When was the last time you used your Wells Fargo card? How about your USAA card?Â
No, this isn’t a trick question.
If we asked when was the last time you used your Visa or Mastercard, you’d probably be able to answer right away. Given that the banks’ names are printed on the cards at least as prominently as the brand names Visa or Mastercard, why is it that people think of these cards by their brand names instead of the banks’ names? Especially–at least for Visa and Mastercard–since cardholders only deal with the banks that issued these cards instead of the card brands themselves. And why is it that Discover and American Express work differently? (Do they work differently?)
These questions probably don’t keep you up at night.
But, if you’re ever curious about what these card networks, card associations, or card brands are and what these entities actually do (other than make you pay fees of various sorts), you’re at the right place. We’ll explain what card networks are, give you a little history about each, and provide a general framework for understanding how they fit into the business of credit card processing.
At the end of the day, we hope that this article will at least explain why merchants are charged pesky fees for taking these cards. So, grab some coffee and read on!
What Is A Credit Card Network Anyway?
Major credit card networks around the world include Visa, Mastercard, China UnionPay, American Express, Discover, and JCB (Japan Credit Bureau). But this doesn’t really help you understand what a credit card network is. So, let’s go into a little more detail below.
What Do They Mean By “Network”?
Let’s clarify the term “network” before we start. Typically, a network is just a group of entities that have some sort of relationship with each other–think social networks or computer networks. For this article, by default, we use the word network to mean a group of entities that participate in the credit card processing workflow. Usually, this means each entity has some sort of contractual obligation with another entity in the workflow.
Note, though, that the credit card associations also maintain advanced computer networks, which they rely on to process credit card transactions. In fact, some of them even want to be known as technology companies that just “happen” to work in the payments space.
A Credit Card Network Can Be Analogized As A Franchisor
If you’re familiar with the franchise business model, then you already have a fairly intuitive understanding of what credit card networks do. In this analogy, Visa and Mastercards are like franchisors, the banks that issue the cards are franchisees, and the consumers who use the cards are the customers. Following this analogy, American Express and Discover would be like franchisor-owned stores that work with customers directly.
In the franchise model, both the franchisor and the franchisee enter into a long contract setting out a complex set of rules for the franchisee to follow; the same goes for card networks and issuing banks. The franchisor changes these rules from time to time and enforces them, just as card networks change and enforce guidelines. The franchisors also have other obligations, such as marketing their service to the general public –that’s why they are better known to the general public than the franchisees. You know there’s a McDonald’s in your town, but you probably don’t know or care who’s running it. Likewise, you know you have a Mastercard, and that’s the most pertinent piece of information; the issuing bank may seem irrelevant.
Of course, real-life is far more complex, and this analogy doesn’t cover a lot of what the card networks do. But, hopefully, it gives you a quick, general framework to go back to if you get overwhelmed. For a more detailed explanation of what a card network does, read on to find out.
How Does A Credit Card Association Fit Into The Credit Card Processing Work Flow?
There are a lot of players in the credit card processing business, and each player occupies a unique spot in the overall business model. Here are the major players:
- The consumer/cardholder
- The issuing bank
- The acquiring bank
- The card networks/card associations
- The processor
- The merchant
Once a consumer uses a card to make a purchase, whether at a physical store or online, the following process begins:
- The card information is encrypted and transmitted from the merchant to the processor.
- The processor determines which acquiring bank is associated with the merchant. Note that sometimes the processor is the same as the acquiring bank, but often it is not.
- The payment information is sent to the correct acquiring bank.
- The acquiring bank sends the information to the correct credit card association–i.e. Visa, Mastercard, Discover, or American Express.
- The card association matches the consumer with the correct issuing bank and often performs some fraud checks. If the card purchase is a tokenized purchase, the association further matches the token to the actual, primary card number (PAN) and forwards the information to the issuing bank. With Discover and American Express, they are their own issuing banks, so this step is skipped.
- The issuing bank checks the credit availability of the cardholder (and potentially performs additional identity verification checks), and either authorizes or declines the purchase.
