A business that is qualified to accept credit or debit cards as payment.
An acquirer is an organization licensed as a member of Visa / MasterCard as an affiliated
bank or bank/processor alliance that is in the business of processing credit card
transactions for businesses (acceptors) and is always acquiring new merchants.
Acquiring Financial Institution:
An acquiring financial institution (or “acquirer”) contracts with the
bank and merchants to enable credit card transactions. The acquirer deposits the
daily credit card totals and debits the end-of-month processing fees from the merchants'
Address Verification Service (AVS):
The process of validating a cardholder’s given address against the issuer’s
records, to determine accuracy and deter fraud. This service is provided as part
of a credit card authorization for mail order/telephone order transactions. A code
is returned with the authorization result that indicates the level of accuracy of
the address match and helps secure the most favorable interchange rates.
An adjustment is initiated by the acquirer to correct a processing error. The error
could be a duplication of a transaction or the result of a cardholder dispute. The
acquirer debits or credits the merchant’s DDA account for the dollar amount
of the adjustment.
Assessments are processing fees merchants pay to the Card Associations to finance
their roles in operating the network, setting rules, setting pricing, research and
development, and marketing/branding. They are a set percentage of the sale and are
generally collected on a daily or monthly basis.
Associations are any entity formed to administer and promote credit and cards. The
best known examples of Associations are MasterCard and Visa.
Audio Response Unit (ARU):
This is an electronic authorization and capture product where the merchant uses
a touch-tone telephone to process transactions.
The process of verifying that the credit card has sufficient funds (credit) available
to cover the amount of the transaction. An authorization is obtained for every sale.
An approval response in the form of a code is sent to a merchant’s POS (point
of sale) from a card issuing financial institution that verifies availability of
credit or funds in the cardholder account to make the purchase. Also see Point-Of-Sale.
An issuing financial institution’s electronic message reply to an authorization
request, which may include:
* Approval -- transaction was approved
* Decline -- transaction was not approved
* Call Center -- response pending more information, merchant must call the toll-free
authorization phone number.
A code that a credit card issuing bank returns in an electronic message to the merchant’s
POS equipment that indicates approval of the transaction. The code serves as proof
A terminal feature that allows an end-of-day batch closing to occur automatically
at a specified time, without having to be initiated by the merchant.
Automated Clearing House (ACH) File:
A file with instructions for the exchange and settlement of electronic payments
passed between financial institutions. It represents debits and credits to be deducted
from an account automatically as they occur.
Average Ticket (Average Sale):
The average dollar amount of a merchant’s typical sale. The average ticket
amount is calculated by dividing the total sales volume by the total number of sales
for a specified time period.
A credit card issued by a Visa or MasterCard-sponsored financial institution. (American
Express, Discover, Diners Club, JCB, etc., are issued directly from their respective
operations, rather than through banks.)
The accumulation of captured credit card transactions in the merchant’s terminal
or POS awaiting settlement.
The submission of an electronic credit card transaction for financial settlement.
Authorized credit card sales must be captured and settled in order for a merchant
to receive funds for those sales. Also see Settlement.
To whom a card is issued or individual authorized to use the card .
Full magnetic stripe or the PAN (payment account number) plus any of the following:
* Cardholder name
* Expiration date
* Service Code
Cardholder data environment:
Area of a computer system network that possesses cardholder data or sensitive authentication
data. Those systems and segments directly attach or support cardholder processing,
storage, or transmission. Adequate network segmentation, which isolates systems
that store, process, or transmit cardholder data from those that do not, may reduce
the scope of the cardholder data environment and thus the scope of the PCI assessment.
Card Issuing Bank:
An EFT (Electronic Funds Transfer) Network Member-Bank that runs a credit card or
debit card “purchasing service” for their account holders. An example
is CitiBank and the CitiBank Visa Card that they issue.
Card Not Present:
A transaction where the card is not present at the time of the transaction (such
as mail order or telephone order). Credit card data is manually entered into the
terminal or POS, as opposed to swiping a card’s magnetic stripe through a
piece of equipment.
A credit card transaction that is billed back to the merchant after the sale has
been settled. Chargebacks are initiated by the card issuer on behalf of the cardholder.
Typical cardholder disputes involve product delivery failure or product/service
dissatisfaction. Cardholders are urged to try to obtain satisfaction from the merchant
before disputing the bill with the credit card issuer.
The Center for Internet Security Is a non-profit enterprise with mission to help
organizations reduce the risk of business and e-commerce disruptions resulting from
inadequate technical security controls.
The process of sending the batch for settlement.
Credit or charge cards issued to businesses to cover expenses such as travel and
entertainment and procurement. Includes the multiple payment card brands of purchasing
cards, business cards, corporate cards and multi-utility fleet cards. Visa and MasterCard
have special procedures for passing billing information back to the card issuing
bank so that the information can be displayed on card holder statements.
