Payment Processing Explained: Gateways, Acquirers and How It All Works

Every time a customer pays by card, a chain of events fires off in the background. It takes roughly two seconds from start to finish, yet the process involves at least five different parties, multiple security checks and a set of rules that have evolved over decades. If you accept card payments — whether over the phone, online or in person — understanding how this chain works puts you in a stronger position. You can choose better suppliers, reduce failed transactions, prevent chargebacks and keep more of the money you earn. This guide walks through the entire payment processing chain in plain language. No jargon without explanation, no assumptions about what you already know. ## How a Card Payment Actually Works When a customer hands over their card details, the transaction passes through a series of steps before any money moves. Here is the simplified version: 1. **The customer provides their card details.** This might happen at a card terminal, on a website checkout page, over the phone or via a payment link. 2. **The [payment gateway](/glossary/payment-gateway) encrypts the data and sends it on.** The gateway is the technology layer that captures the card details securely and routes them to the right place. 3. **The merchant acquirer receives the request.** The acquirer is the financial institution that processes card transactions on behalf of your business. They pass the request to the card scheme (Visa, Mastercard, Amex). 4. **The card scheme routes the request to the issuing bank.** The issuing bank is the customer's bank — the one that gave them the card. 5. **The issuing bank approves or declines.** It checks the account balance, fraud rules and any spending limits. The response travels back through the same chain. 6. **The merchant gets an approval or decline.** This entire round trip typically takes between one and three seconds. Settlement — the actual movement of funds — happens separately, usually within one to two business days. The issuing bank sends the funds through the card scheme to the acquirer, who deposits them into your merchant account. Understanding this flow matters because each link in the chain has its own costs, rules and potential failure points. When something goes wrong with a payment, knowing where it failed helps you fix it quickly. ## Payment Gateways: What They Do and How to Choose One A [payment gateway](/glossary/payment-gateway) is the technology that sits between your business and the financial network. Think of it as the front door of the payment process. ### What a gateway actually does - **Captures card details securely** using encryption and, increasingly, [tokenisation](/glossary/tokenization) - **Routes transactions** to the correct acquirer or processor - **Returns approval or decline messages** to your system in real time - **Supports different payment methods** such as card-not-present (online, phone) and card-present (terminal) transactions - **Handles 3D Secure authentication** for online payments where required ### How to choose the right gateway Not all gateways are the same. The right choice depends on how you take payments. Key questions to ask: - **What channels do you need?** If you take payments over the phone, you need a gateway that supports MOTO (mail order/telephone order) transactions. If you sell online, you need one with strong e-commerce integration. - **Which acquirers does it connect to?** Some gateways only work with specific acquirers. Others, like those in the [Paytia partner network](/partners/payment-gateways), connect to a wide range. - **What does it cost?** Gateways typically charge a per-transaction fee, a monthly fee or both. Compare like for like. - **How good is the reporting?** You need clear [payment references](/glossary/payment-reference) and transaction data to reconcile your accounts. - **Is it PCI DSS compliant?** Any gateway handling card data must meet Payment Card Industry Data Security Standard requirements. No exceptions. For businesses that take payments over the telephone, the gateway choice is especially important. The gateway needs to integrate with your phone system and ensure that card details are captured without your staff hearing or seeing them — which is where solutions like Paytia come in. ## Merchant Acquirers: What They Are and Their Role The merchant acquirer (sometimes just called the acquirer) is the financial institution that underwrites your ability to accept card payments. Without an acquirer, you cannot process card transactions. ### What an acquirer does - **Provides your merchant account** — the account where card payment funds are deposited - **Submits transactions to the card schemes** (Visa, Mastercard) on your behalf - **Manages settlement** — transferring funds from the issuing bank to your account - **Takes on financial risk** — if a customer disputes a payment and you cannot resolve it, the acquirer may be liable ### Acquirer vs payment gateway People often confuse these two. The gateway is a technology service. The acquirer is a financial institution. Some companies offer both (Worldpay, for example), but they are separate functions. You can change your gateway without changing your acquirer, and vice versa, though some combinations work better together than others. ### Choosing