A
Acceptor:
A business that has qualified to accept credit or debit cards as payment.
Acquirer:
An acquirer is an organization licensed as a member of Visa / MasterCard as an affiliated
bank or bank/processor alliance that is in the business of processing credit card
transactions for businesses (acceptors) and is always acquiring new merchants.
Acquiring Financial Institution:
An acquiring financial institution (or "acquirer") contracts with the
bank and merchants to enable credit card transactions. The acquirer deposits the
daily credit card totals and debits the end-of-month processing fees from the merchants'
accounts.
Address Verification Service (AVS):
The process of validating a cardholder's given address against the issuer's records,
to determine accuracy and deter fraud. This service is provided as part of a credit
card authorization for mail order/telephone order transactions. A code is returned
with the authorization result that indicates the level of accuracy of the address
match and helps secure the most favorable interchange rates.
Adjustment:
An adjustment is initiated by the acquirer to correct a processing error. The error
could be a duplication of a transaction or the result of a cardholder dispute. The
acquirer debits or credits the merchant DDA account for the dollar amount of the
adjustment.
Assessments:
Assessments are processing fees merchants pay to the Card Associations to finance their roles in operating the network, setting rules, setting pricing, research and development, and marketing/branding. They are a set percentage of the sale and are generally collected on a daily or monthly basis.
Associations:
Any entity formed to administer and promote credit and cards. The best known examples
of Associations are MasterCard and Visa.
Audio Response Unit (ARU):
This is an electronic authorization and capture product where the merchant uses
a touch-tone telephone to process transactions.
Authorization:
The process of verifying the credit card has sufficient funds (credit) available
to cover the amount of the transaction. An authorization is obtained for every sale.
An approval response in the form of a code sent to a merchant's POS equipment (usually
a terminal) from a card issuing financial institution that verifies availability
of credit or funds in the cardholder account to make the purchase. Also see Point-Of-Sale.
Authorization Response:
An issuing financial institution's electronic message reply to an authorization
request, which may include:
Approval -- transaction was approved
Decline -- transaction was not approved
Call Center -- response pending more information, merchant must call the toll-free
authorization phone number.
Authorization Code:
A code that a credit card issuing bank returns in an electronic message to the merchant's
POS equipment that indicates approval of the transaction. The code serves as proof
of authorization.
Auto Close:
A terminal feature that allows an end-of-day batch closing to occur automatically
at a specified time, without having to be initiated by the merchant.
Automated Clearing House (ACH) File:
A file with instructions for the exchange and settlement of electronic payments
passed between financial institutions. It represents debits and credits to be deducted
from an account automatically as they occur.
Average Ticket (Average Sale):
The average dollar amount of a merchant's typical sale. The average ticket amount
is calculated by dividing the total sales volume by the total number of sales for
the specified time period.
B
Bankcard:
A credit card issued by a Visa or MasterCard-sponsored financial institution. (American
Express, Discover, Diners Club, JCB, etc., are issued directly from their respective
operations, rather than through banks.)
Batch:
The accumulation of captured credit card transactions in the merchant's terminal
or POS awaiting settlement.
C
Capture:
The submission of an electronic credit card transaction for financial settlement.
Authorized credit card sales must be captured and settled in order for a merchant
to receive funds for those sales. Also see Settlement.
Cardholder:
Customer to whom a card is issued or individual authorized to use the card
Cardholder data:
Full magnetic stripe or the PAN plus any of the following:
* Cardholder name
* Expiration date
* Service Code
Cardholder data environment:
Area of computer system network that possesses cardholder data or sensitive authentication data and those systems and segments that directly attach or support cardholder processing, storage, or transmission. Adequate network segmentation, which isolates systems that store, process, or transmit cardholder data from those that do not, may reduce the scope of the cardholder data environment and thus the scope of the PCI assessment.
Card Issuing Bank:
An EFT Network Member-Bank that runs a credit card or debit card "purchasing
service" for their account holders. An example is CitiBank and the CitiBank
Visa Card that they issue.
Card Not Present:
A transaction where the card is not present at the time of the transaction (such
as mail order or telephone order). Credit card data is manually entered into the
terminal, as opposed to swiping a card's magnetic stripe through the terminal.
