Free Quote
Contact Us

How do card machines work?

Bar owner holding a card machine

In the UK’s increasingly cashless economy, card machines have become a cornerstone of doing business. From high-street shops to market stalls, these devices let customers pay quickly with credit or debit cards. But what exactly is a card machine, and what happens behind the scenes when you tap or swipe? In this guide, we’ll explain card machine functionality in clear terms, from the moment a customer presents their card to the moment funds reach the business’s bank account. We’ll also cover the key components that make it all possible, the common types of card machines (portable, countertop, mobile), and how security and compliance keep payments safe. By the end, you’ll know exactly how card machines work and why they’re so vital for small businesses.

What Is a Card Machine?


A card machine, also known as a credit card machine, card reader, or PDQ terminal, is a device that allows businesses to accept card payments in person. It’s the handheld or countertop unit you use at the checkout to insert your chip & PIN, tap your contactless card, or swipe the magnetic stripe (for older cards). The machine reads the data from the customer’s credit or debit card and communicates with the banking networks to authorise the payment. In essence, it replaces the old cash register for card transactions, connecting the customer’s bank to the merchant’s bank in seconds.

Modern card machines are packed with technology. They have slots for chip cards, antennas for contactless payments (like Apple Pay or Google Pay), and keypads for PIN entry. They connect via phone line, broadband, or mobile data to send payment information securely to a payment processing service. Despite their complexity, they are designed to be easy for anyone to use: the customer simply taps or inserts their card and follows the on-screen prompts. The heavy lifting, encryption, communication, and verification all happens behind the scenes.

Key Components of a Card Machine


To understand how card machines work, it helps to know what’s inside them. Both hardware and software components work together to process payments swiftly and securely. Here are the key parts that give a card machine its functionality:

Hardware Components

  • Card Readers (Chip, Magnetic Stripe, NFC): Every machine has a slot for chip-and-PIN cards and often a swipe slot for magnetic stripe cards. It also includes a contactless reader (NFC antenna) under the display or on top, which detects contactless cards and smartphones. These readers capture the card’s data, whether the chip’s encrypted code, the magstripe info, or the NFC token from your phone.

  • Keypad and Display: The keypad lets customers enter their PIN securely, and the screen displays instructions and transaction details. Many modern terminals use touchscreens, while others have physical buttons. Both are designed to be tamper-resistant to prevent anyone from stealing PIN codes.

  • Connectivity Modules: A card machine needs to communicate with banks. Countertop machines often have an Ethernet or telephone modem built-in. Portable and mobile ones include Wi-Fi or cellular (3G/4G) radios. Some devices come with a SIM card so they can send data via mobile networks anywhere, while others connect via Bluetooth to a separate base unit or smartphone.

  • Printer (on many models): Traditional card machines include a small thermal printer to print customer and merchant receipts. This is still common in countertop and portable models. (Some newer mobile card readers skip the printer, instead sending digital receipts by email or text.)

  • Secure Hardware Elements: Importantly, the machine’s hardware includes security chips to encrypt data (often called secure encryption modules). These ensure sensitive card details and PINs are never stored or transmitted in plain text. The device is usually sealed and tamper-evident, if someone tries to open or modify it, it will shut down or erase sensitive data for safety.

Software Components

  • Payment Application: This is the software inside the terminal that controls the transaction process. It guides the user prompts (“Enter PIN”, “Approved”, etc.), formats the transaction data, and sends it off to the processor. The software is often provided by the payment processor or terminal provider, and it must meet strict industry standards.

  • Encryption & Security Software: The moment card details are read, the terminal’s software encrypts the data using industry-standard encryption (such as AES or 3DES). Point-to-point encryption is commonly used – meaning the card data is encrypted on the card machine and only decrypted by the payment processor. This ensures no intermediaries can read the card number or PIN. Some systems also use tokenisation, replacing card details with random tokens for any stored records, adding another layer of security.

  • Connectivity and OS: Many modern card machines run on platforms like Android or proprietary real-time operating systems. The OS manages the device’s functions and communications (whether dialling out via phone line or sending data over the internet). The machine will have built-in software to handle network connections (Wi-Fi setup, mobile network signal, etc.) so that it stays connected to the payment servers. Regular software updates are provided to add features and patch security issues, keeping the machine up-to-date with the latest standards (for example, ensuring compatibility with new card types or security protocols).

