You tap your card at a coffee shop. One second later, the screen beeps green. But in that single second, your payment travels through a network of banks, networks, and processors — bouncing across systems most people never think about. Understanding credit card processing is not just for fintech engineers. Business owners, entrepreneurs, and everyday consumers all benefit from knowing how money actually moves. This guide breaks it all down, from the first swipe to the final settlement, in plain language.
Table of Contents
What Is Credit Card Processing?
Credit card processing is the sequence of steps that transfers funds from a cardholder’s bank account to a merchant’s bank account whenever a purchase is made. It sounds simple on the surface. But it involves at least five distinct parties and happens in milliseconds. Each participant plays a specific role, and each one charges a fee for their trouble. Together, these fees form what the industry calls the “merchant discount rate” — a term worth remembering.
The entire process is divided into two major phases: authorization and settlement. Authorization confirms that the card is valid and that funds are available. Settlement is when money actually moves. These two steps can happen seconds apart in some systems, or up to 48 hours apart in others.
The Five Key Players in Every Transaction
Every credit card transaction involves five core parties. The cardholder is the consumer making the purchase. The merchant is the business selling goods or services. The acquiring bank (also called the merchant’s bank) processes payments on behalf of the merchant. The issuing bank is the financial institution that issued the card to the cardholder. Finally, the card network — such as Visa or Mastercard — provides the rails that connect everything together.
Think of it like a relay race. The baton (payment data) passes from the cardholder to the merchant, then to the acquirer, across the network, and finally to the issuer — all before returning with an approval or denial code. Each handoff adds speed, security, and cost.
| Cardholder | → | Merchant(POS / Gateway) | → | Acquiring Bank | → | Card Network(Visa / MC) | → | Issuing Bank |
Step-by-Step: From Swipe to Settlement
The moment a card is swiped, dipped, tapped, or entered online, the merchant’s point-of-sale (POS) system captures the card data — including the card number, expiration date, and CVV — and sends it to their payment processor. The processor immediately forwards this data to the card network. The card network then routes the request to the issuing bank.
The issuing bank checks a series of conditions in real time. It verifies that the account exists, that the card has not been reported stolen, that the cardholder has sufficient credit available, and that the transaction does not trigger any fraud flags. This entire check takes less than two seconds. The bank then sends back an approval or decline code, which travels the same route in reverse until it reaches the merchant’s terminal.
Settlement is a separate process that happens in batches. At the end of the business day, the merchant “closes” their batch and sends all authorized transactions to their acquirer. The acquirer submits these to the card networks, which coordinate the transfer of funds from each issuing bank. Within one to three business days, the net amount — after fees are deducted — lands in the merchant’s account.
| Key distinction: Authorization happens in real time. Settlement happens in batches. A payment can be authorized but not yet settled — which is why some charges appear as “pending” on your bank statement. |
Understanding Payment Processing Fees
Fees are where credit card processing gets complicated. Every transaction carries a cost, and that cost is split among the participants. There are three primary fee types merchants need to understand: interchange fees, assessment fees, and processor markup fees.
Interchange fees are paid by the merchant’s acquiring bank to the cardholder’s issuing bank. These are set by the card networks (Visa, Mastercard, etc.) and vary based on card type, merchant category, and transaction method. A premium rewards card costs more to process than a basic debit card. An in-person swipe costs less than a card-not-present online transaction, because card-not-present carries a higher fraud risk.
Assessment fees (also called network fees) go directly to the card networks — Visa, Mastercard, American Express, or Discover — for use of their infrastructure. These are typically a small flat percentage on top of interchange. Finally, the payment processor charges its own markup, either as a flat per-transaction fee, a percentage, or a blend of both.
| Fee Type | Who Receives It | Typical Range | Negotiable? |
| Interchange fee | Issuing bank | 1.15% – 2.40% | No |
| Assessment / network fee | Card network (Visa, MC) | 0.13% – 0.15% | No |
| Processor markup | Payment processor | 0.20% – 0.50% + $0.10–$0.30 | Yes |
| Payment gateway fee | Gateway provider | $10–$25/month | Sometimes |
| PCI compliance fee | Processor / acquirer | $75–$150/year | Sometimes |
Table 1 — Breakdown of typical credit card processing fees in the US market (2025–2026)
| 2.4%Avg. effective rate for SMBs | $1.8TUS card transaction value (2025) | <2 secTime to authorize a payment | 1–3 daysAvg. settlement window |
Pricing Models: Flat-Rate vs. Interchange-Plus vs. Tiered
Payment processors package their fees into pricing models. Understanding which model you are on — or should be on — can save a business thousands of dollars per year. The three most common are flat-rate, interchange-plus, and tiered pricing.
