Payment processing is the complete sequence of steps that transfers money from a customer’s bank account or credit line to a merchant’s account when a purchase is made. It involves multiple parties””the customer’s bank (issuing bank), the merchant’s bank (acquiring bank), card networks like Visa or Mastercard, and a payment processor that coordinates communication between all of them. When a customer swipes a card or clicks “pay now,” the processor routes that transaction through authorization, authentication, and settlement stages, typically completing the full cycle within one to three business days. Consider what happens when someone buys a $50 item from your online store using a credit card.
The payment processor captures the card details, sends an authorization request through the card network to the customer’s bank, receives approval (or decline), and later initiates the actual fund transfer. Of that $50, you might receive $48.50 after fees””the difference goes to the various parties that made the transaction possible. For startups, understanding this flow matters because payment processing costs directly affect margins, and choosing the wrong provider can mean overpaying by thousands of dollars annually. This article breaks down how payment processing actually works, what fees you’ll encounter, how to choose between processors, and what security requirements you need to meet. We’ll also cover common problems that trip up early-stage companies and how the industry is evolving.
Table of Contents
- How Does Payment Processing Work Behind the Scenes?
- Payment Processing Fees: What You’re Actually Paying For
- Payment Processors vs. Payment Gateways: Understanding the Difference
- Choosing a Payment Processor: What Startups Should Evaluate
- PCI Compliance: The Security Requirements You Can’t Ignore
- Where Payment Processing Is Heading
- Conclusion
How Does Payment Processing Work Behind the Scenes?
The payment processing chain involves distinct roles that many founders conflate. The **payment processor** handles the technical routing of transaction data. The **acquiring bank** (or merchant bank) maintains your merchant account and deposits funds. The **card network** (Visa, Mastercard, American Express, Discover) sets the rules and routes data between banks. The **issuing bank** is the customer’s bank that approves or declines based on available credit or funds. Some modern providers like Stripe or Square bundle these roles, acting as both processor and acquirer, which simplifies setup but obscures the underlying mechanics.
A single card transaction goes through three phases. **Authorization** happens in seconds: the processor sends card details and amount to the issuing bank, which checks for fraud signals, available funds, and account status before approving or declining. **Capture** (or clearing) occurs when you actually claim the authorized funds, usually when you ship a product or complete a service. **Settlement** is when money physically moves from the issuing bank through the network to your acquiring bank, typically batched at the end of each business day. However, if you’re selling subscriptions or high-ticket items, authorization and capture might be separated by days or weeks, and you should know that authorizations expire (usually within 7 days for most card types, though this varies by network). Capturing an expired authorization will fail, requiring you to re-authorize and potentially alarming your customer.
Payment Processing Fees: What You’re Actually Paying For
Every card transaction incurs costs from multiple sources, and understanding the breakdown helps you negotiate or choose providers intelligently. **Interchange fees** go to the issuing bank and represent the largest chunk””historically ranging from 1.5% to 3.5% of the transaction value depending on card type, with rewards cards and corporate cards commanding higher rates than basic debit cards. **Assessment fees** go to the card networks and are typically small (fractions of a percent). **Processor markup** is what your payment processor adds on top for their service. Processors present these fees differently. **Interchange-plus pricing** passes through the actual interchange rate and adds a fixed markup (like interchange + 0.3% + $0.10 per transaction).
**Flat-rate pricing**, common with Square and Stripe, charges a single percentage regardless of card type (often around 2.9% + $0.30 for online transactions, though you should verify current rates). **Tiered pricing** groups transactions into qualified, mid-qualified, and non-qualified buckets, and is generally the least transparent option. For startups processing modest volumes, flat-rate pricing offers simplicity and predictability. However, if you process primarily debit cards or have high average transaction values, interchange-plus pricing may save significant money. A business processing $50,000 monthly might see a difference of $200-500 per month between pricing models depending on their transaction mix. One limitation to note: many processors require minimum monthly volumes or charge monthly fees that can eliminate savings for very small operations.
Payment Processors vs. Payment Gateways: Understanding the Difference
Founders often use “payment processor” and “payment gateway” interchangeably, but they serve different functions. A **payment gateway** is software that securely captures and encrypts payment information””it’s the technology layer that connects your website or point-of-sale system to the payment network. A **payment processor** handles the actual routing of transaction data between banks and card networks. Think of the gateway as the secure entry point and the processor as the logistics system that moves data (and ultimately money) to its destination. Some providers combine both functions.
Stripe, for example, provides gateway services (their JavaScript libraries that capture card data on your site) and processing services (routing those transactions through to settlement). Traditional merchant account setups often separate these: you might use Authorize.net as your gateway while a separate acquiring bank handles processing. This separation offers flexibility””you can switch processors without rebuilding your checkout””but adds complexity and potentially another monthly fee. For most early-stage startups, integrated solutions make sense. You’re trading some flexibility for faster setup and a single support relationship. However, if you’re building a business where payments are core infrastructure (a fintech, a marketplace, a complex SaaS with usage-based billing), investing in a more modular architecture early can prevent painful migrations later.
