Behind Visa and Verve: Inside Nigeria’s card rails and how to build on them

Every time you swipe, tap, or insert a card in Nigeria, whether it’s at a supermarket in Lekki, a fuel station in Abuja, or a POS in Osogbo, you’re relying on a complex infrastructure quietly doing the heavy lifting. This infrastructure is what we call card rails.

Card rails are the backbone of payment card transactions. They enable money to move from a customer’s bank account to a merchant’s account in seconds, handling authorisation, routing, fraud checks, and settlement behind the scenes.

In Nigeria, they’ve become essential to commerce, powering point-of-sale (POS) terminals, online payments, ATMs, and increasingly, virtual cards and embedded financial services.

However, building on these rails, whether issuing cards, acquiring merchants, or designing a consumer-facing payment experience, requires a deep understanding of how the rails work, who the key players are, and where the challenges lie. From working with local switches like Interswitch and NIBSS, to navigating CBN regulations and balancing international and local card schemes, there’s a lot to unpack.

In this deep dive, we’ll explore:

• How Nigeria’s card payment infrastructure is structured
• The full lifecycle of a transaction, from swipe to settlement
• The players involved (issuers, acquirers, switches, schemes)
• The standards and compliance layers fintechs must deal with
• What it takes to build and scale products around these rails
• And how Nigeria’s system compares with other countries like Kenya, India, and the US

Whether you’re a fintech founder, payments engineer, or ecosystem analyst, this guide will help you better understand what’s happening behind your plastic cards and what it takes to innovate on top of it.

Core components of card rails 

Think of card payment infrastructure like a relay race. The baton (your transaction data) is passed between several players, each with a specific role, to ensure the transaction reaches its final destination: approval and settlement.

Let’s walk through the five key players in this relay.

a. Card networks (Card schemes)

Card networks, also known as card schemes, are the rule-makers and the backbone infrastructure of card payments. They connect the banks and processors, define how data is formatted, and ensure money flows correctly between everyone involved.

In Nigeria, we have:

• Verve: A domestic card network by Interswitch. It’s widely accepted on POS and ATMs locally, but is limited for international use.
• Visa & Mastercard: Global networks that allow Nigerian cardholders to shop internationally and online.
• NIBSS Card Scheme (NCS), also called the AfriGo Card: A CBN-backed local initiative aimed at reducing Nigeria’s dependence on foreign card schemes.
• UnionPay: Mostly used by a few international banks or for specific foreign transactions.

Think of card schemes as highways. If your card is Visa, your transaction “drives” on Visa’s highway, with their toll gates, rules, and checkpoints.

b. Issuers (The card providers)

Issuers are the banks or licensed fintechs that give you your card, virtual or physical. 

Examples:

• GTB, Zenith, UBA – traditional banks
• Kuda, Carbon – fintechs (usually partnering with banks like Providus or Sterling for issuing)

What they do:

• Link your card to your account
• Approve or decline transactions based on your balance and fraud checks
• Handle alerts, chargebacks, and customer support when things go wrong

If you’re the cardholder, your bank is the issuer. They’re the ones that say “yes” or “no” whenever you use your card. You can also see these detailed guidelines on prepaid card issuance by the CBN.

c. Acquirers (Merchant gatekeepers)

Acquirers are banks or payment companies that provide card acceptance infrastructure to merchants (POS machines, virtual terminals, checkout APIs, etc).

Examples:

• Moniepoint, OPay: Large POS acquiring network across Nigeria
• Access Bank, Zenith Bank: Big banks with thousands of POS devices
• Flutterwave, Paystack: Fintechs focused on online card payments

What they do:

• Connect merchants to the card network via a switch
• Receive money from customers and settle it into the merchant’s account
• Provide transaction dashboards, reports, and customer support to businesses

If you’ve ever paid at a POS, the machine is from an acquirer. They’re the tech that collects your payment for a seller.

d. Switches (The middlemen routers)

Switches are the routers that connect the issuer and acquirer. If the acquirer is the sender and the issuer is the receiver, the switches are the delivery company that ensures your message gets where it needs to go.