Chargeback:
A credit card transaction that is billed back to the merchant after the sale has
been settled. Chargebacks are initiated by the card issuer on behalf of the cardholder.
Typical cardholder disputes involve product delivery failure or product/service
dissatisfaction. Cardholders are urged to try to obtain satisfaction from the merchant
before disputing the bill with the credit card issuer.
CIS:
Center for Internet Security. Non-profit enterprise with mission to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls.
Close Batch:
The process of sending the batch for settlement.
Commercial Cards:
Credit or charge cards issued to businesses to cover expenses such as travel and
entertainment and procurement. Includes the multiple payment card brands of purchasing
cards, business cards, corporate cards and multi-utility fleet cards. Visa and MasterCard
now have special procedures for passing billing information back to the card issuing
bank so that it can be displayed on card holder statements; this is a program for
promoting the use of credit cards for business purchases by providing purchase tracking
to business users. New regulations require that this billing information be passed
back with the transactions, otherwise a higher pass through fee will be incurred.
Compensating controls:
Compensating controls may be considered when an entity cannot meet a requirement explicitly as stated, due to legitimate technical or documented business constraints but has sufficiently mitigated the risk associated with the requirement through implementation of other controls. Compensating controls must 1) meet the intent and rigor of the original stated PCI DSS requirement; 2) repel a compromise attempt with similar force; 3) be ?above and beyond? other PCI DSS requirements (not simply in compliance with other PCI DSS requirements); and 4) be commensurate with the additional risk imposed by not adhering to the PCI DSS requirement.
Compromise:
Intrusion into computer system where unauthorized disclosure, modification, or destruction of cardholder data is suspected.
Corporate Card:
Charge card designed for business-related expenses, such as travel and entertainment.
Please see Commercial Card.
Credit (Reversal):
Nullification of an authorized transaction (sale) that has not been settled. If
supported by the card issuer, a reversal will immediately "undo" an authorization
and return it to the open-to-buy balance on a cardholder's account. Some card issuers
do not support reversals.
D
DDA Account:
This is the merchants Demand Deposit Account, otherwise known as the merchant's
home town bank account.
Debit Card:
Payment card whose funds are withdrawn directly from the cardholder's checking account
at the time of sale (online debit on a Debit Network) or after batch settlement
(off-line debit on a Credit Card Network).
Deposit Correction Notice (DCN):
Adjustments (debits or credits) made for an out-of-balance condition due to various
problems in the transmittal. The correction is made by the merchant's acquirer at
the time of capture prior to being sent out for interchange.
DES:
Data Encryption Standard (DES). Block cipher elected as the official Federal Information Processing Standard (FIPS) for the United States in 1976. Successor is the Advanced Encryption Standard (AES).
DSS:
Data Security Standard.
Discount Rate:
The percentage of sales amounts that the bankcard acquirer or travel and entertainment
(T&E) card issuer charges the merchant for the settlement of the transactions.
Dues & Assessments:
Dues & Assessments are processing fees merchants pay to the Card Associations to finance their roles in operating the network, setting rules, setting pricing, research and development, and marketing/branding. They are a set percentage of the sale and are generally collected on a daily or monthly basis.
E
Edit Rejects:
The rejection of a sales draft by Visa or MasterCard before a transaction processes
through interchange, but after it has been paid by the acquirer.
Electronic Cash Register (ECR):
A device used for cash sales. Can also be integrated to accept credit cards.
Electronic Date Capture (EDC):
Process of electronically authorizing, capturing and settling a credit card transaction.
Encryption:
Process of converting information into an unintelligible form except to holders of a specific cryptographic key. Use of encryption protects information between the encryption process and the decryption process (the inverse of encryption) against unauthorized disclosure.
F
Fleet cards:
Private label credit cards designed mainly for repairs, maintenance and fueling
of business vehicles.
Footer:
Text printed at the bottom of a sales draft. A merchant can customize the footer
(i.e., Have a Nice Day, No Refunds, Thank You for Shopping With Us, etc.).