Compensating controls may be considered when an entity cannot meet a requirement
explicitly as stated, due to legitimate technical or documented business constraints
but has sufficiently mitigated the risk associated with the requirement through
implementation of other controls. Compensating controls must 1) meet the intent
and rigor of the original stated PCI DSS requirement; 2) repel a compromise attempt
with similar force; 3) be above and beyond other PCI DSS requirements (not simply
in compliance with other PCI DSS requirements); and 4) be commensurate with the
additional risk imposed by not adhering to the PCI DSS requirement.
Intrusion into a computer system where unauthorized disclosure, modification, or
destruction of cardholder data is suspected.
A charge card designed for business-related expenses, such as travel and entertainment.
Please see Commercial Card
Nullification of an authorized transaction (sale) that has not been settled. If
supported by the card issuer, a reversal will immediately "undo" an authorization
and return it to the open-to-buy balance on a cardholder’s account. Some card
issuers do not support reversals.
This is the merchants Demand Deposit Account, otherwise known as the merchant’s
home business bank account.
Payment card whose funds are withdrawn directly from the cardholder’s checking
account at the time of sale (online debit on a Debit Network) or after batch settlement
(off-line debit on a Credit Card Network).
Deposit Correction Notice (DCN):
Adjustments (debits or credits) made for an out-of-balance condition due to various
problems in the transmittal. The correction is made by the merchant’s acquirer
at the time of capture prior to being sent out for interchange.
Data Encryption Standard (DES). Block cipher elected as the official Federal Information
Processing Standard (FIPS) for the United States in 1976. Successor is the Advanced
Encryption Standard (AES).
Data Security Standard.
The percentage of sales amounts that the bankcard acquirer or travel and entertainment
(T&E) card issuer charges the merchant for the settlement of the transactions.
Dues & Assessments:
Dues & Assessments are processing fees merchants pay to the Card Associations to
finance their roles in operating the network, setting rules, setting pricing, research
and development, and marketing/branding. They are a set percentage of the sale and
are generally collected on a daily or monthly basis.
The rejection of a sales draft by Visa or MasterCard before a transaction processes
through interchange, but after it has been paid by the acquirer.
Electronic Cash Register (ECR):
A device used for cash sales which can also be integrated to accept credit cards.
Electronic Date Capture (EDC):
The process of electronically authorizing, capturing and settling a credit card
Also known as “Chip & PIN” transactions, a card that is enabled with
EMV has a microchip that’s impossible to duplicate and requires a Personal Identification
Number (PIN) instead of a signature.
The process of converting information into an unintelligible form except to holders
of a specific cryptographic key. Use of encryption protects information between
the encryption process and the decryption process (the inverse of encryption) against
Private label credit cards designed for repairs, maintenance and fueling of business
Also known as a trailer, the footer is text printed at the bottom of a sales draft.
A merchant can customize the footer (i.e., Have a Nice Day, No Refunds, Thank You
for Shopping With Us, etc.).
Various services offered to merchants and other service providers. Services range
from simple to complex; from shared space on a server to a whole range of shopping
cart options; from payment applications to connections to payment gateways and processors.
Main computer hardware on which software resides.
The standardized electronic exchange of financial and non-financial data associated
with sale and credit of data between merchant acquirers and card issuers on various
types of MasterCard and Visa transactions.
The interchange fee is a percentage applied, according to Visa/MasterCard regulations,
to the dollar value of each transaction. There are multiple categories of interchange,
and Visa and MasterCard each have their own criteria for their own categories. A
transaction must meet the specified criteria for a category in order for that category’s
rate to be applied. Each transaction is evaluated individually, so various interchange
rates may apply within one batch of merchant transactions.
Internet Service Provider (ISP):
Internet Service Providers (ISPs) are the Website Hosting companies that provide
a home for merchant’s web sites.
Issuing Financial Institution:
The bank or other financial institution that extends credit to a cardholder through
bankcard accounts. The financial institution issues a credit card and bills the
cardholder for purchases against the bankcard account. This is also referred to
as the cardholder’s financial institution. The issuer is a bank or other institution
that issues a credit or debit card to an individual.
ISV-Independent Software Vendor:
J K L M
A software application that has a payment solution built into their software program
that enables users to have an all-in one business solution.
Level II Transaction:
A Level II transaction contains additional amount of data that is provided for purchase/commercial
cards. A Level II transaction includes Sales Tax Amount and Commercial Card Customer
Code (many times the customer’s purchase order number).
Level III Transaction:
A Level III transaction contains additional amount of data that is provided for
purchase/commercial cards. A Level III transaction includes line item data which
are details around what the consumer is purchasing. Level III transactions also
include enhanced data such as a summary commodity code, ship to/from ZIP code, freight/shipping
Magnetic Stripe Data (Track Data):
Data encoded in the magnetic stripe used for authorization during transactions when
the card is presented. Data includes account number, expiration date, name and service
A batch close that must be initiated by the merchant on a daily basis (also known
as merchant initiated batching), as opposed to an auto close at a pre-set time.
Customer of a processor/acquirer.
Merchant Identification Number (MID):
This number is generated by a processor/acquirer and is specific to each individual
merchant location. This number is used to identify the merchant during processing
of daily transactions, rejects, adjustments, chargebacks, end-of-month processing
A strip of magnetic tape affixed to the back of credit cards containing identifying
data, such as account number and cardholder name.