Together, these components enable a card machine to capture card data, secure it, communicate with banks, and record the transaction. Next, we’ll look at what happens step-by-step when you actually use the machine to process a payment.

How Do Credit Card Machines Process Payments?


Understanding the journey of a card payment can give you insight into why card machines are so important. It might seem instantaneous to tap a card and get “Payment Approved”, but in those few seconds a lot of communication occurs between different parties. Here’s a step-by-step look at how a card machine processes a payment, from the initial card tap/swipe to final settlement:

  1. Card Presentation & Data Capture: The process begins when the customer presents their card. They might insert the chip, swipe the magnetic stripe, or tap the card/device for a contactless payment. The card machine reads the card’s information. For chip cards, it interacts with the chip to get a unique encrypted code. For contactless, it receives a token via radio waves. The customer may be prompted to enter their PIN on the machine for verification (except contactless payments under the no-PIN limit, or if using phone biometrics for Apple/Google Pay).

  2. Encryption & Transmission: The moment the card data is read, the machine’s software encrypts it. The terminal then dials out, either via a phone line, ethernet, Wi-Fi or mobile data, sending an authorisation request to the merchant’s payment processor (also known as the acquirer). The encrypted card data, the purchase amount, and merchant details are included. This step is essentially the card machine saying, “Bank, can we charge £X to this card ending in 1234?”

  3. Processing & Authorisation: The payment processor (acquirer) receives the request and passes it through the relevant card network. For example, if it’s a Visa card, the request goes through Visa’s network; if Mastercard, through Mastercard’s network (for Amex, usually directly to Amex, as they are both network and issuer). The card network routes the request to the issuing bank, that is, the bank or card company that issued the customer’s credit/debit card. The issuing bank’s systems check the card: Is it valid? Does the account have sufficient funds or credit limit? Are there any fraud flags? Based on this, the issuer approves or declines the transaction. This decision (an approval code or a decline message) is sent back through the network to the processor and then to the card machine. All of this happens in a quick burst of data within a second or two.

  4. Approval & Receipt: If the transaction is approved, the card machine usually beeps or displays a message like “Approved” (often accompanied by a printed receipt or a prompt to remove the card). The merchant’s copy of the receipt may require a signature for verification if it was a swipe transaction without PIN (rare in the UK nowadays) or just be kept for records. If the transaction is declined, the machine will display “Declined” and no charge goes through, the customer may need to try another card or payment method. For approved transactions, the customer leaves with their goods, but the process isn’t completely over yet, the funds haven’t actually moved to the merchant account at this point. What the machine obtained was an authorisation (a promise that the funds are reserved for this purchase).

  5. Batching & Settlement: After a card is authorised, it must be settled for the merchant to get paid. Usually at the end of the business day (or at set times), the card machine or the point-of-sale system will batch all the day’s approved transactions and send them to the payment processor for settlement. Settlement is when the actual transfer of funds is initiated. The processor captures the authorised transactions and tells the card networks to instruct each issuing bank to transfer the owed funds. The money for each transaction is sent from the customer’s issuing bank to the merchant’s acquiring bank (the processor’s bank), which then deposits the funds into the merchant’s account. In the UK, this often happens by the next working day – many providers, like CreatePay, offer next-day settlement, so you get yesterday’s sales in your bank account the next business day. (Some legacy providers might take 2-3 days, but speed is improving across the industry.)

Authorisation vs. Settlement: It’s worth emphasising the difference between these two stages. Authorisation happens immediately when the card is used, it’s the bank’s promise that the money is set aside for the merchant. Settlement is the actual movement of money, which typically happens in a batch after authorisation. Card machines and their connected systems handle both steps seamlessly: first getting the approval, then later initiating the settlement. As a business, this means you can trust that an approved transaction will be funded into your account shortly thereafter.

Types of Card Machines


Card machines aren’t one-size-fits-all. There are a few different types of machines to suit various business needs and environments. Whether you run a fixed checkout counter or need to take payments at the table (or on the road), there’s a card machine for you. Here are the most common types of card machines used by UK businesses:

Countertop Card Machines (Wired Terminals)


Countertop card machines are the classic devices you see at fixed checkout points, for example, beside the till at a retail shop or on the reception desk of a salon. These are wired terminals that stay in one spot. They usually plug into a phone line or broadband router via Ethernet. Power is supplied via a cable, so they’re always on and ready. Because of their fixed nature, countertop machines are ideal for businesses that primarily take payments at a single location like a checkout counter.