G
H
Host:
Offer various services to merchants and other service providers. Services range from simple to complex; from shared space on a server to a whole range of ?shopping cart? options; from payment applications to connections to payment gateways and processors; and for hosting dedicated to just one customer per server.
Hosting Provider:
Main computer hardware on which computer software is resident .
I
Independent Sales Organization (ISO):
An ISO is an Independent Sales Organization that represents a Bank or Bank/Processor
alliance. The ISO has an agreement to sell the services of the Bank or Bank/Processor
alliance, and is allowed to mark up the Fees and sign up merchants. -These entities
are classic Middle Men, as they are typically not performing the services sold.
They typically match the banking services they sell with "Front End" solutions for
accepting transactions in order to offer merchants a working system. -Their Front
End Systems can be anything from Verifone or Hypercom POS Terminals to PC based
Dial-Out Credit Card Processing Software, to Shopping Carts paired with a Secure
Payment Gateway. (In all cases, the Front End solution must be compatible with the
Processor in order to function.)
Interchange:
The standardized electronic exchange of financial and non-financial data associated
with sale and credit data between merchant acquirers and card issuers on various
types of MasterCard and Visa transactions.
Interchange Fee:
A fee paid by an acquirer to an issuer for transactions entered into interchange.
The interchange fee is a percentage applied, according to Visa/MasterCard regulations,
to the dollar value of each transaction. There are multiple categories of interchange,
and Visa and MasterCard each have their own criteria for their own categories. A
transaction must meet the specified criteria for a category in order for that category's
rate to be applied. Each transaction is evaluated individually, so various interchange
rates may apply within one batch of merchant transactions.
Internet Service Provider (ISP):
Internet Service Providers (ISPs) are the Website Hosting companies that provide
a home for merchant's web sites.
-They typically resell and/or support the services of a Secure Gateway Provider
and/or ISO or Agent or Bank.
Issuing Financial Institution:
The bank or other financial institution that extends credit to a cardholder through
bankcard accounts. The financial institution issues a credit card and bills the
cardholder for purchases against the bankcard account. Also referred to as the cardholder's
financial institution. Simply put the issuer is a bank or other institution that
issues a credit card or debit card to an individual.
J
K
L
M
Magnetic Stripe Data (Track Data):
Data encoded in the magnetic stripe used for authorization during transactions when the card is presented. Entities must not retain full magnetic stripe data subsequent to transaction authorization. Specifically, subsequent to authorization, service codes, discretionary data/ Card Validation Value/Code, and proprietary reserved values must be purged; however, account number, expiration date, name, and service code may be extracted and retained, if needed for business.
Manual Close:
A batch close that must be initiated by the merchant on a daily basis, as opposed
to an auto close at a pre-set time.
Merchant:
Customer of a processor/acquirer.
Merchant Identification Number (MID):
This number is generated by a processor/acquirer and is specific to each individual
merchant location. This number is used to identify the merchant during processing
of daily transactions, rejects, adjustments, chargebacks, end-of-month processing
fees, etc.
Magnetic Stripe:
A strip of magnetic tape affixed to the back of credit cards containing identifying
data, such as account number and cardholder name.
Mail Order/Telephone Order (MOTO):
Credit card transactions initiated via mail, email or telephone. Also known as card-not-present
transactions.
N
Network:
Company and system used to authorize and capture credit card transactions.
Non-Qualified Transaction Fees (Non-Qual):
Bankcard sales transactions that do not meet set Visa/MasterCard criteria for that
particular merchant and are processed at a higher interchange rate. An example of
this is a merchant that is retail (card present) that processes a card-not-present
transaction (or manually enters card data rather than swiping the magnetic stripe
through the terminal). The merchant will pay the difference between what they should
have paid on retail and what they actually qualified for (card not present). This
difference is called non-qualified interchange fees.
O
P
PA:
Payment Applications
Payment Application Data Security Standards (PA-DSS):
The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data.
PCI:
Payment Card Industry
Payment Card Industry Data Security Standards (PCI DSS):
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures.
PC Software:
A software program that is designed to perform a specific function on a computer
system. Examples would be accounting systems, manufacturing systems, order entry
and fulfillment, ticketing, reservations, etc. The application is either purchased
or built by the merchant, and must be interfaced with a credit card authorization
system in order to provide on-line transaction processing.
