CODEWITHSUNDEEP
credit-card
Gnudiff
Gnudiff

Reputation: 4305

Direct credit card processing?

As I understand, CC [credit card] processing from POS to bank goes very broadly like this:

  1. CC info and debit amount are sent to the POS terminal operator's (Merchant's) bank or other organization, which is part of CC network

  2. Merchant's bank or org connects to CC issuers bank and sends request of CC debit on behalf of Merchant;

  3. Merchant's bank receives result and gives back to POS terminal.

We have a client, who asks me, if it is possible to set up POS terminal, which would send request [on behalf of his bank account] directly to the bank of the CC issuer. Ie. only having a POS terminal and knowing his own account information, can he use this information to send request of purchase to buyer's bank?

It is my understanding and common sense, that it shouldn't be possible, as all info about CC processing indicates that it is only possible by entering "credit card network", which presumably means specific organizational requirements, fees and memberships.

However, I haven't managed to find direct confirmation of this: for example, such places as Cybersource only show how THEY offer it to be done, not if it is the ONLY way to do it, so is it true?

I can see this question is not strictly software development, but it doesn't seem to fall under "Personal Finance" or "Quantitative Finance" either, and I assume people who have implemented CC processing would know best.

Upvotes: 0

Views: 135

Answers (1)

PaulG
PaulG

Reputation: 14021

What you have described is broadly correct.

In most cases an authorisation request will flow from:
POS -> Payment Gateway -> Card acquirer -> Card Issuer

The payment gateway looks at the card IIN to determine the appropriate card acquirer. Eg for Visa and MasterCard requests these may simply be passed on to the POS merchant account (for them to then speak to Visa and then Visa speaks to the card issuer). For other card issuers, such as Diners or Amex the gateway will speak directly to Diners/Amex (and it is Amex/Diners that can directly auth). The difference here is that Visa cardholders are broadly associated with a bank account, whereas Amex/Diners are their own entity.

To be able to intelligently route the request to the appropriate place you would have to essentially become a payment gateway (and even then you might only be speaking to the merchant account, not directly to the card issuing bank). It's a significant amount of work, with considerable consequences in terms of PCI-DSS compliance.

Upvotes: 1

Related Questions