Payments fundamentals: How do online payments work?

Online payments are a complex dance involving multiple parties working together to securely transfer funds from a customer to a merchant. There are four key players in every online transaction: the cardholder (who is the customer making the purchase with their credit or debit card), the merchant (the business selling their goods or services online), the acquirer (the merchant's bank that allows them to accept card payments and receives the funds), and the issuing bank (the cardholder's bank that provides them a credit line or linked bank account and must approve the transaction).

To illustrate how an online payment flows between these parties, imagine Carrie, a customer, is buying a $100 pair of shoes from Mike's Online Shoe Shop. When Carrie enters her card number and clicks the "Buy" button, Mike's payment system sends a request to their acquirer, Payments-R-Us. The acquirer forwards the transaction details through the card networks (Visa, Mastercard, etc.) to Carrie's issuing bank, Big Bank Corp, asking for approval to charge her card.

Big Bank Corp. checks that Carrie's card is valid and has sufficient funds, and sends back an approval code. This approval flows back through the networks to Payments-R-Us, which informs Mike's Shoe Shop that the transaction was successful. Mike can now ship the shoes to Carrie. The $100 will flow from Big Bank Corp through the card networks to Payments-R-Us, which will deposit the funds into Mike's business bank account, typically within 2-3 business days.

As the funds flow from cardholder to merchant, several fees are assessed along the way. Interchange fees charged by the issuing bank are the largest component, typically ranging from 1-3%. These fees compensate the issuing bank (like Big Bank Corp) for the risk and float of extending credit to their cardholders. Assessment fees of about 0.14% go to the card networks (Visa, Mastercard, etc.) for their role in transmitting the transaction data and funds. The remaining margin, often around 0.2-0.3%, goes to the acquirer (Payments-R-Us) for facilitating the merchant relationship and settling funds to their bank account.

Interchange fees depend on various factors like the type of card, transaction amount, merchant industry, and whether the card was physically present. For example, Mike's Shoe Shop would pay a higher rate, around 2.5%, for transactions on premium rewards credit cards compared to a 0.8% rate for basic debit cards.

For all businesses accepting online payments

Designing a high-converting payments experience

The online payment flow is like a funnel, starting with the checkout page and ending with an approved transaction. At each stage, there's a risk of losing potential customers, so streamlining the experience is critical for maximizing sales.

A clunky checkout form that requires too many fields is a major cause of cart abandonment. Best practices include keeping required fields to a minimum, enabling autofill for returning customers, and dynamically adapting to the context. For example, while capturing the full billing address helps with fraud prevention, the increased friction may not be worth it for small transactions. Dynamically requiring just the postal code for smaller amounts and expanding to the full address fields only for larger purchases can strike the right balance.

Mobile-friendly checkouts with numeric keypads and digital wallet options like Apple Pay and Google Pay also reduce friction, especially for on-the-go customers. Afterpay found that integrating digital wallets increased their checkout conversion rate by an impressive 12%.

Presenting form fields in a single-column layout with clear error handling further optimizes the experience. Extensive user testing of checkout prototypes can uncover bottlenecks and confusing steps. The mantra should be to get customers through checkout as quickly and easily as possible.

Fighting fraud while minimizing false declines

After the customer completes checkout, the next step is fraud screening, where transactions perceived as high-risk are declined. Online merchants face a constant battle against fraudsters using stolen card details or account takeovers. But being overly aggressive in blocking fraud results in false declines, rejecting legitimate customers by mistake. In fact, a Javelin Research study found that false declines cost merchants a staggering $331 billion in 2018, compared to $19 billion in actual fraud.

Traditionally, merchants have relied on rules-based fraud filters, with rigid if-then logic like "if the order value is over $500 and the billing and shipping zip codes don't match, then decline." But fraudsters quickly figure out and circumvent these static rules, which also can't adapt to evolving customer behaviors. This rules-only approach often blocks far more good transactions than fraudulent ones.

Machine learning models provide a more dynamic, nuanced approach to separating good and bad transactions. By analyzing hundreds of signals like the customer's device, browsing behavior, and purchase history, ML models identify subtle risk patterns a human analyst would miss.

For instance, a $1500 order might trigger a decline based on the high amount. But if the ML model recognizes it's from a known customer on a previously used device, with a fully matching address, and a history of similar high-value orders, it would approve the purchase. A simplistic rules engine would likely reject it.