Mail Order/Telephone Order (MOTO):
Credit card transactions initiated via mail, email or telephone. Also known as card-not-present
Company and system used to authorize and capture credit card transactions.
Non-Qualified Transaction Fees (Non-Qual):
Bankcard sales transactions that do not meet set Visa/MasterCard criteria for that
particular merchant and are processed at a higher interchange rate. An example of
this is a merchant that is retail (card present) that processes a card-not-present
transaction (or manually enters card data rather than swiping the magnetic stripe).
The merchant will pay the difference between what they should have paid on retail
and what they actually qualified for (card not present).
Data Security Standards (PA-DSS):
The goal of PA-DSS is to help software vendors and others develop secure payment
applications that do not store prohibited data.
Payment Card Industry
Industry Data Security Standards (PCI DSS):
The PCI DSS is a multifaceted security standard that includes requirements for security
management, policies, procedures.
A software program that is designed to perform a specific function on a computer
system. Examples would be accounting systems, manufacturing systems, order entry
and fulfillment, ticketing, reservations systems. The application is either purchased
or built by the merchant, and must be interfaced with a credit card authorization
system in order to provide integrated transaction processing.
PCI Compliance refers to industry-mandated security standards that apply to all
businesses that handle, process or store credit or debit cards. The three PCI compliance
standards are PCI DSS, PA-DSS and the PCI PED.
PCI Compliance Deadlines:
Deadlines for merchants, service providers and software applications to be compliant
with the corresponding PCI standard.
Point-to-point encryption ensures cardholder data is protected from card swipe all
the way through to the processing banks. State of the art encrypted magnetic card
readers scan and encrypt cardholder information prior to performing an electronic
Private Label Cards:
Credit, debit or stored-value cards that can be used only within a specific merchant’s
store. Also referred to as proprietary cards.
Point- of-Interaction (POI):
The initial point where cardholder data is read from a credit card; generally this
is the keyboard where manual entry is made, or the card reader itself.
Point of Sale (POS):
A location where credit card transactions are performed with the cardholder present,
such as a retail store. The card is read magnetically, and the cardholder’s
signature is obtained as insurance against the transaction.
Equipment used to capture, transmit and store credit card transactions at the point
Processing Network (Vendor):
The medium of data transport between the merchant application and the processor.
This company authorizes and captures credit card transactions. Some examples of
processing networks are First Data and Paymentech.
Charge cards used by businesses to cover purchasing expenses, such as raw materials
or office supplies.
Real-Time Processing means that when a web site’s customer conducts an online
purchase, the credit card information is conveyed to the Processor at that exact
time so that an authorization can immediately be requested and received. Real-Time
Processing always implies that a Secure Payment Gateway is being utilized, whether
proprietary or third party.
A tool for submitting and managing recurring or subscription-based, transactions.
Sales Draft (Ticket):
A form showing an obligation on the cardholder's part to pay money (i.e., the sales
amount) to the card issuer. This is the piece of paper that is signed when making
the purchase. Sales draft data can be captured electronically. See Electronic Data
Secure Payment Gateway:
Secure Payment Gateway companies help other processors conduct secure business on
the internet using Secure Socket Layer (SSL) technology. They provide a system that
passes credit card data, authorization requests, and authorization responses over
the internet using encryption technology. The transaction information is sent by
the payment gateway’s secure server to the credit card network where the validity
of the card is checked and the availability of funds on that account is verified.
An authorization code is then returned to the payment gateway. The authorization
is encrypted by the payment gateway and transmitted in an encrypted form to the
web server of the merchant.
Settlement is the process of sending a merchant’s batch to the network for
processing and payment. A batch is considered settled once funds appear in the merchants
Shopping Cart Software Providers:
Shopping Cart Software Providers are software companies that either produce, utilize
or resell Shopping Cart Applications (programs) that display merchandise and/or
services, and take orders for merchants.
A credit-type card that electronically stores account information in the card itself.
A POS Terminal Application or PC or Internet Application that runs transactions
and associated administration.
Secure sockets layer is the industry standard that encrypts the channel between
a web browser and web server to ensure the privacy and reliability of the data transmitted.
Equipment used to capture, transmit and store credit card transactions.
Programming that determines the characteristics and features of the terminal.
Travel & Entertainment (T & E) cards:
Credit or charge card used by businesses for travel and entertainment expenses.
Examples of these cards are American Express, Diners Club, Carte Blanche and JCB.
Also see Corporate Cards.
Terminal Identification Number (TID):
A unique number assigned to each POS terminal.
A Third Party Processor is an independent processor that is contracted with by a
Bank or Processor to conduct some part of the transaction processing process. In
the world of Internet Credit Card Processing, the Secure Payment Gateway Provider
is another type of Third Party Processor.
Value Added Reseller (VAR):
Third-party vendor that enhances or modifies existing hardware or software, adding
value to the services provided by the processor or acquirer.
W X Y Z
A tool that allows merchants to process credit card transactions from any computer
with an Internet connection.