How Online

Card Payments
work in Nigeria

A simple, step-by-step breakdown of 

what happens when you make an online
1
payment with a debit/credit card in Nigeria
Table of Contents Introduction 3

CHAPTER 1

How one-time card payments work 6

CHAPTER 2

How automated recurring card payments work 13

Regulation 17

Glossary of Card Payment Terms 20

Conclusion

2
Introduction

Have you ever wondered how online payments work?

When you pay with your card online in Nigeria, how

exactly does the money go from your bank account, into
the bank account of the business?

In this simple guide, you’ll learn how money moves

through Nigeria’s payment systems. We’ll break down
all the jargon and technical stuff into tangible examples,
and you’ll find that you don’t need a background in
finance or software development to follow along.

It’s helpful to note that this guide isn’t designed to

be an exhaustive encyclopaedia of online payments.
Rather, it’s a simplified guide that highlights only the
most important things you need to know to be able to
understand how online card payments work in Nigeria.

If you’ve ever thought “I wonder how this stuff works!”,

then this guide is for you, and we hope it’s as fun to read
as it was to write!

Best wishes,
Paystack

3
About the Author Paystack

Paystack helps businesses in Africa get paid by anyone,

anywhere in the world. Over 25,000 companies use
Paystack’s modern, secure payments solution to grow
their business, including Domino’s Pizza, MTN, Taxify, AXA
Mansard, Air Peace and many others.

Learn more at paystack.com.

TWITTER twitter.com/paystack
INSTAGRAM instagram.com/paystackhq

FACEBOOK facebook.com/paystackhq

YOUTUBE youtube.com/paystackhq

4
This is what happens
when you make a one-time
online card payment

01

Card data encryption 7

02

Authorisation 8

03

Settlement 9

04
Complete transaction map of a
one-time online card payment in Nigeria 11

Chapter 1
 How a one-time online
card payment works

Amina wants to order a pizza from Marina Pizza. Marina

Pizza also wants to make it as easy as possible to collect
payment from Amina. To do this, Marina Pizza uses a
Payment Service Provider (PSP) like Paystack to collect the
payment online.

01

A PSP helps businesses

accept electronic
payments from their
customers online.
Paystack is an example
of a PSP.

Over the next few pages, you’ll learn how the money
moves from Amina’s bank account to Marina Pizza’s bank
account.

02

6
Card data encryption

Amina goes to the Marina Pizza website and places an

ENCRYPTION is the
order. Since Marina Pizza has integrated with Paystack, process of concealing
Amina sees a Paystack checkout form. data such that only
authorised people can
access it. It is one of
She enters her GTBank Visa card details into the checkout the ways that payment
form, and Paystack immediately encrypts the data. In this service providers like
Paystack keep your
transaction, GTBank is known as an issuing bank. card details private and
secure.

AN ISSUING BANK is the

bank that gives out a
payment card to the
customer. In this case,
Amina’s issuing bank is
GTBank.

CARD ASSOCIATIONS
are brands that work in
partnership with banks
to offer payment cards
Paystack then sends the encrypted card details to a Card to customers. Visa,
03

Association (eg. Visa, MasterCard, or Verve depending on MasterCard, and Verve

are examples of Card
Amina’s type of card) or to a Third Party Processor (eg.
Associations.
Interswitch, MasterCard Payment Gateway Service, etc).

04

7
 Authorisation

After the card encryption process, the Card Association

05

forwards the card data to Amina’s bank for authorisation.

AUTHORISATION is a
Amina’s bank receives the authorisation request and replies
process where a with an authorisation code that:
customer’s payment
card is checked to
ensure that they hold −− Confirms that Amina has enough money in her bank
the necessary funds account to be debited
and approval required
to make a purchase. −− Confirms that there are no debit restrictions placed on
Amina’s bank account, either by Amina or the bank

−− Gives an instruction that the cost of the pizza should

be debited from Amina’s bank account if the first two
conditions are met

The associated authorisation code works only for that one

transaction, and cannot be used for subsequent orders that
Amina makes.

8
 06
Settlement

After the authorisation, Marina Pizza proceeds to deliver

SETTLEMENT This is the
the pizza, and the settlement process begins. Settlement is process of moving
simply the movement of money from a customer’s bank to money from the
customer’s bank to the
a merchant or a Payment Service Provider’s acquiring bank. merchant’s bank to
In this case, Amina’s bank settles Paystack by sending the complete a transaction.
money Amina paid to Paystack’s acquiring bank.

ACQUIRING BANK
An acquiring bank is
a bank that processes
credit or debit card
payments on behalf of a
merchant. The acquirer
helps merchants accept
payments from their
card-holding customers

07

9
 It takes 24 hours for the money to be settled into Paystack’s
bank from Amina’s bank. Immediately after settlement is
complete, Paystack transfers the money to Marina Pizza’s
bank account.

And that’s it! With the settlement into Marina Pizza’s Bank
account, the transaction is complete. On the next page,
08

you’ll see the complete transaction map for a one-time

payment in Nigeria.

10
Complete transaction
map of a one-time online
card payment in Nigeria

11
This is what happens
when you make a recurring
online card payment

01

How automated recurring

card payments work 13

02

Complete transaction map of a

recurring online card payment in Nigeria 16

Chapter 2
How automated recurring
card payments work

Many businesses, such as membership clubs and music

streaming apps, charge their customers a subscription
fee for ongoing access to a product or service.
Automated recurring card payments - where the money
is automatically deducted from the customer’s bank
account on a schedule - work a little differently from one-
time payments.

