If you're making payment decisions at your company, here's an uncomfortable truth: most executives can't explain what actually happens when a customer pays. And that knowledge gap is expensive. It shows up in vendor negotiations. In partner selection. In fraud exposure. In compliance risk. And ultimately, in your margins. In our What the FAQ? series, we answer the questions people in payments are afraid to ask out loud. This time: three questions about the mechanics of a transaction. You'll get the 'what'? For the 'how', welcome to the PaymentGenes Academy.
Every time a customer taps a card, at least five different companies get a cut. Most executives can only name two.
When a payment happens, it doesn't just move from the customer to the merchant. It travels through a network of specialised players, each with a distinct role, and each taking a fee.
At the core, there are four: the cardholder, the merchant, the issuer (the cardholder's bank), and the acquirer (the merchant's bank). Sitting in the middle, connecting everything, is the card scheme, Visa, Mastercard, and others. Around this core sit the payment gateway and the PSP, routing, authorising, and optimising the transaction.
Five players. Sometimes more. All on a single card swipe.
Why this matters for your business: Beyond a cost stack, payments is a revenue engine. Every player in the chain influences both what you pay and whether a transaction succeeds. If you don’t understand who does what, you can’t optimise either.
On the cost side, lack of transparency leads to unnecessary fees, poor routing, and missed optimisation opportunities.
On the revenue side, it’s even more critical: issuer decisions, authentication flows, and routing logic directly impact approval rates, often without merchants knowing where transactions fail or why.
The real challenge is turning payments from an operational necessity into a strategic capability, with clear ownership, visibility, and control across the stack.
That's the map we draw in detail in the PaymentGenes Academy.
A card payment feels instant. It isn't. And the 2–3 seconds between tap and approval is where your revenue quietly leaks.
Behind that "approved" message is a choreographed sequence: an authorisation request from the merchant, routing through the acquirer to the card scheme to the issuer, a battery of fraud and risk checks, an approval or decline, and then — days later — clearing and settlement (typically T+1 to T+3).
And not all transactions are equal. Economics vary significantly by card type (consumer vs commercial), channel, and geography. In some cases — particularly for commercial cards — providing enhanced transaction data (Level 2/3) can help qualify for more favourable interchange programs, but this is market- and scheme-dependent.
Small optimisations inside the transaction flow compound into serious money. Since launching network tokens in 2014, Visa has issued 12.6 billion of them. In 2024 alone, the network saw a 44% year-over-year surge, translating into a 6% improvement in approvals and a 30% reduction in fraud. (Visa acceptance)
That's the difference between a company that reads the transaction flow and a company that just watches it happen.
Why this matters for your business: Transactions fail in specific places, for specific reasons. If you don’t know where or why, you can’t fix it.
On the cost side, merchants often leave money on the table due to suboptimal routing, card mix, or — in some cases — not qualifying for more favourable commercial card programs (e.g., through enhanced data where relevant).
On the conversion side, companies with chronic decline rates often can’t tell whether the issue sits with the issuer, the scheme, their acquirer setup, or their own checkout and authentication flows — making optimisation largely guesswork.
Once you can read a transaction flow, you stop guessing why payments fail, and start seeing exactly where margin is hiding.
Three terms. Three completely different purposes. Confusing them can cost you conversion, compliance, or both.
3D Secure is an authentication protocol for online card payments, the extra verification step that confirms the cardholder is really the cardholder.
SCA (Strong Customer Authentication) is a regulatory requirement under PSD2 in Europe, mandating two-factor authentication for most electronic payments.
Tokenization is a data protection method, it replaces sensitive card data with a token, so the real card number is never stored or transmitted.
They often work together. But they solve three different problems: authentication, regulation, and data security.
The old assumption was simple: more 3DS = more security, but also more friction and lost sales. Shopify challenged that trade-off directly.
In January 2025, Shopify Payments introduced a machine-learning preauthorization model to intelligently determine when to initiate 3DS on transactions. The result: a 26-basis-point increase in payment success rates alongside a 20% reduction in chargebacks categorized as fraudulent by card issuers.
Applied across Shopify's 2024 volumes, those dual improvements would have generated an additional $471 million in annual gross payments volume, while saving merchants $62 million in chargeback-related costs (Shopify).
The lesson: Security and conversion aren't a zero-sum game — but only if you understand what each tool is actually for. Most merchants apply 3DS as a blunt instrument. The ones who understand the distinction between authentication, regulation, and data security are the ones turning it into margin.
Why this matters for your business: Poor implementation creates friction at checkout, frustrates genuine customers, and drives cart abandonment. Smart implementation shifts fraud liability away from you, reduces losses, and keeps you compliant. The difference between those two outcomes is simply understanding what each tool is actually for.
The real question isn't whether to implement these. It's how to combine them so you maximise conversion, minimise fraud, and stay compliant, all at once.
These three questions barely scratch the surface. If your team is making payment decisions without being able to answer them cleanly, you're making them at a disadvantage.
The companies winning in payments today aren't the ones with the best technology, they're the ones whose teams understand what's actually happening beneath every transaction. Payment expertise is your competitive advantage.
The PG Academy Foundation Course is designed for teams who want to stop guessing and start optimising. Stay tuned for Part 2 of this series: “The Business Impact You're Not Measuring” including real-world case examples.
Fintech growth stalls not because of tech or talent, but because teams lack shared payment knowledge. Embedding Payment IQ across functions turns misalignment into momentum, faster decisions, and stronger customer outcomes.
.png)
.png)
.png)