Fraud prevention solutions like those offered by many payments companies blocked billions in attempted fraud in 2021 while achieving lower false positive rates than legacy systems. They combine machine learning and customizable rules to maximize revenue while minimizing fraud losses.

Improving card network acceptance rates

Even after passing the merchant's own fraud checks, transactions can still be declined when they reach the customer's issuing bank. The bank may reject payments due to deviations from the cardholder's normal patterns, invalid card details, transaction timeouts, or as a precaution against potential fraud.

To boost card acceptance rates, merchants should focus on providing complete data with each transaction, including the full billing address, postal code, and card verification value (CVV2). This additional context gives issuing banks more confidence the purchase is legitimate.

Services like Visa Account Updater and Mastercard Automatic Billing Updater also improve success rates by syncing directly with issuing banks to get the latest card details. If a customer's card has expired or been replaced, these services automatically refresh the merchant's card-on-file so recurring charges continue processing normally.

Going global with international payment methods

Selling internationally opens up vast new markets, but simply shipping abroad and localizing checkout isn't enough. Payment preferences vary widely across countries, with credit and debit cards dominant in some but rarely used in others.

According to Worldpay's Global Payments Report, alternative payment methods overtook cards' share of global ecommerce volume for the first time in 2019, accounting for 51% of transactions. In China, digital wallets like Alipay and WeChat Pay are ubiquitous. Across Europe, bank transfer schemes like iDEAL in the Netherlands, Sofort in Germany, and Bancontact in Belgium are more popular and trusted than cards. The "buy now, pay later" trend has also surged globally, with Klarna, Afterpay, and others letting shoppers split online purchases into interest-free installments.

Offering the locally preferred way to pay is vital for converting international customers and showing you value their business. PPRO, a payments infrastructure provider, found that 42% of UK consumers and 32% of Germans have abandoned an online shopping cart because the merchant didn't support their payment method of choice.

Geographic expansion also brings additional fraud and regulatory complexity. Fraudsters often target cross-border transactions as potentially easier to slip through screening. At the same time, payment regulations like Strong Customer Authentication in Europe add friction by requiring extra validation steps. A savvy payments partner can help navigate these challenges across markets.

Explaining online sales tax

With over 11,000 tax jurisdictions in the US alone, each with their own rules and rates, determining and collecting the right sales tax on online purchases is a persistent headache for merchants.

Historically, businesses were only required to collect sales tax if they had a physical presence like an office, store, or warehouse in a given state. But the 2018 Supreme Court decision in South Dakota v. Wayfair changed that, allowing states to impose tax collection duties on out-of-state sellers above certain economic thresholds.

As of 2021, most states have implemented these "economic nexus" provisions, requiring remote sellers to collect sales tax if they have more than $100,000 in sales or 200 transactions annually in that state. But the specifics vary, with some states like Kansas enacting thresholds as low as $25,000 in yearly sales.

Accurately calculating and collecting the relevant sales tax in real-time during checkout requires sophisticated software connected to up-to-date tax rate databases. Avalara, TaxJar, and similar sales tax engines make this process more seamless by providing turnkey integrations and indemnification against miscalculation penalties.

If you have nexus in multiple states, you also have to register with each state's tax authority and file returns on a monthly, quarterly, or annual basis depending on sales volume. Solutions like Avalara Returns and TaxJar AutoFile can automate this filing and remittance process.

For businesses selling into Europe, VAT (value-added tax) brings its own compliance challenges, with registration and filings required in each member state where you surpass distance selling thresholds. Using a merchant of record like Payvider or a pan-European VAT solution like Taxamo helps navigate this fragmented landscape.

For online retailers

Unifying online and offline payments

As ecommerce brands expand into brick-and-mortar retail, delivering a consistent, seamless experience across channels becomes paramount. 73% of consumers say they use multiple channels during a single purchasing journey, according to Harvard Business Review. Forcing them to create separate profiles, re-enter payment details, or navigate disparate interfaces for online and in-store checkout creates frustration.

Outdoor Voices, a fast-growing athleticwear brand, wanted to build a holistic view of its customers across its online store and nine US retail locations. Using an integrated payments platform to power both in-person and ecommerce payments, Outdoor Voices was able to unify its payment processing and offer perks like saving a customer's preferred payment method from an online transaction for easy re-use in-store.

