Cards & Card Schemes
Overviewโ
Payment cards (debit and credit) are one of the most widely used payment methods globally. They operate on card schemes โ networks that define rules, standards, and infrastructure for card transactions. Understanding card payments is fundamental for any banking professional.
Card Typesโ
| Type | Description | Funding Source |
|---|---|---|
| Debit Card | Directly debits customer's bank account | Own funds (transaction/savings account) |
| Credit Card | Draws on a credit limit; pay later | Credit extended by issuing bank |
| Prepaid Card | Pre-loaded with a fixed amount | Pre-funded, not linked to bank account |
| Charge Card | Balance must be paid in full monthly | Credit extended; no revolving balance |
| Virtual Card | Card number without physical card | Digital โ for online/API use |
Major Card Schemesโ
| Scheme | Origin | Network Type | Known For |
|---|---|---|---|
| Visa | USA | Open (4-party) | Largest global network |
| Mastercard | USA | Open (4-party) | Second largest; Cirrus/Maestro |
| American Express (Amex) | USA | Closed (3-party) | Premium, high spend |
| eftpos | Australia | Domestic | Low-cost AU debit; proprietary |
| UnionPay | China | Open/Closed | Largest by cardholders |
| JCB | Japan | Closed | Japan-focused, global acceptance |
4-Party vs 3-Party (Closed Loop) Modelsโ
4-Party (Open Loop) โ Visa / Mastercardโ
Cardholder โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโบ Merchant
โ โ
โ โ
Issuing Bank Acquiring Bank
(Customer's bank, (Merchant's bank,
issues the card) processes transactions)
โ โ
โโโโโโโโโโโโ Card Scheme Network โโโโโโโโโโโโโโ
(Visa / Mastercard)
Sets rules, routes, settles
3-Party (Closed Loop) โ Amex / eftpos (domestic)โ
Cardholder โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโบ Merchant
โ โ
โโโโโโโโโโโโโ Single Network โโโโโโโโโโโโโโโโโโ
(Amex / eftpos)
Acts as issuer AND acquirer
Controls full chain
Card Transaction Flow (4-Party, Online)โ
Customer taps/swipes card at merchant
โ
โผ
POS Terminal
โ Authorization Request
โผ
Acquiring Bank (Merchant's Bank)
โ Forward auth request
โผ
Card Scheme Network (Visa/MC)
โ Route to issuer
โผ
Issuing Bank (Customer's Bank)
โ Check: valid card? sufficient funds? fraud check?
โผ
โโโโโโดโโโโโ
โ โ
APPROVE DECLINE
โ
โผ
Auth Response back through chain:
Issuing Bank โ Scheme โ Acquirer โ Terminal โ Customer
APPROVED:
โโโ Terminal prints/displays "APPROVED"
โโโ Issuing Bank places HOLD on account
โโโ Merchant receives auth code
SETTLEMENT (end of day or next day):
โโโ Merchant submits batch of auth codes
โโโ Acquirer sends to scheme
โโโ Scheme routes to issuers
โโโ Issuers convert holds to final debits
โโโ Net settlement via scheme (next business day)
Key Card Payment Conceptsโ
Authorization vs Settlementโ
AUTHORIZATION:
- Happens in real-time at point of sale
- Issuing bank places a HOLD on the account
- Funds NOT yet moved
- Auth code returned (6-digit)
- Auth is valid for typically 7โ30 days
CLEARING:
- Merchant submits transaction data to acquirer
- Scheme processes and matches to authorization
- Interchange fees calculated
SETTLEMENT:
- Actual funds movement
- Issuing bank converts hold to final debit
- Acquirer credits merchant's account
- Net settlement via scheme
Interchange Feesโ
Cardholder pays $100 to Merchant
Scheme fee: $0.30 (goes to Visa/MC)
Interchange fee: $0.60 (goes to Issuing Bank โ card reward funded here)
Acquirer margin: $0.20 (Acquiring Bank keeps)
โโโโโโโโโโโโโโโโโโโโโโ
Merchant receives: $98.90 (Merchant Discount Rate = 1.1%)
MDR (Merchant Discount Rate) = Interchange + Scheme fee + Acquirer margin
Card Networks and Least-Cost Routing (LCR)โ
In Australia, merchants can route debit transactions over eftpos (cheaper) instead of Visa/Mastercard:
Customer's debit card supports: Visa Debit AND eftpos
Merchant terminal routes via eftpos (cheaper interchange)
โ Issuing Bank processes as eftpos transaction
โ Lower cost to merchant
This is called Least-Cost Routing (LCR) โ mandated to be available in Australia.
