How Credit Card Works
A credit card transaction involves multiple parties — cardholder, merchant, acquirer, card network, and issuer — completing a full authorization cycle in under two seconds. Understanding this flow is essential for diagnosing declined transactions, optimizing authorization rates, and building reliable payment integrations. Every step from tap to settlement carries fees and risk exposure that directly affect merchant economics.
Cardholder initiates payment
The cardholder presents their credit card at checkout — by tapping, dipping an EMV chip, swiping the magnetic stripe, or entering card details in an online form. The merchant's terminal or payment gateway captures the card data and constructs an authorization request containing the card number, expiry, amount, and merchant identifier.
Request routes through the card network
The authorization request travels from the merchant's acquirer to the card network (Visa, Mastercard, Amex, or Discover), which identifies the issuing bank and routes the message accordingly. The network acts as the messaging backbone between the acquiring and issuing sides, applying its own fraud scoring and routing logic before forwarding.
Issuer approves or declines
The issuing bank checks the cardholder's available credit limit, account standing, and real-time fraud signals before returning an authorization code or a decline code. Soft declines — such as "insufficient funds" or "do not honor" — may be retried after a suitable interval. Hard declines — such as "invalid account number" — indicate the card is permanently unusable and should not be retried.
Transaction is captured
After the sale is complete, the merchant submits a capture request to finalize the authorized amount. For in-store transactions, authorization and capture typically happen simultaneously. For ecommerce and hospitality, they are often separated — a hotel pre-authorizes on check-in and captures the final amount on check-out, which may differ from the original hold.
Clearing and settlement
At end of day, the acquirer batches all captured transactions and submits them to the card network for clearing. The network debits the issuer and credits the acquirer, typically within one to two business days. The merchant receives the net settlement amount after interchange fees, scheme assessments, and acquirer markup are deducted from gross sales.
Why Credit Card Matters
Credit cards are the most widely accepted electronic payment instrument on the planet, forming the backbone of both in-store and online commerce. Their ubiquity, consumer credit functionality, and built-in dispute protections make them the default payment method across developed markets. For merchants, accepting credit cards is not optional — it is a prerequisite for doing business at scale in ecommerce.
Global credit card spending exceeded $10.6 trillion in 2023, according to the Nilson Report, accounting for roughly 35% of all non-cash consumer transactions worldwide. In the United States, credit cards represented approximately 40% of consumer payment volume by value as of 2024, ahead of debit cards, ACH transfers, and all other instruments combined. The global number of active credit cards surpassed 2.8 billion by end of 2023, with Visa and Mastercard together holding over 80% of network market share outside of China.
Why interchange rates vary
Interchange is not a flat fee. Rates differ by card type (consumer vs. corporate vs. rewards), transaction method (card-present vs. card-not-present), and merchant category code. A grocery store pays lower interchange than a travel agency on the same transaction value. Understanding your card mix is essential for accurate cost modeling.
Credit Card vs. Debit Card
Credit and debit cards share the same physical form factor and are accepted on the same terminals, but they function very differently at the authorization and settlement layer. Merchants often treat them interchangeably at checkout, but the economics, risk profiles, and chargeback rules are meaningfully distinct.
| Attribute | Credit Card | Debit Card |
|---|---|---|
| Funding source | Revolving line of credit from the issuer | Cardholder's bank account (real-time debit) |
| Interchange rate | 1.5%–3.5% (higher) | 0.05%–1.3% (lower; regulated in some markets) |
| Chargeback window | 60–120 days depending on network | 60–120 days (varies; PIN debit often shorter) |
| Consumer liability | Capped at $50 or zero under most regulations | Up to $500 if reported late |
| Overdraft risk | None — credit limit enforced by issuer | Possible if overdraft protection is enabled |
| 3D Secure support | Yes — required for CNP in many markets | Yes, though PIN-debit is often exempt |
| Common use case | Ecommerce, travel, subscriptions, B2B | In-store, everyday low-value purchases |
Types of Credit Card
Credit cards span a wide range of products, each designed for a different cardholder profile and use case. For merchants, the card type mix in your transaction volume directly determines your effective interchange cost — sometimes varying by a factor of two or more.
Standard and classic cards carry no rewards program and the lowest interchange rates. They are the baseline product issuers offer to cardholders with average credit profiles and represent the cheapest card type for merchants to accept.
Rewards cards — including cashback, points, and travel miles variants — fund their benefits through elevated interchange rates charged to merchants. A premium travel rewards card may carry interchange above 3%, compared to under 2% for a standard consumer card.
Business and corporate cards are issued to companies rather than individuals. They carry high interchange rates and are common in B2B ecommerce, SaaS billing, and managed travel programs. Fleet and purchasing cards fall under this category.