- This message is transmitted to the acquiring bank directly. If the purchase is authorized, the acquiring bank releases the funds to the processor, which, in turn, releases the funds to the merchants in a proscribed time period.
- The money owed between the issuing bank and the acquiring bank is settled later.
- The cardholder pays the issuing bank back at a later date.
As you can see, card associations do have a role in the transaction process flow. And for this, they wish to be paid.
Are Credit Card Networks The Same As Debit Networks?
This is actually a fairly tricky question. We have an entire article explaining how debit and credit cards are related, but below is a quick summary.
There are two types of debit transactions: PIN debit and credit-based debt. For a PIN debit, once the transaction information reaches your processor, it’s routed through a different computer network than a credit-based debit, and a different payment procedure is followed. A credit-based debit transaction is routed through the credit card network, but the money is pulled out of the cardholder’s account almost immediately (much like a PIN debit transaction), instead of waiting for the cardholder to pay at the end of a credit card statement cycle.
Just to complicate matters, some card associations own debit networks too. For instance, Discover owns the PULSE network, which is an ACH debit network. But, to answer the question posed by the subheading, under some circumstances, a credit card network can indeed be used as a debit card network.
Meet The Major Credit Card Brands
For this article, we’re going to focus on the four major credit card brands in the US: Visa, Mastercard, American Express, and Discover. We limit our discussion to these four US brands because they all have a substantial international presence and our readers are mostly in the US. Just be aware that there are other card brands doing business in other parts of the world, the most noteworthy of which is China’s UnionPay (it’s the third-largest card network in the world, behind Visa and Mastercard).
Regardless of the actual name of the card brand, they all work in a substantially similar way as the card process flow presented above.
Visa is the oldest modern credit card brand. It started in 1958 as a part of Bank of America, and it was called the BankAmericard. Bank of America operated the business exclusively until 1966, when it started to license the program to other banks. In 1970, Bank of America transferred control of the program to a consortium of banks. In 1976, the entity was renamed Visa, and the name continues today.
Visa started to electronically authorize and then clear and settle payment card transactions in 1973. Today, Visa has four data centers around the world handling credit card transitions in Virginia, Colorado, London, and Singapore. In 2018, it processed over 188 billion transactions through its worldwide computer network. Its products include debit, credit, and prepaid cards, all under the Visa brand name.
Mastercard traces its origins to 1966, when a group of bankcard associations joined together to form the Interbank Card Association. At first, this was a loose association with weak brand recognition, so in 1969, the association rebranded itself as Master Charge. The brand became a global brand when it entered the European market in 1968. In 1979, the association changed its name to Mastercard.
In 2018, Mastercard processed 73.8 billion transactions. In addition to its credit card processing business, it also has debit and prepaid cards under the brand. Mastercard prefers to be known as a payments technology company, and, as such, has invested heavily in its computer network around the world.
American Express started as an express mail company in 1850. A little over 100 years later, in 1958, it started its charge card business. Today, charge cards are only a portion of American Express’s business, but, because this article focuses on payment card brands, we will limit our discussion to charge cards only.
Somewhat different from the other card brands, the American Express card is a charge card. This means that the cardholder must repay the entire charged amount by the due date instead of having the option of only paying a portion of the amount at the end of the billing period, like a credit card.
American Express is the fourth largest card brand in the world based on purchase volume, behind China Union Pay, Visa, and Mastercard. The American Express business model differs slightly from the Visa and Mastercard models. American Express typically acts as its own issuing bank and acquiring bank. There are some exceptions, however.
Under the OptBlue program, merchants who process under a specific dollar amount can sign up to process American Express through a processor. Once they process over that limit, though, they must enter into a direct contract with American Express, so that American Express becomes both the processor and the acquiring bank for the transactions. Recently, American Express has also started to allow a small number of banks, like the Bank of Hawaii, to issue American Express cards. So, while there are some exceptions to the rule, American Express continues to be its own issuing bank and acquiring bank under most circumstances.
Of the major branded payment cards, Discover is one of the youngest. It was introduced by Sears in 1985, and even from the start, it had just one issuing bank: the Greenwood Trust Company (now called the Discover Bank). Discover issues its own cards and maintains a direct relationship with most of its customers, servicing them through the Discover Bank. There are some third-party issuing banks that work with Discover, but these are in the minority.
