Payment Processing: The e-Payment Roadmap
Your credit card information is much safer than you realize.
I recently joined Systems East, Inc. as Education and Training Expert, and I am tasked with designing and managing a knowledge content strategy that includes blog articles, video interviews, podcasts, webinars, and continuing education programs. Although we are producing material on the benefits of ePayments, security, and privacy, there is one topic that has been of particular interest to me.
What happens from the time I swipe my card to pay and the time it shows up on my bank account only seconds later? Even before I became an employee, I was a consumer. How do I know, within that process, that my card information is safe? Peter Rogati’s response follows.
When you are using a tool like Xpress-pay, your transaction follows this path:
- Credit card information is entered at the web or mobile payment portal.
- When the payment button is clicked, the card number is encrypted and sent to a payment processor. You may recall that, in an earlier article, we defined encryption as the process of obscuring information to make it unreadable without special knowledge, key files, and/or passwords, in an effort to prevent unauthorized access.
- If the transaction is declined, all card data is cleared and must be reentered to try again.
- If the transaction was successful:
- The processor returns an authorization code to the payment portal.
- The portal records the consumer’s name, address, and approval code in the database.
- The portal produces a receipt for the consumer, both on-screen and by email.
- The processor notifies the card’s issuing bank of the transaction.
- For credit cards, the amount is added to the consumer’s statement balance.
- For debit cards, the payment is deducted from the consumer’s bank account.
- The funds are electronically transferred, resulting in a deposit to the merchant’s account on the following business day.
The details behind the processing of a payment are somewhat more technical. In addition to the end-to-end encryption requirements, ePayment providers must maintain PCI DSS certification. In order to maintain PCI DSS Level 1, participating parties are required to maintain twelve, strict security measures in conjunction with over 400 security standards that are issued and updated by the Payment Card Industry Security Standards Counsel (PCI SSC).
If you have any questions about the events surrounding the ePayment process, protection of PII, how card data is protected, or vulnerabilities that may exist in your current methods, we invite you to contact our team. We will be happy to go into more detail or assist you in implementing the mechanisms discussed in this article.
For more information, feel free to contact us anytime at: