That tap takes three seconds. Behind it sits a chain of decisions, verifications, and data exchanges involving up to six different organisations. Here is what actually happens.
There is a moment every merchant knows well. A customer holds their card or phone near the terminal, a green light flashes, a beep sounds, and the transaction is done. Three seconds, maybe four. The queue moves on.
But in those three seconds, your payment terminal has initiated a conversation involving at least five separate organisations, crossed international infrastructure, passed multiple fraud checks, and committed to a legal transfer of funds. It is, without exaggeration, one of the most complex routine transactions in modern commerce.
Understanding what actually happens is not just satisfying to know. It has direct, practical implications for why payments sometimes fail, why your settlement arrives when it does, and what you are actually paying for when you see a transaction fee on your statement.
Before we walk through the journey, it helps to know who is involved. Most merchants deal with payments as though it is a two-party affair: your customer and your bank. In reality, there are typically five players.
The cardholder is your customer, with their Visa or Mastercard debit or credit card.
The issuing bank is the bank that gave your customer their card. This could be Barclays, HSBC, Monzo, Starling, or dozens of others.
The card network is Visa or Mastercard, the infrastructure layer sitting in the middle.
The acquirer is your bank or payment processor, the institution that holds your merchant account and ultimately receives the funds on your behalf.
The payment terminal or gateway is the device or software that initiates the whole process.
Think of it like sending a letter through an international postal system. You hand it to your local post office (the acquirer), it travels via a sorting hub (the card network), and gets delivered by the post office at the other end (the issuing bank). Except this all happens in under three seconds.
When your customer taps a contactless card, they are using Near Field Communication, or NFC. This is the same short-range radio technology used in Oyster cards on the London Underground. The card and terminal communicate only when they are within roughly four centimetres of each other, which is a deliberate security design.
In that moment, the terminal reads the card's encrypted payment credentials. Crucially, it does not read the actual card number stored on the chip. Instead, it receives a tokenised version, a unique string of data generated specifically for that transaction. Even if someone intercepted this data, it would be useless for any other purchase.
Your terminal then packages all of this into an authorisation request: the amount, the merchant category code, your merchant ID, and the encrypted card data.
This request travels from your terminal to your acquirer. If you are using a card machine from a provider like Worldpay, Stripe, or a newer entrant, this first hop is going to their processing infrastructure, often hosted on cloud servers with data centres typically based in the UK or EU for regulatory reasons.
Your acquirer receives the request and forwards it, almost instantly, to the card network. Visa routes it through VisaNet, its global transaction processing system, which handles around 65,000 transactions per second globally. Mastercard operates a similar network called Banknet.
The card network performs its own checks, including basic fraud pattern recognition, before routing the request to the issuing bank, the institution that actually holds your customer's money or credit.
This is where the most interesting work happens, and where the most things can go wrong.
The issuing bank receives the authorisation request and runs it through a series of checks in a fraction of a second. Is the card reported lost or stolen? Does the account have sufficient funds or credit? Does this transaction match the cardholder's usual spending behaviour? Is the merchant category flagged for any reason? Is the transaction within the contactless limit, currently £100 in the UK?
All of this happens through automated systems that the major banks have been refining for decades. If the transaction passes, the issuing bank sends back an authorisation code. If it fails, it sends a decline code, though your terminal will usually just show a generic failure rather than explaining why.
The response travels back through the same chain: issuing bank to card network to acquirer to your terminal.
That beep and green light confirm that the issuing bank has agreed, in principle, to pay. The word "in principle" matters here, and we will come back to it.
At this point, your customer can walk out of the shop. The funds have not actually moved anywhere yet.
This is the part most merchants are most practically interested in, and it is the part that surprises many people when they first learn how it works.
Authorisation and settlement are two separate processes. Authorisation, which happened in those three seconds, is a promise. Settlement is the actual movement of money.
At the end of the business day, your acquirer collects all of your authorised transactions and submits them to the card networks in a process called clearing. The card networks then facilitate the actual transfer of funds between the issuing banks and your acquirer, who deposits the net amount, after fees, into your merchant account.
In the UK, most standard card processing sees funds arrive in your account within one to two business days. Some providers now offer next-day or even same-day settlement for an additional fee. A few newer platforms have begun offering instant settlement, though this typically involves the provider fronting the funds rather than the settlement cycle genuinely being shorter.
The fee you pay, often expressed as a percentage plus a fixed amount per transaction, is distributed across several parties: the interchange fee going to the issuing bank, a scheme fee going to Visa or Mastercard, and the acquirer's margin on top.
Knowing this process helps you make better decisions in three areas.
First, when a payment fails, you can ask better questions. A decline at the terminal is almost always an issuing bank decision, not a problem with your equipment or your acquirer. Asking a customer to try a different card, or to contact their bank, is usually the right advice.
Second, your settlement timeline is determined by your acquirer's processing schedule and your agreement with them. If cash flow matters to your business, negotiating settlement terms or choosing a provider with faster settlement is worth the conversation.
Third, every element of that three-second journey has a cost attached to it. Understanding where your transaction fees actually go helps you evaluate whether the rates you are paying are competitive, and what you are genuinely getting in return.
That satisfying beep is the surface of something much deeper. Now you know what is underneath it.
Found this helpful? Share with your network:
This content is published by Klipy UK, a Teya-authorised reseller of payment solutions. The views expressed are for informational purposes only and do not constitute financial advice. All content is the intellectual property of Klipy UK. Reproduction without permission is prohibited.
See exactly how much you could save. Upload your statement or enter your monthly turnover-instant results, no obligation.
Try Calculator