THE VAULT · PRIMARY SOURCES

Read the documents payments people actually read.

Courses explain concepts. Insiders read artifacts: the raw authorization message, the monthly statement, the chargeback notice. Three real-world documents (reconstructed and anonymized), annotated line by line.

SCROLL ↓
ARTIFACT 01

An authorization request, on the wire.

This is (a simplified view of) the ISO 8583 message racing from a coffee shop's terminal toward an issuer right now — the exact relay you watched in the $100 journey. Numbered fields are called data elements (DE).

MTI    01001  // authorization request
DE 2   481822••••••90342  // PAN (a network token here, not the real card)
DE 3   000000  // processing code: purchase, from default account
DE 4   0000000100003  // amount: 100.00 — no decimal point on the wire
DE 18  58144  // MCC: fast food / café
DE 22  07x5  // POS entry mode: contactless chip
DE 43  BLUE TOKAI COFFEE  MUMBAI  IN  // merchant name & location — what appears on your statement
─── response, ~900ms later ───
MTI    0110  // authorization response
DE 38  8F2K1A6  // approval code — the receipt prints this
DE 39  007  // response code: approved
1
MTI 0100 — the message type. 0100 = "may this person pay?", 0110 = the answer, 0400 = reversal. Four digits run the world's checkouts.
2
The PAN field — but notice it's a token (see the security and wallets chapters): this terminal received a wallet tap, so the real card number never appears anywhere in this message.
3
Amounts travel as 12 digits, no decimal — the currency code (another field) says where the point goes. A whole class of bugs lives in this detail.
4
MCC 5814 — the merchant category. This single field influences the interchange rate, rewards eligibility, and whether a corporate card will even allow the purchase (see interchange).
5
Entry mode tells the issuer how the card was presented — swiped, dipped, tapped, keyed. Risk models weight this heavily: keyed-in is the riskiest, tapped-with-token among the safest.
6
The approval code is the issuer's promise, quoted in every dispute that follows. "Auth code 8F2K1A" is how this transaction will be referred to for the next 120 days.
7
DE 39 is the two-digit verdict — the same codes in our Decline Decoder. 00 and everyone's happy; 05 and the dance begins.
ARTIFACT 02

The monthly merchant statement.

The most-misunderstood document in small business. Here's a typical (simplified) month for a café doing $42,000 in card sales — and the four lines that matter.

MERCHANT STATEMENT · MAY 2026 · ACCT ••4471
GROSS CARD SALES (1,847 TX)$42,118.50
 
INTERCHANGE & ASSESSMENTS1−$821.31
PROCESSOR DISCOUNT 0.35%2−$147.41
PER-ITEM FEES 1,847 × $0.08−$147.76
MONTHLY / STATEMENT FEE−$14.95
PCI NON-COMPLIANCE FEE3−$29.95
CHARGEBACK FEES (2 × $25)−$50.00
NET DEPOSIT$40,907.12
EFFECTIVE RATE42.88%
1
The pass-through portion — interchange to issuers plus network assessments (~1.95% here). Your processor doesn't keep this and can't change it. Everything below this line is negotiable; this line isn't.
2
The processor's actual price: 0.35% + 8¢. This is the only number to comparison-shop. Merchants on "bundled" pricing never see this split — which is precisely the point of bundled pricing.
3
The famous junk line. Complete a yearly self-assessment questionnaire and this $29.95 disappears. Millions of small merchants pay it for years without knowing.
4
The one metric that matters: total fees ÷ gross sales. Compute it every month; ask any provider quoting you a rate whether it's the effective rate. Watch them flinch.
ARTIFACT 03

The chargeback notice.

Ninety days after a sale, this lands in the merchant portal. Most merchants ignore it — which is why most merchants lose. The full lifecycle is in the chargebacks chapter.

CHARGEBACK NOTIFICATION · CASE 2026-0588213
DISPUTE AMOUNT    $100.00
REASON CODE       10.1 — EMV LIABILITY SHIFT COUNTERFEIT FRAUD1
AUTH CODE         8F2K1A  ·  ARN 74291005261005882132
STATUS            FUNDS DEBITED — PROVISIONAL3
RESPOND BY        JUNE 24, 2026 (14 DAYS)4
EVIDENCE ACCEPTED  EMV CHIP/CRYPTOGRAM DATA · TERMINAL POS ENTRY MODE · TRANSACTION CERTIFICATE (TC)5
1
The reason code defines the whole fight: 10.1 (counterfeit fraud) needs proof the chip was read and validated; 13.1 (item not received) needs delivery proof. Wrong evidence for the code = automatic loss.
2
The ARN (acquirer reference number) is the transaction's passport number — it traces the money through every hand it passed. Any party can look up the transaction with it.
3
Note the order: the money already left. Chargebacks debit first, ask questions later. The "provisional" works in the cardholder's favor, not yours.
4
Deadlines are short and unforgiving — miss it and the case auto-closes as a loss. Dispute teams live by these dates.
5
For a 10.1, the killer evidence is proof the EMV chip was read and the cryptogram validated — that shifts liability to whichever side had the weaker tech, the same liability-shift rule that decided who pays.