Nigeria’s major switches:

• Interswitch: The biggest private switch (also owns Verve)
• NIBSS: The government-owned national switch, powering things like NIP and the newer NCS card scheme
• Unified Payments: Another licensed switch, known for e-payment routing

What they do:

• Receive the transaction request from the acquirer
• Route it to the appropriate issuer via the right card scheme (e.g., Verve or Visa)
• Relay the approval or decline response back to the acquirer
  

e. Payment terminals and interfaces (Where you insert your card)

This is where the journey begins, from your swipe, tap, or online input.

Interfaces include:

• POS terminals (Moniepoint, Interswitch, Baxi)
• ATMs (for card withdrawals)
• Online payment gateways (e.g. Flutterwave or Paystack checkout pages)
• SoftPOS/Tap-to-Phone (new solutions turning phones into card readers)

 Your transaction starts here, but it doesn’t end here. This is just the entry point into the card rail ecosystem.

Here’s a simplified diagram showing how a transaction flows through the system, with switches as the central connector.

[Customer Card]     |     ▼ [POS/Online Checkout] –> [Acquirer (Bank/Fintech)]                                 |                                 ▼                         [Switch (e.g., Interswitch)]                                 |     ┌──────────────────────────┴────────────────────────────┐     ▼                                                       ▼ [Card Scheme (Visa/Mastercard/Verve)]               [Issuer Bank]     |                                                       |     ▼                                                       ▼ [Response: Approved/Declined] <—————— Routing ———————-┘     |     ▼ [Acquirer notifies Merchant] → [Settlement occurs (T+1 or T+2)]

You can also think of the switch like a central traffic controller, determining which route the message takes based on the card type and issuer.

Why this matters

When you’re building fintech or merchant systems:

• You must choose a switch, whether directly (e.g. Interswitch) or via a processor (e.g. Paystack or Flutterwave, which integrates with them).
• Each layer has its fees, risks, and integration protocols.
• Your uptime, fraud protection, and speed are affected by the reliability of these players, especially the switch.
  

The transaction journey: Insertion to settlement

Let’s say you walk into a store in Lagos and tap your card to pay for groceries. What happens in the background? How does the money leave your bank account and arrive in the merchant’s account?

It may feel instant, but several things are happening in rapid succession, typically in under 3–5 seconds.

Here’s a step-by-step explanation of what happens behind the scenes:

Step 1: Card is tapped/inserted/swiped

You insert your Verve or Visa card into a POS machine. The POS terminal captures:

• Your card number (PAN)
• The expiry date, and
• A dynamic cryptogram (if it’s a chip card)

If it’s contactless (NFC), the card uses encrypted radio signals to share data.
This data is encrypted immediately and never reveals your full card info in plain text.

Step 2: POS sends transaction to acquirer

The POS terminal is connected to an acquirer, which could be:

• A bank (e.g. Zenith, Access)
• A fintech (e.g. Moniepoint, Flutterwave)

The acquirer collects the card data and generates a transaction message in a standard format (typically ISO 8583), containing:

• The merchant details
• Amount
• Card scheme info (e.g. Verve, Mastercard)
• Transaction time

The acquirer then forwards this message to a switch.

Step 3: Switch routes for the transaction

Now the switch takes over:

• If the card is a Verve card, the switch (usually Interswitch) sends the message to the card issuer’s system.
• If it’s a Visa or Mastercard, the switch routes it to that card scheme’s processing network, which then forwards it to the issuing bank.
  

Step 4: Issuer authorises the transaction

The issuing bank:

• Verifies the card is valid and active
• Checks if the customer has enough balance
• Performs fraud checks or 2FA (like OTP or PIN)

The issuer then sends back a response code to the switch:

• 00 = Approved
• 05 = Declined
• Other codes = Error, insufficient funds, card expired, etc.

Step 5: Response travels back to the POS

That response now flows back the same way:

[Issuer] → [Card Scheme] → [Switch] → [Acquirer] → [POS Terminal]

You’ll see either “Transaction Approved” or “Declined“ on the terminal screen.

Step 6: Settlement 

Settlement refers to the process of transferring funds from the customer’s bank (issuer) to the merchant’s bank account (via the acquirer), after a transaction has been successfully authorised.