Generally, for small and mid-sized merchants, Discover works through third-party acquirers/processors to process card charges. However, it does maintain a direct relationship with large merchants, and in those cases, Discover serves as both the issuer and the acquirer in the payment card process flow.
In 2018, Discover processed 6.8 billion transactions, 2.5 of which were on the Discover Network and 4.4 on the PULSE Network (ATM debit transactions). In addition to its credit and debit card business, Discover is a full financial services company, providing traditional direct banking services (e.g. student loans, mortgages) as well as payment processing services.
Credit Card Brand VS Credit Card Issuer
So are the credit card brands the same as credit card issuers? From what’s already been covered above, the answer necessarily must be: maybe.
A credit card issuer is typically a bank that works with a consumer to get a credit card–in a way, giving the consumer a personal revolving line of credit that can be paid back immediately or later (if later, typically with interest). It is the issuing bank that lends the money to the consumer for the card purchases. The card brands typically have nothing to do with lending (this is always the case with Visa and Mastercard).
The card brands set certain pricing (i.e. interchange fees and card brand fees) and make certain rules that the issuing banks, acquiring banks, processors, and merchants must follow. Failure to follow the rules means that the card brands can stop doing business with you, effectively shutting you down.
Things are slightly different with American Express and Discover. Each of these companies is a large financial services company that owns both a card network business and a bank business. In most cases, they use their own banks to issue cards and lend money to consumers, but they also use their own network (business network and computer network) to process the card transactions. So, American Express and Discover are both their own card brands and their own issuing banks.
What Do The Credit Card Associations Do?
Now that we’ve generally described the credit card associations’ place in the payment transaction workflow, let’s look in a little more detail of the major duties of credit card associations.
Determine Individual Card Brand/Network Rules
You may or may not know that each card brand has a thick book of rules and regulations you must follow as a merchant. Your contract with your processor typically will say that if you do not follow these rules, they can terminate your contract. You might even be put on the MATCH list for violating some of these rules.
What is alarming is that these rules are not uniform, so the Visa rules can differ from the Mastercard rules which can differ again from the Discover rules. These rules are there to ensure that all merchants who accept a particular brand of card act in the same way, with the same level of service. Naturally, this doesn’t always make your life easier.
The rules aren’t all bad, though. The financial services industry is highly regulated by governments around the world. As a small business owner, it’s very difficult for you to keep up with changes in these laws. However, generally speaking, if you follow the card brand rules, you should be able to stay well clear of any legal violations, at least as far as payment processing is concerned.
Though these rules can be complicated, the one big thing you should always keep in mind is to always treat the card brands the same–whatever procedure you use when taking one type of card should be used for all card brands you process. Other than this, do some quick research on the internet before you make any process changes, to stay on the safe side.
And be sure to search our site. We try hard to point out anything in the rules that may pertain to things you might want to implement, things like a minimum charge or a convenience fee. Reading our articles might save you time and headaches in the future.
Determine Data Security Standards
Another fairly important thing the card brands do is to make and implement the data security rules that govern the secure storage and transmission of payment card data. To do this, the four card brands, plus JCB of Japan, started the standards-making organization called the PCI Security Standards Council. Today, the council includes many other members, and they meet periodically to improve on existing rules and agree on new rules.
The PCI security standards cover only the transmission and storage of cardholder and/or sensitive card authorization data, but they do this from end-to-end. So, the standards cover things like what sort of data encryption schemes to use when transmitting card payment data, what sort of hardware security minimums are required on a credit card machine, what security requirements are needed for a physical payment card, and even what sort of employee access restrictions should be instituted if a merchant wishes to store card information on-premise.
While these security standards cover a lot of ground, there are items that they do not cover. For instance, the standard does not mandate any sort of technology to actively detect fraud. Instead, fraud detection software is privately run by processors or the card associations, and if fraud is found, the merchant would be notified.
In addition to the PCI Security Standards Council, the card networks also participate in other standards-making organizations related to data security, organizations like EMVCo, which we will cover in a separate section below.
