How Online Payments Work

Online Payments

Download PNG Save to Pinterest

Related Tools

Related Labs

Related Worksheets

Related Cheat Sheets

Online payments let a customer send money to a merchant through a chain of secure computer systems in only a few seconds. When a shopper taps Pay, the website or app does not simply hand over a card number and move cash directly. Instead, it starts a coordinated process involving encryption, tokenization, payment gateways, card networks, banks, and fraud checks. Understanding this process matters because it connects computer science ideas like networks, security, authentication, and databases to a tool people use every day.

A typical payment begins at checkout, where the customer device sends payment details through a secure connection to a payment processor or gateway. Sensitive card data may be replaced by a token, which is a limited-use substitute that is safer to transmit and store. The request travels to the correct card network and issuing bank, where the transaction is approved or declined based on identity, funds, risk, and account rules. After authorization, the merchant can complete the sale, and settlement later moves money between banks.

Key Facts

HTTPS uses TLS to encrypt payment data between the customer device and the payment server.
A payment token is a substitute value that represents sensitive card data without exposing the actual card number.
Authorization asks the issuing bank if a transaction should be approved before the merchant completes the sale.
Settlement is the later transfer of money from the customer side of the banking system to the merchant side.
Total cost = item price + tax + shipping + fees, when those charges apply.
Fraud systems often compute a risk score using signals such as device, location, purchase amount, and account history.

Vocabulary

Payment gateway: A payment gateway is a service that securely sends payment information from a merchant to payment processors and banking networks.
Encryption: Encryption is the process of converting readable data into coded data so that unauthorized users cannot understand it.
Tokenization: Tokenization replaces sensitive payment data with a substitute token that is useful for a transaction but safer if intercepted.
Authorization: Authorization is the step where the issuing bank approves or declines a payment request before the purchase is finalized.
Settlement: Settlement is the process of transferring funds between banks after a payment has been authorized and captured.

Common Mistakes to Avoid

Thinking the merchant always stores the full card number, which is wrong because many systems store only tokens or limited payment references to reduce risk.
Confusing authorization with settlement, which is wrong because authorization checks approval first while settlement moves money later.
Assuming encryption and tokenization are the same thing, which is wrong because encryption hides data using a key while tokenization replaces data with a different value.
Ignoring network failures or timeouts, which is wrong because payment systems must handle duplicate clicks, delayed replies, and retries without charging the customer twice.

Practice Questions

1 A checkout total includes a $48 item,$ 3.60 tax, $5 shipping, and a$ 1.20 processing fee. What amount is sent in the payment request?
2 A payment gateway processes 2,400 transactions in 1 hour. If the rate is constant, how many transactions does it process per minute?
3 A merchant receives an authorization approval, but settlement has not happened yet. Explain why the customer can leave with the order even though the money may not have fully moved between banks.

Sign in to save