an acquirer When selecting an acquirer, consider: - **Transaction fees** — typically a percentage of each transaction plus a fixed pence amount - **Settlement speed** — how quickly funds reach your account - **Contract terms** — watch for long lock-in periods and exit fees - **Supported card types** — do they process Amex, international cards, and newer payment methods? - **Chargeback handling** — how they support you when disputes arise ## BIN Numbers: Identifying the Issuing Bank The first six to eight digits of every card number are known as the [Bank Identification Number (BIN)](/glossary/bin-bank-identification). This number identifies which bank issued the card and what type of card it is. ### Why BIN numbers matter When a transaction is submitted, the BIN is the first thing checked. It tells the payment network: - **Which bank issued the card** — so the authorisation request goes to the right place - **What type of card it is** — debit, credit, prepaid or commercial - **Which card scheme it belongs to** — Visa, Mastercard, Amex and so on - **The country of issue** — relevant for cross-border transaction rules ### Practical uses for merchants BIN data can help your business in several ways: - **Fraud detection** — if a UK customer's card has a BIN from an unexpected country, that can flag a potential issue - **Fee management** — commercial and international cards often carry higher interchange fees. Knowing the card type upfront lets you anticipate costs - **Routing decisions** — some businesses route transactions through different acquirers depending on the card type to optimise costs You do not need to memorise BIN tables. Your gateway and acquirer handle the routing automatically. But understanding what BINs are helps you make sense of your transaction reports and fee statements. ## Payment References: Tracking Transactions Every transaction generates a [payment reference](/glossary/payment-reference) — a unique identifier that lets you trace a payment through the system. ### Why references matter - **Reconciliation** — matching payments received to invoices or orders - **Dispute resolution** — when a customer queries a payment, the reference is how you find it - **Refund processing** — you need the original reference to process a refund correctly - **Audit trail** — regulators and auditors expect you to be able to trace any transaction ### Best practices - Use your own internal reference alongside the gateway's transaction ID - Store references in a searchable system — spreadsheets break down at scale - Include references on customer receipts and invoices so they can identify charges on their bank statements - For [recurring payments](/solutions/recurring-payments), ensure each instalment has its own unique reference while being linked to the subscription or agreement Good reference management sounds mundane, but it saves hours when you need to investigate a failed payment, process a refund or respond to a chargeback. ## Chargebacks: What They Are, Why They Happen and How to Prevent Them A [chargeback](/glossary/chargeback) is a forced reversal of a card payment, initiated by the cardholder's bank. It is the payment industry's consumer protection mechanism, and it is one of the most expensive problems a merchant can face. ### How chargebacks work 1. The cardholder contacts their bank to dispute a transaction 2. The issuing bank reviews the claim and, if it has merit, initiates a chargeback 3. The acquirer debits the disputed amount from your merchant account 4. You have a limited window (usually 30 to 45 days) to provide evidence defending the transaction 5. If your evidence is compelling, the chargeback may be reversed. If not, you lose the funds and pay a chargeback fee on top ### Common reasons for chargebacks - **Fraud** — the card was used without the cardholder's knowledge - **Not as described** — the product or service did not match what was promised - **Not received** — the customer says they never got what they paid for - **Duplicate charge** — the customer was charged twice - **Friendly fraud** — the customer made the purchase but disputes it anyway (more common than you might think) ### How to reduce chargebacks - **Use clear billing descriptors** so customers recognise charges on their statements - **Send confirmation emails and receipts** immediately after every payment - **Keep thorough records** — delivery confirmations, signed agreements, call recordings - **Make it easy to get a refund** — customers who cannot reach you will go to their bank instead - **Use 3D Secure for online payments** — it shifts fraud liability to the issuing bank - **For telephone payments, use secure DTMF technology** — solutions like Paytia ensure card details are never exposed to your staff, which eliminates a major source of internal fraud risk and provides a clear audit trail Chargebacks do not just cost you the transaction amount. Each one typically carries a fee of between fifteen and twenty-five pounds, and a high chargeback ratio can lead to your acquirer increasing your fees or even terminating your account. ## How Paytia Fits into the Payment Processing Chain Paytia sits between your telephone system and your [payment gateway](/glossary/payment-gateway), adding a secure layer for card-not-present transactions taken over the phone. Here is how it works in