Merchant Services 101: Terminology & FAQs for Accepting Cards Online

## How an online card payment works (quick flow) 1. **Customer** enters card details at checkout. 2. **Payment Gateway** encrypts and sends the request. 3. **Acquirer** (the merchant’s bank/processor) forwards it to the **Card Network** (e.g., Visa/Mastercard). 4. **Issuer** (customer’s bank) approves/declines. 5. **Authorisation** is returned; later, you **capture** (settle) funds. 6. **Settlement/Payout**: funds move to your business bank account. ## Glossary: the essentials (plain English) ##### **Acquirer / Acquiring Bank**: Your processing partner that accepts card transactions on your behalf and settles funds to you. ##### **Issuer**: The customer’s bank that issued their card. ##### **Card Networks / Schemes**: Visa, Mastercard, JCB, etc. they move the data and set many rules/fees. ##### **Merchant Account**: The account configuration that lets your business accept card payments. ##### **MID (Merchant ID)**: Your unique identifier with an acquirer. ##### **MCC (Merchant Category Code)**: A four-digit code describing your business type (affects risk/fees/rules). ##### **Payment Gateway**: The secure tech that captures and encrypts payment data, passes it to the acquirer, and returns results to your site/app. ##### **PSP / Payment Service Provider**: A company (like QubePay) that bundles gateway, acquiring connections, risk tools, reporting, etc. ##### **CNP (Card-Not-Present)**: Transactions where the card isn’t physically present (e.g., eCommerce). ##### **3-D Secure (3DS)**: Extra cardholder authentication step (e.g., one-time passcode). Helps reduce fraud/chargebacks and meet SCA rules in some regions. ##### **PCI DSS**: Security standard for handling card data. Your provider/gateway should help minimise your PCI scope. ##### **Tokenisation**: Replacing card numbers with secure tokens so you can store “card-on-file” safely for subscriptions/one-click. ##### **Authorisation**: A funds check/hold by the issuer. Expires if not captured. ##### **Capture / Settlement**: Finalising the charge so funds move to you. ##### **Refund**: Returning money to the cardholder (full or partial). ##### **Chargeback**: A customer dispute through their bank that reverses a transaction unless you successfully respond. ##### **Retrieval / Dispute**: Information request or formal dispute process from the issuer. ##### **Interchange**: Fee paid to the issuer; varies by card type/region. ##### **Scheme Fees**: Fees paid to card networks. ##### **Acquirer Mark-up**: Your processor’s pricing on top of interchange + scheme fees. ##### **Blended Pricing**: Single all-in percentage + fixed fee per transaction. ##### **Interchange++ (IC++)**: Transparent model showing interchange + scheme + markup separately. ##### **Rolling Reserve / Holdback**: Temporarily retaining a % of volume to cover risk/chargebacks. ##### **Descriptor**: The text that appears on your customer’s card statement (helpful to avoid “who is this?” disputes). ##### **AVS / CVV Checks**: Address and security-code checks to reduce fraud. ##### **Velocity Rules**: Limits on frequency/amount to stop bots/testing. ##### **Risk Monitoring**: Real-time analysis to flag suspicious transactions. ##### **SCA (Strong Customer Authentication)**: Extra checks required in some regions (e.g., EU/UK) for many online payments. ## Pricing explained (the quick version) Every card transaction typically includes: - **Interchange** (→ issuer) - **Scheme fees** (→ card network) - **Acquirer/PSP markup** (→ your provider) **Blended** = one simple rate. **IC++** = fully itemised; can be cheaper for some mixes but is more detailed. Ask providers for: pricing model, cross-border fees, currency conversion, chargeback fees, refunds, monthly minimums, and settlement timelines. ## Risk & compliance (why it matters) Card networks enforce rules to keep the ecosystem safe (fraud thresholds, dispute ratios, authentication standards, prohibited goods). Staying compliant protects your MID and lowers costs. **Core controls to expect from a good provider:** - 3-D Secure + exemptions where allowed - PCI-aware integrations (minimise your scope) - AVS, CVV, IP/BIN/geo checks, velocity rules - Device fingerprinting & behavioral analysis - Chargeback alerts and dispute workflows - Clear reporting on approval rates, declines, fraud, and disputes ## Onboarding checklist (what providers usually ask for) - **KYB/KYC**: Company registration, ownership/shareholders, IDs, proof of address - **Business model**: URL, product/service description, fulfilment timelines, T&Cs, refund policy, privacy policy - **Processing profile**: Expected volumes, average & max ticket, countries sold to, currencies, historical chargebacks (if any) - **Banking**: Settlement account details - **Compliance**: Any licenses (if applicable to your sector) Tip: Clear policies and a professional website speed approvals. ## FAQs (straight answers) **1) Do I need both a gateway and a merchant account?** Often, your PSP bundles both. Some merchants choose a separate gateway + acquirer for flexibility. **2) What’s a “good” approval rate?** Varies by sector/region. Many aim for **90%+** domestic approvals; cross-border can be lower. Good routing and 3DS strategy help. **3) How fast do I get paid?** Commonly, **T+1 to T+3** business days. High-risk models may have reserves or longer cycles. **4) Can I reduce chargebacks?** Yes, use 3DS, clear descriptors, fast support, tight fraud rules, accurate product pages, and delivery proof. Respond to disputes on time. **5) What’s the difference between auth and capture?** Auth reserves funds; capture completes the charge. Many eCommerce flows authorise at order and capture at shipping. **6) What is a rolling reserve, and why is it used?** A temporary hold on a small % of settlements to cover risk. Typically released after a defined period (e.g., 90 days). **7) Blended vs IC++ which is better?** Blended = simplicity. IC++ = transparency and potential savings depending on your card mix. We can model both. **8) What’s a descriptor and why do I care?** It’s how your charge appears on a card statement. A clear descriptor reduces “I don’t recognise this” chargebacks. **9) How do I store cards for subscriptions safely?** Use **tokenisation** via your gateway/PSP; never store raw card data on your servers. **10) Do I need 3-D Secure for every transaction?** Not always. It’s great for fraud/liability shift and is often required by regulation in some regions. Smart routing + exemptions can balance conversion and security. ## How QubePay helps (and what to ask us for) - **Global card acceptance**: Visa, Mastercard, JCB, and more, with multi-currency support. - **Friction-right security**: 3DS2, tokenisation, velocity & risk scoring, dispute tools. - **Transparent pricing**: Blended or IC++; clear statements and dashboards. - **Fast onboarding**: Guided KYB/KYC and policy templates to speed approval. - **Actionable analytics**: Approval-rate insights, decline reasons, and fraud reports. - **Human support**: Real people, real answers, plus proactive optimisation tips. 👉 Want a plain-English pricing comparison or a readiness checklist for your store? We’ll send one, no strings attached. ### Takeaway Understanding the language of payments helps you choose better partners, improve approval rates, and keep disputes low. Use this guide as your cheat sheet and if you want a second opinion on quotes or setup, QubePay is happy to help. **Start the conversation:** [2025.qubepay.com/](https://qubepay.com/) \| [info@qubepay.com](mailto:getintouch@qubepay.com) ## [QubePay AI AML Prevention: Fighting Human Trafficking & Financial Crimes Globally](https://qubepay.com/qubepay-ai-aml-prevention-human-trafficking/) How QubePay Uses AI and Technology to Combat Human Trafficking and AML in Global Transactions [read more](https://qubepay.com/qubepay-ai-aml-prevention-human-traf