always check for the authorized signature


  • With mail/telephone orders, get the name and phone number of the cardholder and tell them that you will contact them before goods/services are delivered.


  • Use a ground carrier that requires a signature for delivery and only ship to the cardholder’s billing address


With Internet orders, the merchant should always make sure that their Internet software asks for:


  • Cardholder’s phone number and email address- verification of a legitimate domain name


  • Cardholder’s IP address- can be used to track down a fraudulent credit card user


  • Posted warning on the web site that the merchant prosecutes all fraudulent activity


  • The ability to produce hard copies of credit card receipts saying that goods and services have been provided


  • Use AVS


  • Get a signed receipt and signed proof of delivery


  • Merchants should be clear and consistent concerning warranties and return policies when it comes to credit card transactions


  • Submit credit card deposit transactions only when goods/services have been delivered


  • Keep merchant ID and terminal ID secure so no one can make unauthorized credit card transactions, insure transaction processing equipment stays at your place of business, only allow authorized personnel to have access to credit card equipment, and make sure the Internet software provider keeps ID secure

Do American Express and Discover charge interchange fees?


There are no interchange fees with American Express and Discover because in both cases, the card issuer and the acquiring bank are the same thing. However, American Express and Discover both charge merchant fees, which are often substantial.

What is a “liability shift” in terms of EMV?


This is when liability for card fraud switched from the banking institutions to merchants. Starting October 1, 2015 businesses that have not updated their terminals to accept EMV equipped cards will now be held responsible for fraudulent swiped transactions.

What’s the main difference between the cards we use now and EMV cards?


Historically, the United States has been typically been using cards with a magnetic strip on the back. These cards are swiped through a card reader and contain static financial information that can be easily duplicated by card readers. EMV cards, on the other hand, contain a microchip that produces a new code with each transaction, preventing fraudsters from gaining access to sensitive data on the card. EMV cards are therefore more secure than magnetic strip cards, and are responsible for a worldwide decrease in fraud.

Have more questions about interchange or credit card processing? Call 800.317.1819

How do I accept credit cards online?


To accept credit cards online, you can process through an online gateway or directly from your website using a shopping cart.

How long does it take to get a merchant account?


Most submitted applications are set up within 24 to 72 hours.

Why do different types of transactions have different rates?


Processing fees vary based on the type of industry, the type of card used and the type of sales transaction – for example, sales conducted over the phone present a higher risk of fraud than in-person transaction, so the rates imposed by the credit card associations are higher.

How do I apply? What will I need to apply?


The application process is simple and takes just a few minutes. When you call 800.317.1819, one of our account managers will ask you for information about your business, including its legal name, tax ID, physical business mailing address; legal owner/principal information; and estimated card transaction information. You’ll then fax in a few pieces of supporting documentation to verify the information you have provided, and in a few days you will be ready to process!

Who do I call if I have a question or problem?


Call 800.317.1819 at any time to speak to your account manager. If necessary, we’ll connect you to a member of our expert technical support team.

How do I get set up for Discover and American Express?


When you submit your merchant application, let your COCARD account manager know that you’d like to accept American Express and Discover, and we will apply for a merchant ID on your behalf.

What’s the difference between online and offline debit?


With online debit transactions, customers enter a 4 digit PIN number into a PIN pad at the point of sale. The transaction is routed through the debit network rather than the Visa/MasterCard network, and the funds are immediately debited from the cardholder’s checking account. Merchants who do not have PIN Pads can still process debit cards as off-line debit transactions. Off-line debit does not use a PIN number. Transactions are processed through the Visa/MasterCard network and the funds are debited from the cardholder’s checking account.

What is PCI Compliance?


PCI Compliance refers to the Payment Card Industry (PCI) Data Security Standards (DSS) imposed by Visa, MasterCard, American Express and Discover. This is a mandatory security program from the credit card associations put in place to protect your customers’ account data, and to protect your business from serious security breaches and damages.

What happens if I am not PCI Compliant?