The widespread use of NIBSS Instant Payments (NIP) has transformed how settlement works in Nigeria. While traditional card settlement used to be T+1 or T+2, many modern acquiring setups now enable real-time or near-instant settlement, especially when the acquiring and merchant banks are NIP-enabled.

How it works:

• After the card transaction is authorised, the switch (Interswitch, NIBSS) or the acquirer immediately pushes the settlement via the NIP rail to the merchant’s account.
• This enables the merchant to receive funds within minutes, not the next day.

So while card transaction authorisation still flows through traditional ISO 8583 messaging, the settlement now rides on faster, API-based account rails (NIP).

Standards and protocols in card rails

Every card transaction that involves moving money entails structured communication, security, and regulatory compliance. Behind every swipe, there are multiple global and local standards making sure everything happens safely and correctly.

Core standards you need to know

1. ISO 8583 – The language of card transactions

A universal messaging standard used by POS terminals, switches, and banks to communicate in a structured format.

How it works:

• Each transaction is sent as a structured message with:
  • Message Type Identifier (MTI): e.g. 0200 = financial request
  • Data Elements: Card number, amount, timestamp, etc.
    

Visual Sample:

ISO 8583 Message

┌──────────────┬───────────────────────────────┐ │ Field        │ Value                         │ ├──────────────┼───────────────────────────────┤ │ MTI          │ 0200                          │ │ Primary Acc #│ 5399 8320 1234 5678           │ │ Amount       │ ₦5,000                        │ │ Merchant ID  │ 1234567890                    │ │ Date/Time    │ 2607251012                    │ └──────────────┴───────────────────────────────┘

2. EMV – Chip-based security standard

Stands for Europay, Mastercard, and Visa. It ensures cards with chips are more secure than magnetic stripe cards.

Key features:

• Dynamic cryptograms for every transaction (reduces replay fraud)
• PIN verification for added security
• Used in POS terminals and ATMs

EMV Transaction Steps:

[Insert Card] → [Generate Dynamic Code] → [PIN Entry] → [Transmit to Acquirer]

3. PCI-DSS – Security for card data

Payment Card Industry Data Security Standard, a global compliance framework that governs how cardholder data is handled. It is the benchmark for protecting payment card data. It applies to any organisation that handles cardholder information, whether you’re accepting payments at a POS terminal, processing transactions online, or storing card data for recurring billing.

The goal of PCI DSS is to:

• Create a baseline security standard across the entire payment ecosystem
• Protect consumers from fraud and data breaches
• Reduce the risk exposure of businesses that work with card data

Who it affects	Requirement
Acquirers	Must ensure terminals are PCI-compliant
Payment Gateways	Must encrypt card data in transit
Merchants	Cannot store CVV, PINs, or full PAN
Banks, Fintechs (Card issuing)	Must tokenise and encrypt card data

4. CBN & NIBSS terminal certification

Before a POS terminal or payment device can be deployed in Nigeria, it must be tested and certified by NIBSS under the CBN regulation.

Certification checks:

• EMV compliance
• ISO 8583 formatting
• Interoperability with all banks
• Performance benchmarks (latency, security)

Certification Flow:

[POS Vendor] → [Submit to NIBSS] → [Testing] → [Certification Issued] → [Allowed in Market]

Standards Comparison Table

Standard	Applies To	Function	Mandatory in Nigeria?
ISO 8583	All transaction messages	Formats the message	Yes
EMV	Card terminals/cards	Provides chip security	Yes
PCI-DSS	Gateways/Processors	Data protection	Yes
NIBSS Cert	POS terminals	Device performance & interoperability	Yes

Building around card rails: Use cases, approaches & integration paths

Building in the card ecosystem means navigating infrastructure, compliance, and partnerships. Whether you’re launching a neobank, issuing virtual cards, enabling POS transactions, or creating an embedded finance product, you’re likely interacting with card rails.

Here’s how Nigerian fintechs and builders are innovating around the rails, not just on them.

