How do credit cards work?

Have you ever wondered about that little piece of plastic you have in your wallet? Turns out there’s quite a bit that happens behind the scenes when you whip out your card to pay for that Starbucks American Cherry Pie Frappucino.

We’ll be covering the basics in this post.

Why Credit Cards Exist

Let’s start with a hypothetical scenario, which will help illustrate how credit cards evolved into existence.

Imagine that you desperately need to buy a pack of gum from the local convenience store, but you don’t have any cash on you (or anything to barter for the gum). What do you do?

Maybe you try to convince the owner (let’s call him “Bob”) that you forgot your wallet at home, but will come back later and pay him back at the end of the month. Let’s say he believes you because you seem like a trustworthy individual. Bob likely won’t let you take the gum without knowing a little bit about you – either he has a personal relationship with you or more likely, he’ll need to collect information about you and maybe make you sign something so that he has some recourse if you choose to break your promise. Furthermore, he gives you a simple identification card for future use in case someone else is working the register.

This is basically how the first credit cards worked – they were only for a single business and functioned as sort of a glorified bar tab.

The end of the month arrives, and you return to pay Bob in full. Bob thinks “hey, that worked pretty well” and realizes that this payment arrangement might get more customers in the door who don’t have cash on them. So he starts creating “accounts” for his other customers and gives them identification cards too.

Bob’s sales skyrocket, since customers can pop in and buy things without needing cash on hand. Bob also notices that customers tend to spend more on their tab than they would otherwise if they were to pay with cash. Finally, he adds some terms to his program that say if a customer doesn’t pay up at the end of the month, they’ll owe a little extra interest to Bob, which will accrue each month that payment is late. This creates a whole new revenue stream for Bob.

Eventually, word gets around about Bob’s cool new program, and other businesses begin to offer their own “accounts” to customers which enable them to buy things easily “on credit”. Great success.

Creating a Credit “Network”

So now we have all these businesses with their own individual credit programs, and you may have separate accounts set up with any number of them. Sounds a little inconvenient for everyone. Furthermore, each business is technically extending credit to you without knowing much about your other spending habits, which increases their risk. Maybe you put a ton of purchases on credit at the hardware store, and the convenience store has no idea that you probably won’t have any money left over to pay them at the end of the month.

An enterprising individual like yourself might notice that these inconvenience and risk issues can be addressed by setting up a trusted third party who works with both customers and businesses and keeps track of tabs for everyone. Let’s call this fledgling venture “PayNet”.

Here’s how PayNet might work.

Consumers enroll directly with PayNet, and PayNet gives them an ID card that they can use at any business that “accepts” PayNet cards. At time of payment, businesses record their customers’ PayNet account numbers and the amounts owed. Then, at the end of every month, businesses send PayNet a list of account numbers and totals, and PayNet makes sure that customers pay each business the tabs they accrued. Both businesses and customers have an incentive to join PayNet because…

A business who sees a customer holding a card from PayNet knows that that customer is good for their purchases, and a customer of a business who accepts that card knows they won’t have to bring cash along.

So PayNet is growing and giving cards out to consumers and contracting with more and more businesses. Here are a few other ways you might continue to grow PayNet:

Observation Solution
Customers don’t want to have to bring cash or write a check to every single business they owe money to at the end of the month. PayNet decides to aggregate tabs and money movement. Now, customers can pay PayNet a single amount for all of their payments and PayNet will disburse the funds to the relevant businesses.
Businesses aren’t joining PayNet as quickly as you want, and you hear that it’s because they hate having to wait until the end of the month to get paid. PayNet starts paying businesses immediately out of its own pocket before being paid by customers, essentially becoming a creditor to customers. PayNet starts having to manage credit issuing, interest accrual, and collections.
You get reports that customers are putting purchases on PayNet that they don’t have the money to cover. Businesses have no way of knowing a customer’s creditworthiness before they sell their gum (or other goods/services), and so many customers are defaulting on their loans. PayNet introduces a real-time authorization system. Now, instead of businesses submitting account numbers and totals at month end, they submit them at the time of sale, and thanks to modern communications technology, PayNet can tell them real-time whether or not a customer is good for the purchase.
You start getting reports of customers and businesses defrauding each other via PayNet. Customers are using stolen PayNet account numbers to buy things, and businesses are collecting PayNet account numbers but not providing promised goods or services. PayNet introduces the notion of a chargeback, which allows for returning money to a PayNet customer from a business in case of a fraudulent sale. Along with this, you must introduce standards for what customers and businesses need to do to establish a transaction’s legitimacy.
PayNet continues to grow, and realizes that it doesn’t have the best skills at managing credit lines or attracting a customer base. In fact, there are existing entities out there (banks) that do this really well. PayNet starts working with third parties (i.e., banks) who extend the credit themselves and issue cards to consumers, which can be used to pay any business that’s set up on your network. You might call these partners “issuing banks“.
There’s a lot of overhead in selling PayNet to businesses and getting them set up and trained to accept payments via your network. Also, the concept of a chargeback, which we introduced earlier, results in some underwriting risk on the business side (that it won’t be able to cover the cost of any chargebacks it may incur). Turns out banks are also pretty good at underwriting businesses.1 PayNet starts working with banks who sell PayNet to businesses and get them set up, and also underwrite them for chargeback (and other) risks. You might call these partners “acquiring banks“.