By capturing payments data from every touchpoint in a centralized platform, retailers gain a comprehensive view of each customer's habits for remarketing and loyalty programs. Running ecommerce and point-of-sale payments on separate, siloed systems makes it almost impossible to connect the dots and delight customers with perks like an integrated loyalty program based on their full purchase history.

Retailers expanding from clicks to bricks should prioritize a unified payment platform to avoid technical debt and preserve the customer experience. Look for a payment provider that offers prebuilt, EMV-compliant integrations between their ecommerce product and leading point-of-sale software. The provider should also support preferred in-store payment methods like contactless transactions on mobile wallets and chipped cards.

Adapting to mobile and contactless payments

Even before the pandemic, the shift from swipe to tap was well underway. 64% of US in-store Visa transactions now occur on contactless-enabled terminals as of October 2021. That includes tap-to-pay cards in addition to mobile wallets like Apple Pay and Google Pay.

Upgrading your point-of-sale hardware to the latest standards is key to riding this contactless wave. Newer terminals that accept tap-to-pay and mobile wallets also come with more secure EMV chip readers, further reducing your fraud liability compared to magstripe transactions.

For retailers that sell on-the-go at events, pop-ups, or customers' homes, mobile point-of-sale devices with tap support are also a must. A rugged, all-in-one device with a barcode scanner and receipt printer, like the Infinite Peripherals DPP-255, helps associates bust lines and never miss a sale.

Everlane, an online fashion brand, uses integrated payments to extend their customer experience to in-person sales at marketing events. Event staff can easily accept tap payments on mobile point-of-sale devices, with transactions syncing to Everlane's ecommerce database in real-time. By using the same payments platform online and off, Everlane maintains a consistent checkout flow and back office reporting across all channels.

For SaaS and subscription companies

Flexible subscription management for SaaS

Recurring billing is the lifeblood of SaaS companies, but managing ongoing subscriptions is far more complex than one-time transactions. As you acquire customers, you need billing systems that support a range of subscription frequencies, pricing models, and change scenarios:

Especially for enterprise plans with bespoke contracts, translating sales terms into the correct subscription configuration (like multi-year upfront invoicing and custom user role pricing) is essential to recognize revenue accurately and avoid billing disputes.

According to research, 66% of B2B SaaS buyers have switched providers due to dissatisfaction with the billing experience. Common pain points include inflexibility with pricing or packaging, difficulty modifying subscriptions, and lack of consolidated invoicing.

Investing in a billing engine that can model your full product catalog and gracefully handle subscription changes will pay dividends in operational efficiency, revenue recognition, and customer retention.

Loom, a workplace video messaging platform, has rapidly scaled to serve over 14 million users across 200,000 companies globally. But that growth brought billing complexity, with multiple subscription tiers, add-ons like advanced analytics and SSO, and upfront invoicing needs.

Loom, a workplace video messaging platform, has rapidly scaled to serve over 14 million users across 200,000 companies globally. But that growth brought billing complexity, with multiple subscription tiers, add-ons like advanced analytics and SSO, and upfront invoicing needs.

Streamlining SaaS payments with invoicing

For higher-value B2B subscriptions, SaaS companies often need to accommodate customers paying by invoice, rather than entering a credit card upfront. But getting invoices paid on time is a perennial challenge.

US businesses have $3 trillion in outstanding accounts receivable on any given day. Invoices with an online payment method get paid 2.1 times faster than those without. By shifting invoiced buyers to pay online, SaaS businesses can reduce both late payments and internal overhead.

California Dental Association (CDA) provides a range of insurance and practice management software to over 27,000 member dentists. Historically, CDA only accepted paper checks for invoice payments, a tedious process that resulted in overdue accounts.

After enabling online invoice payments through a billing service, CDA has seen 85% of payers adopt the new digital workflow, paying via ACH bank debit or credit card. Those online payers submit payment 37% faster with 68% better cash flow in the first 30 days compared to check payers. CDA's billing team can automatically reconcile payments to each invoice in their Salesforce CRM through an integration with their payments system.

Minimizing involuntary SaaS churn

For SaaS businesses, 20-40% of customer churn is typically involuntary, stemming from failed payments rather than active cancellations. Credit cards expire, get lost, or are declined for insufficient funds. This unintentional churn slowly saps your growth.

To combat involuntary churn, implement a proactive dunning strategy combining automated card updates, smart payment retries, and customer communications. Services like Visa Account Updater and Mastercard Account Billing Updater work with issuing banks to get the latest card details to prevent failed renewals.

