Anatomy of a Payment Card

What happens when you swipe or insert your credit card?

Image by Kris from Pixabay

We all use payment cards every day….. I can imagine so many of us can’t live without our payment cards. As for me I can’t imagine a world without them, I’d literally not survive. We call them so many names like ATM card😂 or Credit card or Debit card without really understanding what it entails.

Payment cards come in different types and forms, yes but that’s not my point. Do you actually know what the characters on your payment card stand for? Or why they should be protected, or even in a situation when your cardholder data is compromised, what it can lead to?

There are several pieces of data embedded on a payment card.

The parts of a payment card can be divided into 2 categories.

1. Cardholder data
2. Sensitive authentication data (SAD)

For the cardholder data, we have:

▪Primary account number: A set of numbers that identify the cardholder and the account that is linked to the card.

▪Cardholder name: This is the name linked to the card.

▪Expiration date

▪Service code

For the Sensitive authentication data we have:

▪Magnetic stripe data: This contains embedded information that Identifies the card’s user.

▪Code verification value or code(CVC, CID, CVV): This is the 3-digit number at the back of a payment card.

▪PIN/PIN block

As mandated by the PCI DSS v3.2.1 which was created by the PCI council, Cardholder data like Full PAN can be stored by your vendors but must be rendered unreadable. This is to prevent unauthorized individuals from getting access to it. However, SADs must not be stored.

What happens when you use your payment card make a transaction?

The card payment process that happens in a matter of seconds

There are several entities involved in a card transaction process. This is the point I’d probably explain to help you understand the process better.

The Cardholder is the owner of the payment card.

The Issuer or Issuing bank is the cardholder’s bank. It’s the bank where you have an account that provides you with a payment card. The issuer also verifies if the cardholder has enough funds to make a transaction.

Payment brands act as a Liason between the issuer and the acquirer. These are JCB international, American express, Visa inc, Mastercard and Discover Financial services.

A merchant is an entity that accepts payment cards as a method of payment for goods and services. It can be a store, school, supermarket etc.

An Acquirer or Acquiring bank is the bank or financial institution that holds the merchant’s funds. They process payment transactions on behalf of a merchant.

Back to the card payment process.

When you swipe or insert your card at a POS point, what happens?

Let’s picture a scenario with a guy in it. Let’s call him Majeed.

Majeed goes to the mall, picks up a few things, and comes to the cashier point to pay. Now when he inserts his card at a point of sale and inputs his PIN, 3 things happen:

Majeed swipes his card and his details are sent to Newbank(Acquiring bank). Newbank then passes the details on to the Payment brand network. The Payment brand network routes the information to the Penbank (Issuing bank) along with an authorization request.

Penbank receives the authorization request and verifies the credit card information. Penbank checks Majeed’s available funds, his CVV, and his credit card number to validate. If maybe Majeed has incomplete funds to further the process, Penbank puts the transaction on hold or declines the transaction. If that’s not the situation, the mall’s POS terminal collects all transactions in a batch file for the day and gives Majeed a receipt for that sale.

Now, no it’s not finished yet.

For the last step, after payment has been completed, all the entities involved need to be settled and cleared. Newbank needs to be paid, the Payment brands also need to be paid. Penbank needs to make sure the transaction has been reflected in Majeed’s account. The batch file will then be sent to Newbank then the Payment brand network. The Payment brand network forwards it to Penbank. Within a stipulated time, Penbank then transfers the funds to Newbank through the Payment brand network. The Payment brand network takes a small cut of the money exchanged. Newbank also takes a percentage before crediting the mall’s account.

It isn’t important to know every single step in the card payment process, but it’s good to understand the process to know what could go wrong.

Security Tips for online and POS transactions.

1. Be mindful of the websites you put your card details in.
2. Always be cautious when inputting your pin at POS Terminals.
3. Do not use Public Wi-fi to access banking apps and websites.
4. Create strong passwords for your banking applications.
5. Always check financial websites for a padlock at the top left. This shows that the SSL certificate is valid.
6. Always check for “https://” on the URL. This indicates that the website is secure.
7. Do not use links sent by people to access your bank’s website, rather go visit the website yourself via a search engine.
8. Remember to stay logged out of e-commerce websites.

We’re at the end of this article. I hope you enjoyed it. Don’t forget to like, share and comment 😎

I hope to see you soon!