Congratulations, PayNet has just evolved into an effective equivalent of MasterCard or Visa. This is how (and why) those companies exist!

Card Industry Overview

So now that we’ve traced how and why the credit card industry came to be, let’s examine the present state of things.

Quick Tip: POS means “point of sale”, which is where a card is presented for a purchase. Examples include a retailer’s cash register or an e-commerce checkout.

Here are the primary players in the industry:

  • Networks (a.k.a. card associations) – Networks like MasterCard and Visa maintain communication networks which enable issuers and acquirers to talk to each other on behalf of cardholders and merchants. They also define the rules and protocols (i.e., structure, order, timing) for messaging between the banks. Incidentally, they also are responsible for setting the most important component of pricing in the credit card industry, which determines how much a merchant will need to pay for card acceptance.2
  • Issuers – Issuer are responsible for how cardholders access and use the networks. They market and issue cards (and credit) to consumers and businesses, run rewards programs and customer support, and are also the main party that handles fraud monitoring.
    • Issuing Partner (affinity / co-branded partner)
  • Acquirers – Acquirers are responsible for setting up businesses to accept credit cards, either at the point of sale (POS) or online (e-commerce). Most importantly, they underwrite new businesses for acceptance by providing assurances that they will cover any liabilities a business may default upon (e.g., via chargebacks or other bankruptcy). They also provide hardware or software for acceptance, handle marketing to and support of businesses, and are responsible for funding transactions to an accepting merchant’s bank account. Acquirers also charge fees to merchants for card acceptance, which get divvied between the acquirers, issuers, and card networks.
    • Independent Sales Organizations (ISOs) – These organizations re-sell acquirer services, taking responsibility for everything that an acquirer would otherwise do (except, in most cases, making underwriting decisions). They often partner with processors and POS hardware/software providers to fulfill services.
    • Processors – There’s a lot of complexity involved with authorization message creation and transaction routing, so many times separate entities called “processors” handle the technical nitty-gritty of communications with the networks and issuers.
    • POS Providers – Whether it’s a Square reader or chip insert, there are many companies that manufacture the devices that sit at a point of sale for the acceptance of a card. These are most often tied into software that tracks inventory. Some software providers add features like business insights, loyalty programs, and more.
  • Cardholders – Consumers or businesses who apply for and receive cards attached to credit lines.
  • Merchants – Businesses that accept cards. They are responsible for following rules of acceptance, which include various security measures along with marketing the fact that they accept cards to their customers.

Here’s that same diagram again, for reference.

How does American Express fit into all this?
So we’ve talked about MasterCard and Visa, but thus far made no mention of American Express. That’s because they run a slightly different model than the rest of the credit card industry, in that they are both the card network, issuer, and acquirer.3 In other words, they are the PayNet that never outsourced cardholder and merchant relations to the banks. As a result, they’ve been able to exert more control (and revenue) from the industry, and they also know a little more about their cardholders and merchants than the other networks (since they don’t have the banks sitting in between them).

And finally, here’s what happens at the point of sale:

  1. The cardholder presents his/her card to pay a merchant.
  2. The merchant swipes (or inserts) the card using a POS machine.
  3. The POS machine transmits card and purchase information to the acquirer.
  4. The acquirer decides whether it’d like to support the transaction.4
  5. The acquirer constructs a message for the issuer, asking if they will approve the funds.
    • If the acquirer wishes to decline the transaction, skip to step #11.
  6. The acquirer passes the message onto the card network.
  7. The card network verifies the message and passes it onto the issuer.5
  8. The issuer receives the message and decides whether it’d like to support the transaction.6
  9. The issuer constructs a message (approve or decline) and passes the message onto the card network.
  10. The card network verifies the message and passes it onto the acquirer.
  11. The acquirer passes the message back to the POS machine.
  12. The POS machine displays the approval or decline message.
  13. The merchant responds to the POS machine read-out accordingly.


  1. “Underwriting” a business means that a party will assume the liabilities if the business isn’t able to pay its debts.
  2. I hope to cover the economics of the credit card industry in greater depth in a future post.
  3. This is called a “closed loop” model, as opposed to MasterCard and Visa’s “open loop” models.
  4. Reasons why an acquirer may decline a transaction is if it looks obviously fraudulent or if the acquirer isn’t willing to underwrite the business for the amount of the transaction.
  5. “Verifying” a message involves confirming that both the format and content of the message adheres to the specifications set forth by the card networks, which ensure that all the bank are “speaking the same language”. There may also be some routing implications based on the information included in the message. Rarely, card networks will also contribute fraud-related decisions into the authorization flow.
  6. Reasons why an issuer may decline a transaction is if it looks fraudulent or the issuer isn’t willing to cover credit to the cardholder for the amount of the transaction.