PCI compliance is mandatory for every merchant accepting Visa and MasterCard. If you are not PCI-compliant, you will have to pay monthly non-compliance fees. If you happen to experience a data security breach while not complying with the PCI-DSS standards, you would also be subject to additional fines from Visa and MasterCard in addition to the expenses resulting from the security breach. As a service to our merchants, COCARD partners with a Qualified Security Assessor/Approved Scanning Vendor who will provide quality security assessments at a low cost.

How can I lower my credit card processing fees?


Because interchange fees are set by Visa and MasterCard, they are not negotiable. However, you should examine your credit card processing agreement to ensure that your merchant account provider is offering you the best possible terms.

You can also lower the cost of credit card processing by taking steps to eliminate the risk of fraudulent transactions – doing so will help you receive the lowest, or “qualified” interchange rates whenever possible. For example, you should always swipe a credit card during card-present transactions; if you have to key in a card, always use Address Verification Service (AVS). Be sure to batch daily as well: your credit card processor is charged a higher interchange rate for transactions that are submitted more than two days late.

Another way to reduce the risk of fraudulent transactions, is by accepting EMV cards. Companies who have not adopted the EMV technology will now be held liable, instead of the banks. Therefore, by routinely accepting EMV equipped credit cards, your business can prevent losses that would be the result of being liable for a fraudulent charge.

What does EMV stand for?


It is an acronym for its developers: Europay, Mastercard, and Visa.

How will switching to EMV directly benefit my business?


EMV will benefit your business in three ways. First, the risk of chargebacks from fraudulent transactions is greatly reduced. In the past, banks bore the financial weight for fraud. Now, companies that have not adopted EMV technology will be held accountable for fraud. Adopting EMV technology will protect your business from costs associated with fraud. Second, because technology keeps evolving, it is important to keep up. Most hardware that accepts EMV will also allow your business to accept payment alternatives such as contactless pay. Third, you can accept payment from foreign visitors. Much of the world only uses EMV technology.