Private Label Cards:
Credit, debit or stored-value cards that can be used only within a specific merchant's
store. Also referred to as proprietary cards.
Point of Sale (POS):
A location where credit card transactions are performed with the cardholder present,
such as a retail store. The card is read magnetically, and the cardholder's signature
is obtained as insurance against the transaction. This is the most secure form of
credit card commerce.
POS Terminal:
Equipment used to capture, transmit and store credit card transactions at the point
of sale. Examples are VeriFone terminals.
Processor:
A processor is the company that actually routes an Authorization Request from a
point of sale device (such as a VeriFone credit card terminal) to Visa or MasterCard,
and then arranges for Fund Settlement to the merchant. Such processors are traditionally
accessed via direct dial out modems connecting to their system. -Processors need
to have a Sponsoring Bank in order to gain access to the Visa and MasterCard networks.
When a Processor or other entity has made such an arrangement with a Sponsoring
Bank to resell their services, they are called an Agent of that bank. -Any entity
that sells Visa or MasterCard must disclose themselves as an Agent of their Sponsoring
Bank. Such sales entities may be a Processor, or an ISO/Agent of the Processor or
Processor/Bank alliance. -Many banks are also their own processors, while other
banks will use a Third Party Processor to handle this processing for them (in their
own brand name in some cases).
Processing Network (Vendor):
The medium of data transport between the merchant application and the processor.
This company authorizes and captures credit card transactions. Some examples of
processing networks are FDR, MAPP and Envoy.
Procurement/Purchasing Cards:
Charge cards used by businesses to cover purchasing expenses, such as raw materials
or office supplies.
Q
R
Real-Time Processing:
Real-Time Processing means that when a web site's customer conducts an online purchase,
that the check or credit card information is conveyed to the Processor at that exact
time so that an authorization can be requested and received at that moment. Real-Time
Processing always implies that a Secure Payment Gateway is being utilized, whether
proprietary or third party. Please see Secure Payment Gateways and Real Versus Non-Real
Time Processing.
Reserve Account:
One method that ACH processor's use to mitigate risk, is to require that merchants
maintain a reserve account at the processor's sponsoring bank. This allows the processor
to issue a hold on funds in this account when fraud has been detected or an excessively
large number of returns is received. Merchants with good credit and history can
usually meet the expectations of ACH processors for covering returns and so are
not always required to keep a reserve account. In cases where a reserve is required,
the minimum-reserve-balance in the account is set at about 20% of the anticipated
processing volume. New merchants are usually allowed to build up their reserve by
sending in transactions which are not withdrawn until the minimum reserve balance
is achieved; after that, the merchant is allowed to withdraw the excess funds for
transfer to their home town bank.
S
Sales Draft (Ticket):
A form showing an obligation on the cardholder's part to pay money (i.e., the sales
amount) to the card issuer. This is the piece of paper that is signed when making
the purchase. Sales draft data can be captured electronically and sent to be processed
over the phone lines. Also see Electronic Data Capture.
Secure Payment Gateway:
Secure Payment Gateway companies help other processors conduct secure business on
the internet using Secure Socket Layer (SSL) technology.
-They provide a system that passes credit card data, authorization requests, and
authorization responses over the internet using encryption technology.
-The transaction information is sent by the payment gateway secure server via leased
line to the credit card network where the validity of the card is checked and the
availability of funds on that account is verified. An authorization code is returned
via leased line to the payment gateway; the authorization is encrypted by the payment
gateway and transmitted in encrypted form to the web server of the merchant, which
triggers fulfillment of the order.
-Rather than try and create their own Secure Web System, many banks and bank/processor
alliances will use a Secure Payment Gateway Provider to perform this task for them.
Secure Payment Software/Software Module/Payment Module:
-In order to conduct secure business on the Web, the Secure Gateway Provider runs
a Secure Host System, and sells/licenses software modules that allow Shopping Carts
and other applications to request and receive Credit Card Authorizations via their
system using encrypted communications. (This is called Real Time Authorization.)
