What Actually Happens When You Swipe Your Card

Written By Azsha Preble

You tap your card at a coffee shop. Two seconds later, the terminal beeps, the barista hands you your drink, and you walk away. The whole thing feels instant, almost invisible.

But in that two seconds, your card traveled across at least four different companies, triggered a series of authorization checks, and set in motion a money movement that won't fully settle for another day or two.

Here's what's actually happening.

The four parties involved

Most people think of a card transaction as a two party exchange: you and the merchant. You hand over your card, they give you the thing, money moves. Simple.

It's not two parties. It's four, and understanding who they are changes how you think about everything from why payments fail to why your rewards card costs merchants more to accept.

1. You (the cardholder)

You have a card. That card was issued to you by a bank: your bank. It has a network logo on it (Visa, Mastercard, Amex, Discover), but that logo doesn't mean the network is your bank.

2. Your issuing bank

This is the bank that gave you the card. Chase, Bank of America, Capital One, your local credit union; whoever approved you and is extending you credit (or holding your debit funds). The issuer is the one on the hook if you don't pay. They set your credit limit, your interest rate, and your rewards program. The network logo on your card is essentially a license: it means your bank has agreed to route transactions through that network.

3. The merchant's acquiring bank

The coffee shop doesn't process payments themselves. They have a relationship with a bank (or payment processor) that handles card acceptance on their behalf. This is called the acquiring bank, or acquirer. You've probably never heard of them: companies like Worldpay, Fiserv, or Chase Merchant Services sit in this role. The acquirer is the one who sets up the merchant's terminal, holds their funds, and deposits money into their business account.

4. The card network

Visa, Mastercard, Amex, Discover. This is the infrastructure layer that connect your bank to the merchant's bank. The network doesn't hold your money and it doesn't issue your card. It routes the transaction, sets the rules everyone has to follow, and takes a small cut for doing so.

What happens in those two seconds

When you tap your card, here's the sequence:

Step 1: The terminal reads your card

Your card (chip, tap, or swipe) sends your card number, expiration date, and a cryptographic token to the merchant's payment terminal. The token is important: it’s code generated by your chip that proves the physical card is present without transmitting your actual card number in a reusable form.

Step 2: Authorization request goes to the acquirer

The terminal sends a transaction request to the merchant's acquiring bank (or processor). This includes the amount, the card details, and a bunch of metadata about the merchant.

Step 3: The network routes it

The acquirer passes the request to the card network (ex Visa or Mastercard or whoever) which identifies which bank issued the card and routes the request there.

Step 4: Your bank makes a decision

Your issuing bank receives the authorization request and runs it through its own logic: Is this card valid? Is there enough credit or funds available? Does this transaction look fraudulent? Does it match your spending patterns? This happens in milliseconds.

The bank responds with one of three answers: approved, declined, or referred (which means "I need more information before I can decide"). That response travels back through the network to the acquirer to the terminal.

Step 5: The terminal responds

The terminal receives the approval or decline. If approved, the terminal beeps, you get your coffee, and a hold is placed on your available credit or funds for the transaction amount. Money has not actually moved yet.

Wait — the money hasn't moved yet?

Correct. Authorization and settlement are two different things.

Authorization is the bank saying "yes, this person has the funds and this transaction looks legitimate, I'll reserve this amount." Settlement is when money actually changes hands.

Settlement typically happens at the end of the merchant's business day, when they batch all their approved transactions and submit them for processing. The network clears those transactions, funds flow from your issuing bank through the network to the acquirer, and the acquirer deposits the money into the merchant's account, usually within one to two business days.

This is why sometimes a charge appears as "pending" on your account before it posts. The pending state reflects the authorization hold. The posted transaction is settlement.

It's also why your available balance can drop immediately even before the transaction shows up as a completed charge: the hold is real, even though the final transaction isn't posted yet.

In person vs. online: what's different

The four party structure is the same whether you're buying a coffee in person or a pair of shoes online. But a few things change.

