A merchant/vendor qualified to accept credit or debit cards as payment.
Automated Clearing House file. A file containing instructions for the exchange and settlement of electronic payments passed between financial institutions. ACH files represent debits and credits to and from an account as they occur.
An organization licensed by Visa/MasterCard as an affiliated bank or bank/processor alliance, in the business of acquiring new merchant businesses (acceptors) and processing their credit card transactions.
Acquiring Financial Institution
An acquirer that contracts with the bank and merchants (acceptors) to enable credit card transactions. The acquirer deposits daily credit card totals and debits end-of-month processing fees from merchants’ accounts.
An action initiated by the acquirer to correct a processing error, such as duplication of a transaction or a cardholder dispute. The acquirer debits or credits the merchant's DDA (see Demand Deposit Account) for the dollar amount of the adjustment.
Audio Response Unit. An electronic authorization and capture product allowing merchants to use a touch-tone telephone to process transactions.
Processing fees merchants pay to the Card Associations to finance their roles in operating the network, setting rules and pricing, research and development, and marketing/branding. Assessments are a set percentage of the sale and are generally collected on a daily or monthly basis.
Any entity formed to administer and promote credit and cards. The best known examples of Associations are MasterCard and Visa.
Verification that the credit card has sufficient funds (credit) available to cover the amount of the transaction. An authorization is obtained for every sale. An approval response code is sent to the merchant's POS (point of sale) system from a card issuing financial institution, verifying availability of credit or funds in the cardholder account to make the purchase (see Point-Of-Sale).
A code returned by a credit card issuing bank in an electronic message to the merchant's POS equipment indicating approval of the transaction and serving as proof of authorization.
An issuing financial institution's electronic message reply to an authorization request. Typical Authorization Responses include: Approval -- transaction was approved Decline -- transaction was not approved Call Center -- response pending more information. In this event, the merchant must call the toll-free authorization phone number.
A terminal feature that allows an end-of-day batch closing to occur automatically at a specified time, without merchant initiation.
Average Ticket (Average Sale)
The average dollar amount of a merchant's typical sale. Calculated by dividing the total sales volume by the total number of sales over a specified time period.
Address Verification Service. The process of validating a cardholder's given address against the issuer's records to determine accuracy and deter fraud. Provided as one element of credit card authorization for MOTO (mail order/telephone order) transactions. A code is returned with the authorization result, indicating the level of accuracy of the address match and helping to secure favorable interchange rates.
A credit card issued by a Visa or MasterCard-sponsored financial institution. (American Express, Discover, Diners Club, JCB, etc., are issued directly from their respective operations, not through a bank or sponsored financial institution).
An accumulation of captured credit card transactions awaiting settlement in the merchant's terminal or POS.
The submission of an electronic credit card transaction for financial settlement. Authorized credit card sales must be captured and settled for a merchant to receive funds for those sales (see Settlement).
Card Issuing Bank
An EFT (see Electronic Funds Transfer) Network Member-Bank that runs a credit or debit card "purchasing service" for account holders. (i.e. the CitiBank Visa Card issued by CitiBank).
Card Not Present
A transaction that occurs without a physical card present at the time of the transaction (such as mail order or telephone order). Card Not Present transactions require the manual entry of credit card data into the terminal or POS, as opposed to gathering card data mechanically.
A person or business to whom a card is issued, or an individual authorized to use the card.
Data held by or printed on a credit or debit card. Including but not limited to full magnetic stripe or chip data, PAN (payment account number), cardholder name, expiration date, and service code.
Cardholder data environment
The areas of a computer system network that possesses cardholder data or sensitive authentication data. These directly attach to or support cardholder processing, storage, or transmission of cardholder data.
A credit card transaction that is billed back to the merchant after the sale has been settled. Chargebacks are initiated by the card issuer on behalf of the cardholder and typically involve product delivery failure or product/service dissatisfaction.
The Center for Internet Security, a nonprofit enterprise dedicated to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate security controls.
The process of sending the batch (see Batch) for settlement.
Credit or charge cards issued to businesses to cover expenses such as travel, entertainment, and procurement. Includes purchasing cards, business cards, corporate cards and multi-utility fleet cards. Visa and MasterCard have special procedures for passing billing information back to the card issuing bank for display on card holder statements.
Considered when an entity cannot meet a requirement explicitly as stated due to legitimate technical or documented business constraints, but has sufficiently mitigated the risk associated with the requirement through implementation of other controls. Compensating controls must 1) meet the intent and rigor of the original stated PCI DSS requirement; 2) repel a compromise attempt with similar force; 3) be above and beyond other PCI DSS requirements; and 4) be commensurate with the additional risk imposed by not adhering to the PCI DSS requirement.
Unauthorized intrusion into a computer system where cardholder data disclosure, modification, or destruction is suspected.
A charge card designed for business-related expenses, such as travel and entertainment (see Commercial Card).
Nullification of an authorized transaction prior to settlement. A reversal will immediately "undo" an authorization, not affecting the open-to-buy balance on a cardholder's account. Not supported by some card issuers.
Deposit Correction Notice. Adjustments (debits or credits) made for an out-of-balance condition due to various problems in the transmittal. Made by the merchant's (acceptor’s) acquirer at the time of capture prior to being sent out for interchange.
Demand Deposit Account. Typically the merchant’s business bank account.
Payment card enabling the withdrawal of funds directly from the cardholder's checking account at the time of transaction (online debit on a Debit Network) or after batch settlement (off-line debit on a Credit Card Network).
Data Encryption Standard. Block cipher encryption was elected as the official Federal Information Processing Standard (FIPS) for the United States in 1976. Its successor is the Advanced Encryption Standard (AES).
The percentage of sales amounts that the bankcard acquirer or travel and entertainment (T&E) card issuer charges the merchant (acceptor) for the settlement of the transactions.
Data Security Standard.
Dues & Assessments
Processing fees paid to the Card Associations by merchants (acceptors) to finance the Associations’ roles in operating the network, setting rules, setting pricing, research and development, and marketing/branding. They are a set percentage of the sale, typically collected on a daily or monthly basis.