-The other features of this licensed software are the functions provided to merchants
online when they connect to the Secure Payment Gateway host; merchant can access
their own account information, use a "Virtual Terminal" to conduct transactions,
handle administrative tasks, etc. (These features all "live" on the provider's Host
computer system.)
Settlement:
The process of sending a merchant's batch to the network for processing and payment.
For non-bankcards, the issuer pays the merchant directly (less applicable fees)
and then bills the cardholder. For bankcards, the acquirer pays the merchant (less
applicable fees) with funds from Visa/MasterCard. The bankcard issuer then bills
the cardholder for the amount of the sale. Also see Capture.
Shopping Cart Software:
-These applications typically provide a means of capturing a client's Credit Card
information, but they rely on the Software Module of the Secure Gateway Provider,
in conjunction with the Secure Payment Gateway, in order to conduct secure Credit
Card transactions online.
-Any given shopping cart can work with any given Secure Gateway Provider, the only
requirement being that some computer code be written or provided to communicate
with the Secure Gateway of choice, and that this code be integrated into the Shopping
Cart Application.
Shopping Cart Software Providers:
Shopping Cart Software Providers are software companies that either produce, utilize
or resell Shopping Cart Applications (programs) that display merchandise and/or
services, and take orders for merchants.
Smart card:
A credit-type card that electronically stores account information in the card itself.
Software:
A POS Terminal Application or PC or Internet Application that runs transactions
and associated administration.
Sponsoring Bank:
A sponsoring bank is a chartered bank that has obtained membership in Visa or MasterCard
in order to allow a processor access to the Visa and MasterCard networks ( in order
to process these types of transactions).
-Since only a bank may join Visa or MasterCard, many processors make deals with
a sponsoring bank in order to gain access to the Visa and MasterCard networks.
-Because these sponsoring agreements are usually like a partnership, the line between
the sponsoring banks and their processors is not always clear; sometimes the partnership
is referred to by the name of the bank, while other times they are referred to by
the name of the processor.
SSL:
Secure sockets layer. Established industry standard that encrypts the channel between a web browser and web server to ensure the privacy and reliability of data transmitted over this channel.
T
Terminal:
Equipment used to capture, transmit and store credit card transactions.
Terminal Software:
Programming that determines the characteristics and features of the terminal.
Travel & Entertainment (T & E) cards:
Credit or charge card used by businesses for travel and entertainment expenses.
Examples of these cards are American Express, Diners Club, Carte Blanche and JCB.
Also see Corporate Cards.
Terminal Identification Number (TID):
A unique number assigned to each POS terminal.
Third-Party Processor:
A Third Party Processor is an independent processor that is contracted with by a
Bank or Processor to conduct some part of the transaction processing process.
-Some of these Third Party Processors specialize in running and hosting networks
of Point Of Sale (POS) terminals connected to their Host via dial out modem; they
produce the software in the POS terminals as well as in their host, and route authorization
requests to Visa or MasterCard as needed (MAPP, MDI, FDR, for example).
-Other Third Party Processors specialize in the Settlement of credit card transactions
with Visa and MasterCard so that merchants can be paid (FDR for example).
-In the world of Internet Credit Card Processing, the Secure Payment Gateway Provider
is another type of Third Party Processor.
Third Party Secure Payment Gateway:
In this model, the Third Party Secure Payment Gateway's server-computers have to
provide a connection between the merchant's web site and the Visa/MC (or Check)
Merchant Processor. This is done via telephone (or leased land line). The Merchant
Processor will receive the transaction through it's non-internet modem bank, and
then send the transaction through it's direct connection to the Card Network (like
Visa) for approval., The Merchant Processor returns a response via land line to
the Secure Payment Gateway, which encrypts the message and transmits it over the
web back to the originating secure web site host. The Third Party Secure Payment
Gateway is a different company than the Merchant Processor, and has it's own fees
that are separate from any Merchant Processing fees. Examples of these are Cybercash
and Authorize.net.
-Rather than try and create their own Secure Web System, many banks and bank/processor
alliances will use a Secure Payment Gateway Provider to perform this task for them.
U
V
Value Added Reseller (VAR):
Third-party vendor that enhances or modifies existing hardware or software, adding
value to the services provided by the processor or acquirer.
W
X
Y
Z