Card present vs. card not present

When you tap or insert your physical card, the transaction is "card present." Your chip generates that cryptographic token proving the card is physically there. This is a strong fraud signal that is hard to fake.

When you buy something online, you're typing in your card number, expiration date, and CVV. There's no chip, no token. This is called a "card not present" transaction, and it carries higher fraud risk- which is why interchange fees (the fee the merchant pays) are higher for online purchases, and why you sometimes get hit with additional verification steps like entering a one time code from your bank.

3D Secure and step up authentication

You've probably noticed that some online purchases ask you to verify through your bank's app or enter a code texted to your phone before the transaction completes. This is called 3D Secure (or 3DS) — an additional authentication layer that shifts fraud liability back to your bank if the transaction later turns out to be fraudulent. Merchants can choose whether to implement it; it adds friction but reduces their chargeback exposure.

Saved cards and tokens

When you save your card with a merchant or a digital wallet like Apple Pay or Google Pay, your actual card number is usually not stored. Instead, the merchant or wallet stores a token — a surrogate number that maps to your real card on the network's side. This means that if the merchant gets breached, your card number isn't in their database to steal. It's a significant security improvement over how things worked fifteen years ago.

Where the money goes (and who takes a cut)

Every card transaction involves fees, and they flow in ways most consumers — and honestly, many merchants — don't fully understand.

When you pay $5 for a coffee, the merchant doesn't receive $5. They receive something like $4.85 to $4.95, depending on the card type and their processing arrangement. Here's where the rest goes:

Interchange fee — This is the largest piece, and it goes to your issuing bank. It's a percentage of the transaction (plus sometimes a fixed per-transaction amount) that the acquirer pays to the issuer. Interchange rates are set by the card networks and vary based on card type, merchant category, and whether the transaction is card-present or card-not-present. Rewards cards have higher interchange than basic debit cards — your bank needs to fund those points and miles somehow.

Network assessment fee — A smaller fee that goes to Visa, Mastercard, or whichever network processed the transaction. This is how the network makes money.

Acquirer/processor markup — The merchant's acquiring bank or payment processor takes a margin on top of interchange and network fees. This is where the pricing models that merchants actually sign up for (flat rate, interchange-plus, tiered) come from.

The total of all these fees is what's called the merchant discount rate — the percentage of each transaction the merchant pays to accept cards. For small businesses, this can meaningfully affect margins. For large merchants with negotiating power, these rates are negotiated directly with acquirers and networks.

Why payments sometimes fail

A declined card usually isn't a network problem. It's an issuer problem.

The most common reasons a transaction gets declined:

  • Insufficient funds or credit

  • The bank's fraud detection flagged something unusual (new merchant, unusual amount, different location than normal)

  • The card is expired or frozen

  • Billing address mismatch (common for card-not-present transactions)

  • The merchant's terminal or acquirer has a technical issue

From a merchant's perspective, a declined transaction is lost revenue — which is why payments teams spend significant effort on authorization rate optimization. Retrying failed transactions at the right time, updating expired cards automatically, and routing transactions intelligently across networks can recover meaningful revenue at scale. But that's a topic for another post.

The short version

When you tap your card, you're not just paying a merchant. You're triggering a real-time conversation between four parties — your bank, the merchant's bank, the card network, and the merchant's terminal — that involves authorization checks, fraud scoring, fee calculations, and a settlement process that plays out over the next day or two.

The payment feels invisible because the infrastructure is very good. But the infrastructure is also why your bank can sometimes flag a legitimate purchase as fraud, why online transactions cost merchants more to accept than in-person ones, and why the logo on your card is less important than you might think.

If you’re interested in learning more, check out Anatomy Of The Swipe by Ahmed Siddiqui

Next post: now that you understand the rails, let's talk about the two companies that own them — and what's actually different between Visa and Mastercard.

Azsha Preble
Previous

Mercury Fintech Bank Charter: OCC Approval, BaaS, and What Comes Next
Next

Cybersecurity in Fintech: We’re Entering the Systemic Risk Era