Choosing a Payment Processor: What Startups Should Evaluate
The right processor depends on your business model, sales channels, and growth expectations. For online-only businesses, Stripe and Braintree have historically offered strong developer tools, extensive documentation, and easy integration. For retail or in-person sales, Square pioneered simple hardware and transparent pricing for small merchants. For high-volume or complex needs, traditional merchant accounts with processors like Worldpay or First Data (now Fiserv) may offer better rates but require more setup. Key evaluation criteria beyond headline rates include: **payout timing** (some processors hold funds for days or weeks, especially for new accounts); **chargeback handling** (how they notify you, tools for responding, and whether they charge fees on top of the dispute); **international capabilities** (multi-currency support, local payment methods, cross-border fees); and **integration options** (APIs for your tech stack, plugins for your e-commerce platform, compatibility with your accounting software). A common tradeoff involves aggregation versus dedicated merchant accounts. Aggregators like Square and Stripe let you start accepting payments immediately without underwriting, but they can freeze accounts with little warning if your business triggers risk flags (sudden volume spikes, higher-than-average chargebacks, selling in categories they consider risky). Dedicated merchant accounts require application and approval but offer more account stability. Startups in regulated industries, selling high-ticket items, or with irregular revenue patterns should weigh this carefully. ## Common Payment Processing Problems and How to Avoid Them Chargebacks represent one of the most painful payment issues for startups.
When a customer disputes a charge with their bank, the funds are pulled from your account immediately””before you can respond. You then have a limited window (often 7-14 days) to submit evidence proving the transaction was legitimate. Lose the dispute, and you’re out the funds plus a chargeback fee (commonly $15-25 per incident, though this varies by processor). Excessive chargeback rates (typically above 1% of transactions) can get your merchant account terminated. Prevention strategies include: using clear billing descriptors so customers recognize charges on their statements; sending confirmation emails and tracking information promptly; making refund policies obvious and honoring reasonable requests before they escalate to disputes; and for high-risk transactions, using additional verification like AVS (Address Verification System) and CVV checks. Some industries””digital goods, subscription services, travel””face inherently higher chargeback risk and should budget accordingly. Another common issue is payment declines. Legitimate transactions get declined for reasons beyond insufficient funds: fraud filters trigger on unusual purchasing patterns, AVS mismatches flag valid addresses, or technical timeouts interrupt authorization. High decline rates hurt revenue and customer experience. Modern processors offer tools to retry failed payments, automatically update expired card information, and optimize authorization rates across different issuing banks””features worth asking about during evaluation.
PCI Compliance: The Security Requirements You Can’t Ignore
Any business that handles credit card data must comply with the Payment Card Industry Data Security Standard (PCI DSS). Non-compliance can result in fines, increased processing fees, and liability for breach costs. The requirements range from maintaining secure networks and protecting stored data to regularly testing security systems and maintaining information security policies. For most startups, the path to compliance involves minimizing how much card data you directly handle.
Using a processor’s hosted checkout page or their JavaScript libraries means card numbers never touch your servers, dramatically reducing your compliance scope. You’ll still need to complete a Self-Assessment Questionnaire (SAQ) annually, but the simplest version (SAQ A) requires checking around 20 items versus hundreds for businesses that store or process card data directly. A practical example: if you build your checkout to redirect customers to Stripe’s hosted payment page, then return them to your site after payment, you’ve outsourced the most sensitive data handling. Your site never sees the card number. This approach limits customization options but keeps compliance manageable without dedicated security staff.
Where Payment Processing Is Heading
The payment processing landscape continues consolidating, with major processors acquiring smaller players and technology companies building financial infrastructure. Real-time payment systems are expanding in various markets, potentially reducing settlement times from days to seconds””though widespread merchant adoption takes time. Embedded finance, where non-financial companies offer payment services within their platforms, is growing as infrastructure providers make this easier to implement.
For founders, the practical implications include more options, more competitive pricing (particularly for digital businesses), and new payment methods to consider accepting. Buy-now-pay-later services, cryptocurrency payments, and account-to-account transfers all have legitimate use cases but also add complexity. The general principle remains: start with the simplest solution that meets your needs, optimize as you scale, and understand enough about the underlying mechanics to make informed decisions when it matters.
Conclusion
Payment processing is the infrastructure that makes commerce possible””a multi-step system where processors, card networks, and banks coordinate to move funds from customers to merchants. For startups, the key decisions involve choosing between aggregators and traditional merchant accounts, understanding the fee structures that affect your margins, and implementing enough security practices to protect both your customers and your business. Start by evaluating your transaction volume, average order value, and sales channels to narrow down processor options.
Verify current pricing (the rates mentioned in this article reflect historical patterns and should be confirmed). Read the terms around chargebacks, holds, and account termination. Build your checkout to minimize PCI scope. Then focus on your actual business””payment processing should be infrastructure that works reliably in the background, not a constant source of problems.