Flat-rate pricing charges one consistent percentage for every transaction, regardless of card type. This is simple and predictable. Processors like Square and Stripe use this model. It suits small businesses that value simplicity over optimization. The downside is that merchants with high volumes end up overpaying because they cannot take advantage of lower-cost card transactions.
Interchange-plus pricing passes through the actual interchange cost and then adds a fixed, transparent markup. This model is more complex to read on a statement, but it is nearly always cheaper for mid-to-large businesses. It also provides full visibility into where every fee goes. High-volume merchants and those processing premium rewards cards benefit most from switching to this model.
Tiered pricing groups transactions into “qualified,” “mid-qualified,” and “non-qualified” tiers. Processors assign cards to tiers at their discretion, which often results in many transactions landing in higher-cost tiers. This model is the least transparent and is widely considered the least favorable for merchants. If your processor uses tiered pricing, it is worth asking for an interchange-plus alternative.
The Role of the Payment Gateway
A payment gateway is the software layer that sits between the merchant and the payment processor. Think of it as the digital equivalent of a card reader. For online businesses, the gateway captures and encrypts the card data entered by the customer on a checkout page. It then securely transmits that data to the processor to begin the authorization flow.
Gateways handle tokenization — the process of replacing sensitive card data with a unique, random token. This token is meaningless to hackers but can be used by the merchant system to process future charges (such as subscriptions) without storing actual card numbers. Tokenization is one of the most important security mechanisms in modern payment infrastructure.
Some processors bundle their gateway into their core service. Others require merchants to integrate a separate gateway provider. Well-known standalone gateways include Authorize.Net and NMI. Integrated solutions like Stripe and Adyen handle both the gateway and processing in a single platform.
Card Networks: Visa, Mastercard, Amex, and Discover
VISA
Visa is the world’s largest card network by transaction volume. It does not issue cards directly. Instead, it licenses its network to banks that issue Visa-branded cards. Visa sets interchange rates, maintains the VisaNet transaction network, and handles dispute resolution between issuing and acquiring banks.
MASTERCARD
Mastercard operates similarly to Visa — it is a network, not a bank. It provides the rails and the rules. Mastercard has been particularly active in pushing contactless payment standards and real-time payment infrastructure globally. Both Visa and Mastercard use a “four-party model” involving cardholders, merchants, issuers, and acquirers.
AMERICAN EXPRESS
American Express operates differently. It functions as both the network and the issuer for most of its cards. This “three-party model” means Amex keeps more of the interchange revenue but also accepts more risk. Amex typically charges merchants higher processing rates, which is why some smaller merchants decline Amex cards. However, Amex cardholders tend to have higher average spend, which can offset the cost for many business types.
DISCOVER
Discover also operates a closed-loop network similar to Amex. It is less widely accepted globally but is growing through partnerships. Discover has a reciprocal acceptance agreement with several international networks, including UnionPay in China and JCB in Japan, expanding its effective reach for US cardholders traveling abroad.
| Network | Model | US Market Share (2025) | Typical Merchant Cost |
| Visa | Four-party | ~52% | 1.15% – 2.40% |
| Mastercard | Four-party | ~25% | 1.15% – 2.50% |
| American Express | Three-party (closed) | ~18% | 1.80% – 3.25% |
| Discover | Three-party (closed) | ~5% | 1.55% – 2.30% |
Table 2 — US card network comparison by model, market share, and merchant cost range
Security Standards: PCI DSS Explained
Any business that stores, processes, or transmits cardholder data must comply with the Payment Card Industry Data Security Standard (PCI DSS). This is not a law, but it is effectively mandatory. Failure to comply means fines from your processor, higher processing rates, and potential loss of the ability to accept card payments entirely.