Set Interchange Rates
If you are familiar with the credit card processing business, then you know that the interchange rates are rates that you cannot negotiate with your processor–it’s their cost for processing each card, passed down from their own service providers. A large portion of the interchange rates go to the banks, but it is the credit card associations that set them. This way, the multiple banks that take part in the payment card processing business are all compensated in the same way.
Build & Maintain Payment Processing Computer Network
Even in the earliest days, computer and computer networks held prominent roles in the credit card processing workflow. Starting with VisaNet in 1973, a lot of the authorization, clearance, and settlement was processed over networks privately operated by the various card brands. Today, computer networks are so important in the payment processing workflow that Visa and Mastercard think of themselves as technology companies instead of financial services companies.
If you read their websites, you might think that the card brands built and operate the entire credit card processing network, but that’s not true. The fact is, while credit card associations do operate and maintain a very important part of the processing network, other entities (like the banks) also own and maintain hardware and software connected to this network. Still, the portion owned by the card associations directs traffic and routes different information to the appropriate banks, so they do function a little bit like the nerve center of the network.
Today, a processing request can be transmitted from the merchant to the issuing bank (and go through all the entities along the way) and back again in the blink of an eye, all thanks to the payment processing computer networks that the card associations helped build.
Preventing & Detecting Payments Related Cybercrimes Through Technology
As touched on earlier, the card associations form the PCI Security Council, but the council’s job is limited–it only works on rules that would prevent unauthorized access to the payment processing network. The card associations, however, do a lot more than that. They each have sophisticated hardware and software that help detect and prevent cybercrime. To do so, they analyze large sets of data to detect patterns that suggest fraud, data breach, use of stolen cards, and other unusual activities.
Tokenization is another example of how the card associations use technology to prevent cybercrimes. Every card association has its own way of generating a token, but lately Visa, Mastercard, and American Express have worked together on a standard for creating tokens. They have submitted a preliminary proposal and are working with EMVCo. to finalize the standard. (Discover has not joined this standard-setting effort.)
So, in addition to the more visible PCI security rules, the card associations work on other security matters as well.
Last, but not least, the credit card associations advertise their cards to increase consumer awareness, as well as use. As a result, consumers know the card brand names better than the issuing banks’ names.
As an example of marketing decisions that affect how a card network operates, Mastercard/Master Charge only came into being because consumers were confused by the weaker trademark Interbank card. When the association learned that the consumers didn’t see Interbank as a strong, unified brand, they changed their name to Master Charge for better uniformity. Today, the brand name Mastercard is known throughout the world.
Accepting Different Credit Card Brands Through Your Merchant Account
Years ago, some merchants only accepted Visa or Mastercard. Restaurants often only accepted American ExpressÂ because restaurants were given a lower interchange rate in exchange for taking American Express exclusively. Discover card, being the newest card, seemed to simply have had trouble with market penetration so that many merchants didn’t take the card.
This is no longer the case. Today, a merchant can accept all four major brands through most processors. Still, this is not always desired. For instance, some government agencies take only Visa or Mastercard because these brands offer an easy way to set up a convenience fee charge. If you are a merchant who wishes to take all four major credit cards, to be safe, be sure to confirm with your processor before you sign the contract.
How Do The Credit Card Networks Affect My Small Business?
By now, you should have a fairly good general idea of what credit card associations do, and how they affect your everyday business operations. The fact is that you, as a small business owner, probably have no direct contact with these entities — but what they do and what they decide directly affects you. Sometimes, these decisions force you to tweak the way you must run your business, but other decisions could benefit you or even keep you safe from violating financial services laws and regulations around the world.
At the end of the day, credit card associations are vital to how credit card payments work. We hope this article has given you a better understanding of what they do, and how they do it.
Credit card associations are not the only players in the credit card processing flow, however. If you’re curious about how other entities fit into the credit card process flow, we’ve provided links to other explanatory articles throughout, so be sure to check them out.
The post The Complete Guide To Credit Card Networks: Visa, Mastercard, American Express & Discover appeared first on Merchant Maverick.