If a payment attempt still declines, retry the card a few days later. A best practice is to reattempt payment two to three times over a two week period before canceling the subscription. Space out the retries, as a decline could be due to a temporary issue like the customer exceeding their credit limit that resolves in a few days.

Supplement the retries with automated emails alerting the customer to update their payment information. Provide a secure hosted page where the customer can log in and manage their billing details.

When a payment fails, leading billing systems automate card updates with issuing banks, apply retry logic tuned by machine learning, and trigger programmable dunning emails to customers. After enabling Account Updater and Smart Retries, subscription businesses can see a significant reduction in payment failures on average.

For platforms and marketplaces

Regulatory and UX considerations for platforms

Online platforms that enable transactions between buyers and sellers must comply with anti-money laundering (AML) and know your customer (KYC) regulations. These require verifying the identity of sellers before allowing them to accept payments on the platform.

As part of an AML-compliant onboarding process, marketplaces typically collect:

Failing to implement these controls can lead to stiff penalties. In 2020, the US Treasury Department fined Bitcoin exchange Harmon $60 million for violating AML provisions by not verifying customers adequately.

But more onboarding friction also means drop-off from potential sellers. Marketplaces must balance the UX impact with regulatory requirements through techniques like:

For example, Uber uses automated identity verification to check new drivers' licenses, right to work, and background checks through an API. The automated flow improves completion rates while ensuring Uber maintains a compliant onboarding process across all the countries it operates in.

Handling complex marketplace payment flows

Compared to direct merchant-customer transactions, marketplaces have several payment flows to orchestrate:

In a one-to-one model like ridesharing, a single customer payment is split into the driver's earnings and the platform's service fees in each transaction. One-to-many marketplaces like food delivery aggregate multiple restaurant payouts and platform commissions into a single customer checkout. Home rental platforms hold guest payments until after check-in before releasing payout to the host, protecting against cancellations and fraud.

SaaS-enabled marketplaces let vendors process recurring subscription payments from their customers through the platform. Course creators on the educational content marketplace Teachable can charge their students an annual subscription for access to all their learning materials.

Each of these payment flows requires meticulous reconciliation of funds collected, fees deducted, and seller payouts. Marketplaces must provide reporting visibility to sellers on their incoming payments and expected payout schedule.

To support all these permutations, marketplaces have historically needed to assemble a patchwork of payment gateways, merchant acquirers, and bespoke software. But today, platforms offer full-stack, pay-as-you-go infrastructure for disbursing funds to sellers.

ezCater, the world's largest marketplace for business catering, uses a payments platform to pay out to over 80,000 restaurant partners. Leveraging the platform's capabilities for programmable payouts and dynamic fee structures, ezCater can automatically collect its commission, deduct delivery costs, and send the remainder to restaurants on a daily basis, giving them the cash flow to fulfill large catering orders. Before using an integrated payments system, ezCater's finance team had to manually reconcile payouts and commissions from each order in spreadsheets, a laborious multi-day process. An end-to-end platform saves them over 50 hours per week while providing restaurants with a user-friendly dashboard to track their payouts.

The challenges of 1099-K reporting

In the US, marketplaces that process payments for sellers and service providers must file Form 1099-K with the IRS when a seller reaches $600 in gross earnings on the platform in a year. For tax year 2022 and later, this threshold was lowered from the previous trigger of $20,000 and 200 transactions, vastly expanding the scope of 1099-K filings.

To produce an accurate 1099-K, marketplaces need to:

Late or incorrect filings can trigger IRS penalties of $50-280 per form. The time and resources required to gather seller tax IDs, calculate reportable payments across potentially millions of sellers and transactions, and distribute the forms compliantly by the deadlines is immense.

Many marketplaces rely on specialized 1099 vendors like Tax1099 and Track1099 to automate this end-to-end process. These platforms connect with payment providers to import detailed transaction records, provide built-in e-consent and tax ID collection flows, and electronically file forms on the marketplace's behalf.

Preventing marketplace fraud

The two-sided nature of marketplaces makes them an attractive target for fraud. Bad actors can create fake seller accounts to solicit payments, use stolen credit cards to transact, or manipulate promo codes.