PCI DSS is maintained by the PCI Security Standards Council, a body founded jointly by Visa, Mastercard, American Express, Discover, and JCB. The standard is divided into levels based on transaction volume. Level 1 merchants (those processing over 6 million card transactions per year) face the strictest requirements, including an annual on-site audit by a Qualified Security Assessor. Smaller merchants can typically self-certify using a Self-Assessment Questionnaire (SAQ). Full documentation is available at: https://www.pcisecuritystandards.org/
Beyond PCI DSS, modern payment security relies on three layers: encryption, tokenization, and 3D Secure authentication. Encryption protects data in transit. Tokenization protects stored card data. 3D Secure (like Visa Verified or Mastercard Identity Check) adds an additional cardholder authentication step during online checkout, reducing the merchant’s fraud liability.
Chargebacks: The Hidden Cost of Accepting Payments
A chargeback occurs when a cardholder disputes a charge with their issuing bank rather than resolving it directly with the merchant. The bank then reverses the transaction and debits the merchant’s account — plus a chargeback fee that typically ranges from $15 to $100 per incident. If a merchant’s chargeback rate exceeds 1% of monthly transactions, they risk being placed on a card network’s monitoring program, which can result in heavy fines or account termination.
The five-party relay in a standard card transaction
Chargebacks happen for several reasons. Friendly fraud — where a cardholder disputes a legitimate charge — is increasingly common in e-commerce. Technical errors, processing duplicates, and genuine fraud also generate chargebacks. Merchants can fight chargebacks through a representment process by providing evidence such as signed receipts, delivery confirmations, and communication logs. Winning a representation recaptures the funds but requires time and documentation.
Emerging Trends in Payment Processing
The payments industry is changing fast. Contactless payments — driven by NFC technology in cards and mobile wallets like Apple Pay and Google Pay — now account for a growing share of in-person transactions. The speed and hygiene benefits accelerated adoption sharply during the COVID-19 period, and the habit has stuck. Today, merchants who do not support tap-to-pay face a real competitive disadvantage at the point of sale.
Buy Now, Pay Later (BNPL) services like Affirm and Klarna have inserted themselves into the checkout flow as an alternative to traditional credit. They split purchases into installments and take on the credit risk themselves, paying merchants upfront minus a fee. For merchants, BNPL typically increases average order value and conversion rates — but at a higher processing cost than standard cards.
Real-time payments (RTP) and the FedNow network are pushing toward instant bank-to-bank transfers that bypass card networks entirely. As this infrastructure matures, it could meaningfully reduce interchange costs for merchants — but broad consumer adoption is still years away from displacing card-based payments as the default at checkout.
Conclusion
Credit card processing is one of the most consequential — yet least understood — systems in modern commerce. Every swipe triggers a complex, multi-party relay that authorizes funds, enforces security standards, and distributes fees across a chain of institutions. For consumers, understanding this flow helps you read your bank statement with more confidence. For business owners, it reveals real opportunities to reduce costs, manage risk, and choose the right partners.
The key takeaways are straightforward. Know your pricing model — and push for interchange-plus if your volume warrants it. Prioritize PCI compliance to avoid penalties. Manage chargebacks proactively before they threaten your merchant account. And keep an eye on emerging payment methods, because the rails beneath consumer payments are evolving faster than at any point in the last decade.
Frequently Asked Questions
| What is the difference between a payment processor and a payment gateway? A payment gateway captures and encrypts card data at the point of entry — think of it as the digital card reader. A payment processor then takes that encrypted data and manages the actual transaction routing between the acquiring bank, card network, and issuing bank. Some companies (like Stripe) combine both functions into one platform, while others require merchants to set them up separately. |
| Why do credit card processing fees vary by card type? Interchange fees — the largest component of processing costs — are set by card networks and vary based on factors like card type, transaction method, and merchant category. Premium rewards cards carry higher interchange rates because the issuing bank uses that revenue to fund cardholder benefits like cashback and travel miles. A basic consumer debit card, by contrast, has some of the lowest interchange rates in the system. |
| How long does credit card settlement actually take? Authorization is nearly instant — under two seconds in most cases. Settlement, however, typically takes one to three business days. The exact timeline depends on the merchant’s processor, the type of transaction, and when the daily batch is closed. E-commerce transactions processed with card-not-present data can sometimes take longer, and certain high-risk merchant categories may face extended holds by their acquiring bank. |
| What is PCI compliance, and do all merchants need it? PCI DSS applies to any business that stores, processes, or transmits cardholder data — in practice, virtually every merchant that accepts credit cards. The compliance level required scales with transaction volume. Small businesses typically complete a self-assessment questionnaire annually, while large enterprises must undergo third-party audits. Non-compliance can result in fines, increased processing rates, and termination of your merchant account. |