Key features of countertop machines include reliability and speed. Since they have a stable connection (and often a dedicated phone line or internet connection), transactions are processed quickly with minimal dropouts. They support all the standard payment methods: chip & PIN, contactless, and swipe (plus mobile wallets). For merchants with a consistent point-of-sale area, these terminals provide a no-fuss, secure way to take payments all day long. They often come with built-in printers for receipts as well. The limitation, of course, is that the customer must come to the machine (or the machine to the customer via a cable), so they’re not suited for businesses that need mobility.

Portable Card Machines (Wireless Terminals)


If your business needs a bit more freedom of movement, portable card machines are the answer. These wireless terminals are commonly used in restaurants, cafés, bars, and anywhere staff might need to bring the card machine to the customer. For example, in a restaurant a waiter can bring a portable machine to the table so the customer can pay without getting up, a convenient and more secure practice (the card never leaves the customer’s sight).

Portable machines typically work within a set range (e.g. within your premises). They often come in two parts: a base unit and the portable handset. The base is connected to the phone line or internet and stays at the counter, while the handheld machine connects to the base via Bluetooth or Wi-Fi. Some modern portable terminals are all-in-one and connect directly to Wi-Fi, removing the need for a separate base station. They are battery-powered, so staff can carry them around for several hours before needing to recharge on the base.

The range of a portable terminal is usually enough to cover a typical venue (tens of metres). This makes them perfect for hospitality businesses or any setup where you want to offer “pay at table” or pay on delivery. They support the same card methods (contactless, chip & PIN, etc.) and are built to be just as secure. The only requirement is staying within signal range of their receiver or Wi-Fi network. Portable card machines give customers a more flexible checkout experience, which can lead to better service and higher tips in restaurants due to convenience.

Mobile Card Machines (GPRS/4G or Smartphone-Based)


For businesses on the go, think market traders, food trucks, mobile hairdressers, or any operation that isn’t tied to one location, mobile card machines are ideal. These devices are truly wireless and can work anywhere because they use mobile phone networks (GPRS/3G/4G) to communicate. A mobile card machine has a SIM card inside, much like a mobile phone, or it might pair with a smartphone app via Bluetooth. In either case, it doesn’t need a Wi-Fi hotspot or a phone line; it can process payments outdoors, at events, or on the road as long as there’s mobile signal.

There are two main styles of mobile solutions: dedicated mobile card terminals and mobile card readers that pair with a phone. Dedicated mobile terminals look similar to portable ones, a single handheld device with a built-in SIM card and battery. You might have seen courier drivers or pop-up stall vendors using these. They connect directly to the payment networks via the cellular network. On the other hand, mobile card readers (like those from Square, SumUp, etc.) are small devices that rely on an app. They connect to a smartphone or tablet via Bluetooth; the phone’s data connection is used to process the payment. The reader itself usually has a slot for cards and maybe a tap area, but it uses the phone for the heavy lifting (like a display and network access).

Both types allow businesses to accept card payments anywhere, at a client’s doorstep, in a taxi, at a festival, you name it. Mobile machines are typically lightweight and robust. They support contactless and chip payments (PIN entry can be done on the device or the paired phone if it’s an app-based reader). Receipts can be sent via email or SMS when there’s no printer. For small and new businesses especially, mobile card machines offer an affordable and flexible way to take payments without a traditional storefront.

Tip: If your business operates both in a fixed location and on the go, you might even use a combination for instance, a countertop machine at your shop and a mobile card reader for weekend market events. Many providers (including banks and companies like CreatePay) offer solutions for each scenario, so you can mix and match what suits your needs.

Security, Encryption and PCI Compliance


When dealing with customer payments, security is paramount. Card machines are subject to rigorous standards to ensure every transaction is protected. As a business owner, you don’t need to know all the technical details, but it’s important to understand the basics of payment security and your responsibilities.

End-to-End Encryption: As mentioned earlier, card machines encrypt sensitive data as soon as it’s captured. This is often called end-to-end or point-to-point encryption (P2PE). From the moment the card touches the machine, the card number and PIN are scrambled into unreadable code. Only the authorised payment processor can decrypt it. This means even if someone intercepted the data in transit, it would be useless to them. Modern terminals also use secure keypads so the PIN is encrypted within the device at the hardware level. All of this drastically reduces the risk of card details being stolen during a transaction.