Key use cases for builders

Use Case	Description	Examples
Card Issuing	Create physical or virtual cards tied to wallets or bank accounts	Kuda, Eyowo, PayDay
Merchant Acquiring	Accept card payments via POS or online checkout	Moniepoint, Paystack, Flutterwave
Wallet-to-Card / Card-to-Wallet	Link digital wallets with card functionality for top-up and withdrawal	Chipper Cash, Carbon
Embedded Cards / APIs	Integrate card functionality within apps, marketplaces, or BNPL platforms	Klasha, Eversend
Card Tokenisation	Enable card-on-file storage and recurring billing with security tokens	Remita, Flutterwave Subscriptions

Common integration models

Model	Best For	Partners Required
BIN Sponsorship (Card Issuing)	Fintechs without a banking licence	Providus, Sterling, Union Bank (as sponsors)
White-Label Card APIs	Embedded finance or neobanks	OnePipe, Maplerad, Flutterwave Issuing
Processor-as-a-Service	Simplified merchant payments	Interswitch, Appzone, Paystack Terminal API
Full PCI-DSS Integration	Own infrastructure & high control	Direct to switch, requires certs/compliance
Third-party Gateway Integration	Fast go-to-market with low overhead	Flutterwave, Paystack, Monnify

Regulatory considerations when building around card rails

If You’re…	You Need to…
Issuing cards	Register with a sponsor bank, comply with CBN card regulations, and ensure KYC
Acquiring merchants	Obtain or partner for an acquiring licence, and pass the CBN/PSSP audit
Handling card data directly	Be PCI-DSS certified or use a certified partner (avoid storing PAN/CVV)
Using switches directly	Undergo integration and possibly terminal certification via NIBSS

Challenges to prepare for

• Downtime or latency from partner banks or switches
• Scheme restrictions (e.g. Verve-only POS devices or limits on international Visa use)
• Settlement complexity with multiple banks (T+2 delays, FX limits)
• Integration fragmentation across APIs (one provider may use REST, another SOAP)
  

Challenges in the Nigerian context

Building on and around card rails in Nigeria presents a unique set of challenges. Some stem from infrastructure limitations, others from regulatory policies or scheme dominance. 

Here are the main friction points builders face:

1. Network downtime and instability

• POS transactions often fail due to network interruptions between the terminal, acquirer, or switch.
• Many switches rely on telco-powered communication lines, which are prone to outages and congestion.
• Builders must plan for retries, fallback rails, or alternative payment modes (e.g., account-to-account) to reduce failed transactions.

It’s not uncommon for merchants to prefer cash on weekends due to “POS not connecting.”

2. Fragmented scheme dominance 

• Verve cards are accepted almost everywhere locally, but lack international utility.
• Visa and Mastercard work online and abroad, but may be rejected on certain POS terminals (especially those deployed by banks with Verve-only terminals).
• Fintechs must often issue multiple card types or abstract card scheme logic within their infrastructure.
  

3. Variable settlement experience

Although many fintechs now offer T+0 settlement via NIP, challenges still persist:

• Traditional banks or smaller acquirers may still operate on T+1 or T+2, particularly for bulk or low-priority merchants.
• Settlement failures or delays occur when fund reconciliation fails due to mismatched data, reversals, or network issues.
• Float and liquidity management become crucial for agent-based networks and small business merchants.

4. Fraud and disputes

• Card fraud is still a serious issue, especially via cloned cards or stolen details.
• The process for chargebacks and transaction reversals is often manual, lengthy, and lacks transparency.

3DSecure and tokenisation are now commonly used by fintechs to reduce fraud exposure.

5. High cost of infrastructure and compliance

• PCI-DSS certification is expensive for early-stage companies.
• POS deployment requires hardware logistics, support staff, and device monitoring at scale.
• Partnering with banks or providers often involves fixed monthly fees, per-transaction charges, and complex SLAs.
  

Global Comparison: How other markets approach card rails

Looking beyond Nigeria helps us identify patterns, alternatives, and best practices in other regions.

A. United States

• Dominated by Visa and Mastercard.
• Acquirers are more fragmented and competitive (e.g. Stripe, Square, First Data).
• Interchange fees are high but transparent.
• Embedded finance and virtual cards are widely adopted in SaaS, gig platforms, and fintech APIs.
  

B. India

• Cards are being replaced by UPI (Unified Payments Interface), a real-time A2A (Account-to-Account) system.
• RuPay, the domestic card scheme, was built as an alternative to Visa/Mastercard.
• The government mandates zero MDR (merchant discount rates) for some payment types, making card acquiring less attractive for banks.
  