practice: 1. **Your agent stays on the call** with the customer throughout the payment process 2. **When it is time to pay**, the agent initiates the Paytia secure payment session 3. **The customer enters their card details using their phone keypad** (DTMF tones). The tones are masked in real time, so the agent hears flat tones instead of the actual digits 4. **Paytia sends the card data directly to your payment gateway** — your staff never see, hear or have access to the card details 5. **The gateway processes the payment** through the acquirer and card scheme as normal 6. **Both the agent and customer hear the result** — approved or declined This approach means your telephone payment environment is descoped from PCI DSS requirements. Your agents cannot accidentally (or deliberately) compromise card data, because they never have access to it. Paytia is gateway-agnostic, working with a wide range of [payment gateway partners](/partners/payment-gateways). It also supports [advanced payment links](/solutions/advanced-payment-links) for situations where a phone keypad payment is not practical. To see the full process in action, take the [Paytia product tour](/product-tour). ## Choosing the Right Payment Infrastructure Building a reliable payment setup is not about picking the cheapest option. It is about choosing components that work well together for your specific business. ### Start with your payment channels Map out how your customers actually pay you: - **Online** — website, app, e-commerce platform - **Telephone** — call centre, reception desk, accounts team - **In person** — retail, field sales, events - **Invoice and payment links** — B2B, services, remote payments Each channel may need different technology, but ideally your gateway and acquirer should support all of them through a single merchant account. ### Prioritise security PCI DSS compliance is not optional. Every business that handles card data must comply, and the easiest way to reduce your compliance burden is to minimise the card data your systems touch. [Tokenisation](/glossary/tokenization) replaces card numbers with non-sensitive tokens that are useless if stolen. Paytia's DTMF masking ensures card data never enters your telephone environment. Both approaches shrink your PCI scope significantly. ### Think about the future Your payment infrastructure should handle: - **Growing transaction volumes** without performance issues - **New payment methods** as they emerge - **[Recurring payments](/solutions/recurring-payments)** if you offer subscriptions or instalment plans - **Multi-currency support** if you trade internationally ### Review regularly Payment technology and pricing change constantly. Review your gateway, acquirer and processing costs at least once a year. Many businesses overpay simply because they set up their payment systems years ago and never revisited the decision. ## Frequently Asked Questions ### What is the difference between a payment gateway and a payment processor? A payment gateway captures and encrypts card details, then routes them securely. A payment processor (often the acquirer) handles the financial side — submitting the transaction to the card schemes and managing the movement of funds. Some companies provide both services under one roof. ### Do I need a separate merchant account? If you use a payment facilitator like Stripe or PayPal, they process transactions through their own merchant account. If you use a traditional acquirer, you will have your own dedicated merchant account. Dedicated accounts generally offer lower per-transaction fees at higher volumes and give you more control. ### How long does settlement take? Most acquirers settle funds within one to two business days, though some offer next-day or even same-day settlement for an additional fee. Settlement speed can vary by card type and transaction risk level. ### What is PCI DSS and do I need to comply? PCI DSS is the Payment Card Industry Data Security Standard. If your business stores, processes or transmits card data in any way, you must comply. The level of compliance required depends on your transaction volume. Using services like Paytia and tokenisation reduces the scope of what you need to protect. ### Can I use multiple payment gateways? Yes. Some businesses use different gateways for different channels (for example, one for online and another for telephone payments) or use a secondary gateway as a failover. The key is ensuring your reporting and reconciliation can handle data from multiple sources. ### How do I reduce payment declines? Common causes of declines include incorrect card details, insufficient funds, expired cards and fraud flags. Ensure your payment forms validate card numbers before submission, send retry prompts for failed recurring payments and use [BIN checking](/glossary/bin-bank-identification) to catch obvious errors early. ### What should I do if my chargeback rate is too high? First, identify the root cause by analysing your chargeback reason codes. Then address the most common issues — improve your billing descriptor, tighten your refund policy communication and ensure your payment process creates a clear audit trail. For telephone payments, using Paytia's secure DTMF capture gives you evidence that the cardholder was present on the call and actively entered their own card details.