Glossary of Terminology

A2A: account to account

AAV: accountholder authentication value

ABA: American bankers association

ACH: automatic check handling

ADA: Americans with disabilities act

ADC: account data compromises

ADSL: asymmetric digital subscriber line

ADV: automated accounting device

AES: advanced encryption standard

AF: audio frequency

AFC: automatic fare collection system

AFDC: aid for dependent children

AMEX: American express

ANSI: American national standards institute

A/P: accounts payable

API: application program interface

APP: application

APR: annual percentage rate

APTA: American public transportation association

A/R: account receivable

ARC: accounts receivable entry

ARN: acquirer’s reference number

ARU: audio response unit

ASCII : American standard code for information interchange

ASP: application service provider

ATM: automated teller machine

ATM: asynchronous transfer mode

AUTH: authorization

AVS: address verification service

BAI: bank administration institute

BASE I: bankcard system experiment I

BATS: batch transaction authorization system

BBS: bulletin board system

BD: baud

BEA: bureau of economic analysis

BID: business identification

BIN: bank identification number

BP: basis point

BPM: business process management

BPP: bill payment provider

BPSP: bill payment service provider

BSP: bill service provider

BW: bandwidth

CA: certification authority

CAP: central affiliated property

CAS: card authorization system

CAV: cardholder authentification value

CAVV: cardholder authentification verification value

CBT: computer based training

CCD: cash concentration disbursement

CDMA: code-division multiple access

CDPD: cellular digital packet data

CD-ROM: compact disk read only memory

CE: connection endpoint

CEBP: council for electronic billing and payment

CFR: code of federal regulation

CHECK 21: check truncation act for the 21st century

CHIPS: clearing house interbank payments system

CIE: customer initiated entry

CIF: central information file

CIF: card in force

CIP: customer identification program

CISP: cardholder information security program

CLM: client management

CMIA: cash management improvement act of 1990

CNP: card not present

COR: automated notification of change

COT: consumer operated terminal

CPC: corporate purchasing card

CPP: customer payment provider

CPS: customer payment service

CPU: central processing unit

CRM: customer relationship management

CSP: customer service provider

CTMF: combined terminated merchant file

CTO: corporate travel online

CTX: corporate travel exchange

CV: charge volume

CVC: card validation code

CVV: card verification value

DBA: doing business as

DCC: dynamic currency conversion

DDA: demand deposit account

DEK: data encryption key

DES: data encryption standard

DFI: depository financial institution

DLL: downline load

DNS: domain name system

DOJ: department of justice

DSA: digital signature algorithm

DSE: data storage entities

DSL: digital subscriber line

DSO: days outstanding

DTC: depository transfer check

DUKPT: derived unique key per transaction

D&B: dun&bradstreet

EBCDIC: extended binary coded decimal interchange code

EBIDS: electronic invoice delivery service

EBITDA: earnings before interest, taxes, depreciation, and amortization

EBPP: electronic bill presentment and payment

EBT: electronic benefits transfer

EC: electronic commerce

ECA: electronic check conversion

ECC: electronic check council

ECC: elliptic curve cryptography

ECCHO: electronic check clearing house organization

ECI: electronic commerce indicator

ECK: electronic check

ECOA: equal credit opportunity act

ECP: electronic check presentment

ECR: electronic cash register

EDC: electronic data capture

EDI: electronic data interchange

EFS: electronic financial servicers

EFT: electronic funds transfer

EFTA: electronic funds transfer association

EFTPOS: electronic funds transfer at the point of sale

EFTPS: electronic federal tax payment system

EFTS: electronic funds transfer system

EIN: employer identification number

EIP: electronic invoicing and payment

EIPP: electronic invoice presentment and payment

EIRF: electronic interchange reimbursement fee

EMS: electronic merchant services

EMV: eruopay international, mastercard international, and visa international

ENR: automated enrollment entry

EOM: end of month

E-PAY: electronic bill payment

E-POP: electronic point of purchase

EPP: encrypting pin pad

EPS: express payment service

EPURSE: electronic purse

ERP: enterprise resource program

ES: establishment services

ESA: external sale agent

ESSP: encryption support service provider

ETA: electronic transactions association

ETA: electronic transfer accounts

FAX: facsimile

FCC: federal communications commission

FCRA: fair credit reporting act

FDIC: federal deposit Insurance Corporation

FI: financial institution

FICA: federal insurance contributions act

FIFO: first-in/first out

FILO: first in /last out

FIPS: federal information processing standard

FIU: financial intelligence unit

FMS: financial managements system

FMV: fair market value

FOIA: freedom of information act

FPA: federal program agency

FRB: federal Reserve Bank

FSP: full service processor

FRS: federal Reserve System

FTC: federal trade commission

FTP: file transfer protocol

GAN: global area network

GDI: government designated issuer

GDP: gross domestic product

GMT: greenwich Mean Time

GPRS: general packet radio service

GSA: general service administration

GSC-IS: government smart card interoperability specification

GSM: global system for mobile communication

GUI: graphical user interface

HCS: host capture system

HSM: hardware security module

HTML: hypertext markup language

HTTP: hypertext transfer protocol

HTTPS: hypertext transfer protocol secured

IAB: internet architecture board

IAFCI: international association of financial crimes investigators

IANA: internet bill delivery and payment

IC: independent contractor

IC: integrated circuit

ICA: interbank card association

ICS: issuer’s clearinghouse

IDEA: international data encryption standard

IDS: intrusion detection system

IEC: international electro technical commission

IFX: interactive financial exchange

IIN: institution identification number

INAS: interbank network for authorization services

INET: interbank network for electronic transfer

I/O: input and output

IP: internet protocol

IPS: intrusion prevention system

IRD: image replacement document

ISA: independent sales agent

ISDN: integrated services digital network

ISO: independent sales organization

ISO: international organization for standardization

ISP: industry service provider

IVR: interactive voice response

JCB: Japan credit bureau

JPEG: joint photographic experts group

LAN: local area network

LIBOR: London interbank offered rate

LIF: location in force

LOC: letter of credit

L&D: loss destruction