Card Securityโ
EMV Chipโ
- EMV = Europay, Mastercard, Visa standard
- Chip generates a unique cryptogram per transaction (cannot be cloned like magnetic stripe)
- Chip + PIN is more secure than swipe + signature
CNP (Card Not Present) โ Online Transactionsโ
- Higher fraud risk since card is not physically present
- Controls:
- CVV/CVC (3โ4 digit card verification value)
- 3D Secure (3DS) โ additional authentication via bank (OTP, biometric)
- Address Verification Service (AVS)
Tokenisationโ
Real card number: 4111 1111 1111 1111
Token: 9876 5432 1098 7654 (merchant stores this, not real PAN)
Mapping only held by: Card scheme token vault / issuing bank
Benefit: Merchant breach doesn't expose real card numbers
PCI-DSSโ
Payment Card Industry Data Security Standard โ compliance required for any entity that stores, processes, or transmits card data:
- 12 core requirements including encryption, access controls, monitoring
- Annual audit (QSA) for large merchants; self-assessment for small
- Non-compliance: fines and losing ability to accept cards
Card Disputes & Chargebacksโ
When a cardholder disputes a transaction:
1. Cardholder contacts issuing bank:
"I didn't make this transaction" / "Item not received"
2. Issuing Bank:
โโโ Provisional credit to cardholder
โโโ Initiates chargeback via scheme
3. Scheme routes chargeback to Acquiring Bank
4. Acquiring Bank:
โโโ Notifies merchant
โโโ Debits merchant's account (provisional)
5. Merchant can:
โโโ ACCEPT chargeback (no dispute, merchant loses funds)
โโโ DISPUTE with evidence (proof of delivery, signed receipt)
6. Scheme arbitrates if both sides disagree
7. Final outcome:
โโโ Cardholder wins โ funds returned to cardholder
โโโ Merchant wins โ merchant keeps funds, cardholder recharged
Chargeback Reason Codes (Visa examples)โ
| Code | Reason |
|---|---|
10.1 | EMV Liability Shift โ counterfeit fraud |
10.4 | Other Fraud โ Card Absent Environment |
11.1 | Card Recovery Bulletin |
12.1 | Late Presentment (too late to settle) |
13.1 | Merchandise / Services Not Received |
13.3 | Not as Described |
13.6 | Credit Not Processed |
eftpos (Australian Domestic Scheme)โ
eftpos is Australia's domestic debit card scheme:
Network: Proprietary (domestic AU)
Operator: eftpos Payments Australia Limited (ePAL)
Card type: Debit only
Key feature: Lower interchange fees than Visa Debit/Mastercard Debit
Cashout: eftpos supports cashout at point of sale (unique to AU)
Availability: POS terminals; limited online acceptance
eftpos CHQ โ debit from cheque/transaction account
eftpos SAV โ debit from savings account
Note: eftpos is being upgraded with digital capabilities
(eftpos token, online payments) to compete with Visa/MC
Java Spring Notesโ
// Card authorization request processing
@Service
public class CardAuthorizationService {
public AuthorizationResponse authorize(AuthorizationRequest request) {
// Validate card
Card card = cardRepository.findByPan(request.getTokenizedPan())
.orElseThrow(() -> new CardNotFoundException());
if (card.getStatus() != CardStatus.ACTIVE) {
return AuthorizationResponse.decline(DeclineCode.CARD_BLOCKED);
}
// Check balance / credit limit
Account account = accountService.getLinkedAccount(card);
if (!account.hasSufficientFunds(request.getAmount())) {
return AuthorizationResponse.decline(DeclineCode.INSUFFICIENT_FUNDS);
}
// Fraud check
FraudDecision fraud = fraudService.assess(request, card, account);
if (fraud == FraudDecision.BLOCK) {
return AuthorizationResponse.decline(DeclineCode.FRAUD_SUSPECTED);
}
// Place hold
String holdId = accountService.createHold(
account.getId(),
request.getAmount(),
request.getMerchantId()
);
String authCode = authCodeGenerator.generate();
return AuthorizationResponse.approve(authCode, holdId);
}
}
Related Conceptsโ
- fraud.md โ Card fraud and CNP fraud
- account_types.md โ Debit cards linked to transaction accounts
- inbound.md โ Merchant settlement is an inbound credit
- outbound.md โ Card debit is an outbound from customer's perspective
- aml_kyc.md โ KYC required for card issuance
Interview Questions (Senior Level)โ
- How do you reduce card fraud while preserving checkout conversion rates?
- What trade-offs drive scheme routing decisions between domestic and international rails?
- How do you design chargeback operations to control losses and customer friction?
- Which controls are required for PCI scope reduction in modern card platforms?
Short answer guide:
- Use layered controls: risk scoring, 3DS strategy, and tokenization.
- Route by cost, acceptance, and dispute profile constraints.
- Standardize evidence workflows and reason-code analytics.
- Minimize PAN exposure and segment systems rigorously.
Interview Focus
Connect auth, clearing, settlement, and chargeback operations into one coherent lifecycle.
Interview Trap
Treating authorization approval as equivalent to settled funds.