Secured credit cards require the cardholder to provide a cash deposit as collateral, making them accessible to people with limited or damaged credit history. From a merchant's perspective, the authorization flow is identical to unsecured cards.
Charge cards require full repayment at the end of each billing cycle with no option to carry a revolving balance. American Express historically issued charge cards and still offers them alongside revolving credit card products.
Co-branded cards are issued through a partnership between a bank and a retailer, airline, or hotel chain. They carry brand-specific rewards and higher interchange, and they often drive loyalty behavior that increases customer lifetime value for the co-brand partner.
Best Practices
For Merchants
Accept all four major card networks — Visa, Mastercard, Amex, and Discover — to avoid turning away customers at checkout. Displaying accepted card logos during the checkout flow reduces cart abandonment by setting payment expectations before users reach the payment step. Monitor your chargeback ratio closely: networks enforce thresholds — typically 1% of transaction count for Visa and 1.5% for Mastercard — beyond which merchants face fines, higher interchange, or program termination.
Implement network tokenization through your payment gateway to replace raw card numbers with network-issued tokens. This improves authorization rates on recurring charges and significantly limits your exposure in the event of a data breach. Enable account updater services to automatically refresh expired or replaced card credentials for active subscribers — this single change typically recovers 2%–5% of involuntary churn.
Negotiate your merchant discount rate based on monthly volume and your actual card mix. High-volume merchants often benefit from interchange-plus pricing, which separates pass-through interchange from acquirer markup, giving full visibility into per-transaction costs and enabling data-driven acceptance optimization.
For Developers
Implement 3D Secure 2 (3DS2) for card-not-present transactions to shift fraud liability from the merchant to the issuer on successfully authenticated transactions. Use the frictionless authentication flow for low-risk transactions to preserve checkout conversion, reserving the challenge flow for higher-risk signals. Handle all authorization response codes explicitly: distinguish soft declines (retry after delay), hard declines (do not retry), and referral codes (require cardholder action).
Store card credentials as payment tokens — never as raw primary account numbers. Handling raw card data dramatically expands your PCI DSS scope; using a certified token vault or your gateway's vault service reduces your compliance surface to the minimum. When building recurring billing, implement retry logic aligned with Visa and Mastercard network retry guidelines, which specify maximum retry counts and time windows to prevent excessive retries that can trigger issuer-level blocks on your merchant ID.
Common Mistakes
Credit cards are well-understood at a surface level but generate consistent implementation errors in payment systems. Most of these mistakes are invisible until they show up as lost revenue, compliance violations, or merchant account termination.
Conflating authorization and capture as a single step. Defaulting to immediate capture is correct for retail POS but wrong for marketplaces, hospitality, and order-based fulfillment. Failing to model the two steps separately leads to over-captures, revenue discrepancies, and disputes when the captured amount differs from what a customer expects.
Treating all declines as permanent. A "do not honor" soft decline from an issuer frequently succeeds on the next attempt — sometimes hours later or with a different acquirer. Hard declines such as "invalid card number" should never be retried automatically. Not differentiating between decline types results in both lost revenue and unnecessary cardholder friction.
Skipping edge-case testing in sandbox environments. Developers commonly test only the approved transaction path. Expired card, CVV mismatch, AVS mismatch, insufficient funds, and 3DS challenge flows must all be explicitly tested before going live, as each requires distinct handling in the UI and backend logic.
Storing CVV values after authorization. This is a direct violation of PCI DSS Requirement 3.2 and the most common mistake made by early-stage teams that log full request and response payloads. The CVV must be discarded immediately after the authorization response is received and must never be written to logs, databases, or analytics streams.
Underestimating interchange cost variance. Assuming a single blended "credit card fee" in financial models ignores the two-to-three times difference between a basic consumer card and a premium corporate rewards card. Build cost models that segment interchange by card type using real transaction data — especially before pricing a product or entering a new market.
Credit Card and Tagada
Tagada is a payment orchestration platform that sits between merchants and their acquirers, routing credit card transactions intelligently to maximize authorization rates and minimize processing costs. Rather than sending every transaction through a single acquirer, Tagada evaluates each transaction in real time and selects the optimal routing path based on card type, issuing geography, and live acquirer performance metrics.
Tagada's smart routing engine automatically retries soft-declined credit card transactions through a secondary acquirer, recovering authorization failures that would otherwise result in lost sales — with no engineering intervention required on the merchant side.
For merchants processing international credit card volume, Tagada's network of acquiring relationships enables local acquiring in key markets, reducing cross-border fees and improving authorization rates for cards issued outside the merchant's primary market. Credit card cost visibility is built directly into the Tagada dashboard, breaking down interchange, scheme fees, and acquirer markup at the individual transaction level — giving merchants the data needed to optimize their card acceptance strategy with precision.