Let’s imagine that Amina pays a monthly subscription fee

to a local gym, Bells Gym. Here’s how the card payment
for the recurring payments would work.

10

Firstly, the gym integrates with a Payment Service

Provider like Paystack to enable recurring billing. Paystack
would then charge Amina monthly on the gym’s behalf by
leveraging on a technology called tokenisation.

TOKENISATION is a process which replaces card details

with randomly generated numbers called tokens. Tokens,
on their own, have no meaning or use to anyone that
manages to intercept them. They’re also mathematically
irreversible, making them a safe way to transfer card
details throughout the payment flow.

13
 When Amina enrols for a gym membership subscription,
this is what happens:

−− She enters her card details on the gym’s website

−− Paystack encrypts the data, tokenizes it, and sends it to

the gym’s systems.

11

−− Paystack also processes Amina’s card to be charged for

the month’s gym subscription (this process is similar to
that of a one-time online card payment).

−− For subsequent months, the gym automatically sends

Paystack back the token, with a request to charge the
payment card associated with it.

−− Paystack then processes Amina’s card to be charged

again.

−− This process keeps going on for as long as Amina

maintains an active subscription to Bells Gym.

14
 12

In this case, Paystack manages subscriptions for Bells

Gym, so every month, we send Amina a reminder before
charging her card. This gives her the option to cancel
her subscription if she wants to. If she cancels her
subscription, she will no longer be charged recurrently.

15
Complete transaction
map of automated recurring
payment in Nigeria

13

16
Regulations
Payment Service Providers such as Paystack are regulated CBN (CENTRAL BANK OF

primarily by the Central Bank of Nigeria (CBN). Players in the NIGERIA) The Central
Bank of Nigeria is
online payments space handle sensitive payment card data,
the apex monetary
and are as a result, required to be certified by the Payment authority of Nigeria.
Card Industry Data Security Standard (PCI DSS).

The PCI DSS certificate is issued by the Payment Card

PCI SSC (PAYMENT CARD
Industry Security Standards Council (PCI SSC), a regulatory INDUSTRY SECURITY

body created by all the major Card Associations to STANDARDS COUNCIL)

PCI SSC is a council
ensure that online payments facilitators have the required
created by the major
infrastructure for handling, transmitting, and processing Card Associations
sensitive information. to ensure that online
payments organizations
meet the highest
To ensure that these strict regulations are met, Payment security and regulatory
standards.
Service Providers like Paystack are subjected to frequent
audits and reviews.

17
Summary
There are 7 main players involved when an online card
payment is made in Nigeria.

−− THE CUSTOMER the person making the online card

payment

−− the customers’ bank who issued the

THE ISSUING BANK

card used to make the payment

−− THE MERCHANT the business that the customer wants to

pay

−− the platform which

THE PAYMENT SERVICE PROVIDER (PSP)

allows the merchant to accept payments from their

customers online

−− THE CARD ASSOCIATION/THIRD PARTY PAYMENT PROCESSES

various organisations who facilitate authorisations and

settlements.

−− the PSP’s
THE PAYMENT SERVICE PROVIDER’S ACQUIRING BANK

bank, where the payment is temporarily held before

being sent to the merchant’s bank.

−− THE MERCHANT’S ACQUIRING BANK the merchant’s bank,

where the transaction is ultimately settled after payment
is completed.

18
Conclusion
Online card transactions require lots of moving parts
working together. Paystack simplifies this for merchants,
helping them focus on growing their businesses by
helping them accept payments from anyone, anywhere in
the world.

We hope that this guide has helped you better understand

how online card payments work in Nigeria. If you have
any further questions, please don’t hesitate to email us at
hello@paystack.com!

Best wishes!
Paystack

19
Glossary of Card
Payment Terms

ACQUIRING BANK An acquiring bank is a bank that processes

credit or debit card payments on behalf of a merchant.
The acquirer helps merchants accept payments from their
card-holding customers

AUTHORISATION Authorisation is a process where a

customer’s payment card is checked to ensure that
they hold the necessary funds and approval to make a
purchase from a merchant

CARD ASSOCIATION These are brands that work in

partnership with banks to offer payment cards to
customers. Visa, MasterCard, and Verve are examples of
Card Associations.

CBN (CENTRAL BANK OF NIGERIA) The

Central Bank of Nigeria is
the apex monetary authority of Nigeria

ENCRYPTION Encryption is the process of concealing data

such that only authorised parties can have access to it

ISSUING BANKThis is the bank that issues payment cards to

the customer.

A PSP helps businesses

PSP (PAYMENT SERVICE PROVIDER)

accept electronic payments form their customers online.

Paystack is an example of a PSP

PCI SSC (PAYMENT CARD INDUSTRY SECURITY STANDARDS

COUNCIL) PCI SSC is a council created by the major

Card Associations to ensure that security standards and
regulations required of players in the online payments
space are met

20
SETTLEMENT This is the process of moving money from the
customer’s bank to the merchant’s bank to complete a
transaction

TOKENISATION This is the process of replacing card details

with randomly generated numbers that have no use to
anyone who manages to intercept them. It’s a safe way
to keep moving sensitive card data around throughout a
transaction flow.

21