EMV Chip & PIN: The move to chip cards (EMV) and PIN verification in the UK has greatly improved security compared to the old magnetic stripe & signature method. The chip in the card creates a unique transaction code each time, making it extremely hard for fraudsters to clone cards. Card machines must be EMV-certified to accept chip & PIN; this certification ensures they can securely interact with the chip on the card and follow the protocols that make chip transactions so safe. Contactless transactions use similar security, usually with cryptographic one-time codes, and for phone payments like Apple Pay, the phone itself may require fingerprint/Face ID, adding biometric security on the user’s end.

PCI Compliance: Any business that processes card payments must adhere to the Payment Card Industry Data Security Standard (PCI DSS). This is a set of requirements designed to ensure cardholder data is handled securely. Using an approved card machine is a big part of compliance, it ensures you have a secure channel for cards. But PCI DSS also involves practices like maintaining a secure network, using strong passwords, regularly updating software, and handling any stored data carefully. The good news is that by using reputable payment providers and devices, much of PCI compliance is built-in. For example, CreatePay’s card machines are fully PCI DSS compliant and PCI-PTS 5.0 certified (one of the latest security standards for card terminals). This means they’ve passed rigorous testing for physical and digital security. As a merchant, you should still follow best practices (e.g. don’t leave your machine unattended in public, ensure your receipts don’t show full card numbers, etc.), but the technology is there to support you.

Fraud Prevention Measures: Beyond encryption and PCI rules, card machines and processors have many fraud detection measures. They can detect suspicious transaction patterns and will decline transactions that seem risky (for instance, a card that has been reported stolen). Contactless payments in the UK have a limit (which has increased over time, currently £100 or more for a single tap in many cases) to minimise exposure if a card is lost, and occasionally the machine will ask for a PIN even on a contactless card if certain thresholds are reached (a feature called Consumer Device Cardholder Verification Method, to ensure the card user is indeed the owner). As a merchant, it’s wise to be vigilant too: always check that the last 4 digits on the receipt match the card presented, and never bypass PIN requirements improperly.

In summary, card machines are built with multiple layers of security and are governed by strict compliance standards. This protects you and your customers. By using a compliant machine and following your provider’s guidelines, you greatly reduce the chance of any breach or fraud. Customers can trust you with their cards, and you can trust the system to protect the transaction.

Explore CreatePay’s Card Machine Solutions


Investing in the right card machine can make a big difference for your business, faster checkouts, happier customers, and quicker access to your funds. If you’re a UK business owner (whether just starting out or looking to upgrade your payment setup), it’s worth exploring what modern card machines can do for you. CreatePay specialises in providing small businesses with cutting-edge card payment solutions. Our range of card machines is designed to be secure, reliable, and easy to use, so you can focus on running your business.

With CreatePay’s card machines, you’ll benefit from features like built-in Wi-Fi and 4G connectivity (so you’re always online to take a payment), next-day settlement of funds (improving your cash flow), and 24/7 UK-based support if you ever need help. All our terminals are fully PCI compliant and come with the latest encryption technology, giving you and your customers peace of mind. We even offer an integrated app platform on our smart terminals, allowing you to manage loyalty programs or get real-time sales insights right from the device.

Ready to enhance your payment process? Get in touch with CreatePay for a free quote or consultation on which card machine suits your needs. Whether you need a countertop workhorse or a portable device you can take on the go, we have you covered. Empower your business with the right tools to accept payments seamlessly and watch your business thrive with faster, simpler, and safer transactions.

Explore our card machine options today and let’s make taking payments the easiest part of your day!

Share this post with your network

Card Machine

Create Commerce

Create Rewards

Create Funding

CreatePay App

Contact Us

Privacy Policy

Careers

CreatePay Limited is registered in England and Wales under number No 14099583 and our registered office is 57a Broadway, Leigh on Sea, Essex, SS9 1PE.  Create Pay Limited is authorised and regulated by the Financial Conduct Authority for Limited Permission Credit Broking. Our firm reference number is 982027. We are a credit broker and not a lender. Copyright 2024 CreatePay