Common marketplace fraud MOs include:

Two-sided marketplaces pose unique fraud detection challenges because the platform rarely has a direct relationship with the end customer making a purchase. Subtle signals of fraud like a mismatch between the customer's billing and shipping address or IP geolocation are hidden.

As such, marketplaces must implement risk controls on both sides of the network:

Etsy proactively blocks fraudulent accounts using machine learning-based fraud detection, which trains on data across millions of accounts to identify hidden fraud signals. In one case, a new Etsy seller was flagged who registered with an email address previously associated with fraudulent activity on other marketplaces. The seller verification team was able to block the account before any losses occurred.

Expanding payment options for marketplace sellers

As marketplaces grow internationally, they need to offer sellers in each country the payment methods and payout options they expect. While bank transfers via ACH direct deposit are standard for US sellers, Canadian merchants are accustomed to Interac e-Transfer. In Mexico, Spei and OXXO cash payments are popular.

In Europe and the UK, SEPA and Faster Payments bank transfers dominate. Across Asia, digital wallets like Alipay, GoJek, and Paytm are used by millions of merchants to accept payments from customers and receive payouts from marketplaces.

For marketplaces with thin margins, the transaction fees of 2-3% associated with processing seller payouts via traditional card rails can quickly add up. Funding payouts via local bank transfers is often far more cost-effective.

Global payout solutions support programmatic mass payouts to sellers in over 120 countries. Marketplaces can connect to local bank transfer schemes and digital wallets through a single integration and compliance framework.

In Latin America, the restaurant delivery platform Cornershop uses an automated global payout system to send money to couriers' and restaurants' bank accounts or digital wallets. By replacing manual payouts with an automated infrastructure, Cornershop saves nearly 50% on payment processing costs in each country while scaling its network across Latin America.

Creating trust and safety policies

Clear, consistently enforced marketplace policies are critical to fostering trust between buyers and sellers. Key policy areas to establish include:

Companies must involve legal, compliance, product, and operations teams in drafting and implementing trust and safety rules that are legally sound and practical to operationalize. Dedicated policy and risk analysts should continuously monitor marketplace activity and emerging abuse vectors to adapt the rules over time.

Inconsistent policy enforcement erodes trust and exposes the marketplace to regulatory scrutiny. In 2019, the FTC fined Facebook $5 billion for misrepresenting its oversight of third-party app developers' access to user data. The SEC separately ordered Facebook to pay $100 million over misleading disclosures about misuse of user data by Cambridge Analytica.

Building world-class payment experiences

Perfecting your payment flows is one of the highest-leverage investments any business can make in accelerating growth. Streamlined checkout experiences convert more browsers into buyers. Intelligent fraud controls protect revenue without blocking good customers. Robust subscription billing prevents accidental churn.

But as this guide demonstrates, the right payments approach varies by business model. Marketplaces must invest heavily in seller onboarding, identity verification, and flexible payouts to attract the supply side of the network. SaaS companies live and die by their ability to model intricate subscription pricing and reliably collect recurring revenue. Omnichannel retailers need unified in-person and online payment processing to deliver seamless customer journeys.

Developing a strategic payments stack is a prerequisite for expanding into new markets, channels, and customer segments. Payments are not just plumbing to be delegated solely to finance and engineering anymore; they are a core pillar of the product and growth engine.

Embracing a partnership mentality with your payment providers will position you to ride the relentless waves of innovation in global money movement. The acceleration towards cashless, mobile-first commerce shows no signs of abating. Having an adaptable, programmable payments platform is key to meeting customers' ever-rising expectations for secure, frictionless transactions on their preferred terms.

By making smart choices about your payment infrastructure early, you can devote more energy to your core product and customer experience. A strong payments foundation equips you to scale elegantly and focus on what matters most.

Conclusion

In today's digital-first economy, payments are a core strategic capability, not an afterthought. Architecting your payments stack for scale and flexibility from day one pays compounding dividends as you grow. Marketplaces that make it effortless for sellers to sign up and get paid will attract the best suppliers and see flywheel effects. SaaS businesses that obsess over eliminating points of friction and failure in their subscription billing reap the rewards in higher net dollar retention. Retailers that deliver unified, delightful checkout experiences across touchpoints earn loyal customer relationships. No matter your business model, selecting payments partners that can support your pace of innovation and global roadmap is vital. Modular, API-first platforms empower you to adapt your payments flows as your product and go-to-market evolves, without ripping out plumbing.

References