Indian fintechs build around UPI instead of traditional card infrastructure.

C. Kenya

• M-PESA, a telco-led mobile money platform, leapfrogged card adoption.
• POS penetration is lower compared to Nigeria.
• Card usage is mostly confined to middle-class, urban, and international transactions.
  

D. South Africa

• Hybrid model: cards are widely accepted, but EFTs (electronic fund transfers) via BankservAfrica are also popular.
• There’s stronger consumer protection and financial education than in many African countries.
• Open banking efforts are slowly emerging, pushing fintech innovation.
  

In summary: Card rails across markets

Country	Dominant Rail	Alt. Rails (or Trends)	Notable Fintech Infra
Nigeria	Verve, Visa/Mastercard	USSD, wallet APIs	Interswitch, NIBSS, Paystack
India	RuPay	UPI (A2A)	Razorpay, Cashfree, Juspay
Kenya	Visa/Mastercard	M-PESA	Cellulant, Safaricom APIs
US	Visa/Mastercard	ACH, Plaid, BNPL	Stripe, Marqeta, Unit, Lithic
South Africa	Visa/Mastercard	EFT (BankservAfrica)	Yoco, Ozow, Stitch

The future of card rails

As digital finance evolves, card rails are no longer the sole foundation for payments; they’re becoming one piece in a broader, more programmable and interoperable ecosystem. Nigeria is at a unique crossroads: cards still dominate merchant payments, but alternative rails (e.g. NIP, wallets, QR, virtual accounts) are rising fast.

Here’s what the future looks like for card-based infrastructure, and how builders are adapting.

1. Rise of SoftPOS & Tap-to-Phone

• Merchants will be able to accept card payments with just an Android phone and an NFC chip, no POS terminal required.
• This reduces costs, increases reach (especially in informal markets), and simplifies onboarding.
• CBN-approved SoftPOS SDKs are already in use by companies like Moniepoint and Interswitch.

2. Embedded cards in apps and marketplaces

• More fintechs will issue virtual-only cards, linked to wallets, not traditional bank accounts.
• Cards will be programmable: allowing dynamic spending rules, merchant-specific limits, or even use-case-specific variants (e.g. travel, gaming, fuel-only).
• This flexibility is ideal for corporate cards, BNPL, expense automation, and consumer controls.

Examples include Maplerad, Wallets Africa, and OnePipe, offering developer-first issuing platforms.

4. AI Will Reinforce Card-Based Risk Engines

Artificial intelligence (AI) will make the systems that detect fraud and unusual card transactions smarter, faster, and more adaptive.

• Fraud detection will increasingly be powered by real-time behavioural analytics.
• Machine learning models will assess device ID, geolocation, merchant category, and card usage patterns to flag suspicious activity.
• This allows dynamic limits, transaction velocity control, and proactive fraud response.

Card rails won’t disappear, but they’ll be more intelligent, adaptive, and secure.

5. Tokenisation and Card-on-File will enable seamless embedded experiences

• Tokenised cards (using cryptographic substitutes for PANs) will become the norm for in-app payments, subscriptions, and BNPL checkout.
• Card-on-file ecosystems will enable merchants to rebill securely without needing to store actual card data (thus reducing PCI-DSS scope).
• These tokens can be bound to a device, merchant, or session, offering higher protection than raw card data.

This is already in place with providers like Paystack, Flutterwave, and international partners like Visa/Mastercard gateways.

5. Convergence with account-based and wallet-based payments

• Wallets like PalmPay, Opay, and Chipper Cash offer virtual cards alongside account numbers.
• Future systems may unify these experiences—users won’t know or care if it’s a card rail or A2A payment.

In conclusion, card rails remain central to Nigeria’s digital payments ecosystem, powering transactions and enabling fintech growth. But building around them goes beyond plugging into APIs. It requires understanding the roles of issuers, switches, and schemes, staying compliant with evolving standards, and navigating real-world constraints like fraud, fragmentation, and infrastructure gaps. 

As this ecosystem matures, the most forward-thinking players are merging card authorisation with NIP-powered settlement, embedding programmable cards, and using AI to detect risk. The future isn’t about abandoning card rails—it’s about building smarter, faster, and more adaptive systems on top of them.