Payment Industry Glossary
The abbreviation 2DS stands for 2 Dimension Secure, a type of payment gateway that processes transactions without additional authentication.
The Three-Domain Secure (3D Secure) security protocol helps to protect online payments by enabling cardholders to authenticate themselves prior to card authorisation.
3DS or Three-Domain Secure represents a user authorisation protocol for card-not-present operations. It provides an additional layer of security for e-commerce transactions.
The primary electronic network for money movement in the United States; that facilitates the automatic transfer of money between depository accounts at participating banks.
An ACH transaction that was disputed or rejected by the issuing bank.
Acquirer is a bank or a financial institution that processes card transactions including credit or debit card payments on behalf of the merchant. An acquirer routes the payments to the card scheme, receives funds from the card scheme and settles them to the merchant. Acquirers pay an interchange fee for each card payment to the issuer, plus transaction-based fees to the card scheme.
An agreement between an ISV, ISO, or payment facilitator and the acquirer that sells processing services. This contract is negotiated and determines a variety of topics including but not limited to: processing rates, transaction fees, value added services, liability, and applicable service level agreements (SLAs).
Acquiring processors are the set of system that provide the connectivity to the networks or payment gateways to process transactions
An acquiring bank provides merchant accounts that allow a business to accept card payments and works in conjunction with the acquirer processor. In some cases the acquiring bank and acquirer processor are a single entity.
Fees charged for the verification of a credit cardholder’s address. This is typically performed via the Address Verification System (AVS), which verifies that the zip code submitted at the time of processing matches the zip code on the cardholder’s billing statement.
A system to verify a user’s address at varying levels of detail, such as the cardholder’s post/ZIP code, street address, city or state
Adverse media is a type of screening performed on individuals or businesses. The goal is to check for conviction or link to any criminal activity relating to financial crime (fraud, money-laundering, terrorism funding, etc.).
With respect to any entity, any other entity controlling or controlled by or under common control with such entity.
Affiliate payment processing is the fuel that drives affiliate marketing. Without the ability to make payments to affiliates, merchants won’t be able to benefit from this powerful business growth channel.
A company that provides services on behalf of a group of customers.
Fees associated with a credit card. This can include membership fees, as well as rewards costs.
Anti-money Laundering is a set of policies and procedures enforced by European directives and local regulations to prevent the use of financial systems for the purpose of money laundering.
An Application Program Interfaces (API) is a software intermediary that makes it possible for application programs to interact with each other and share data. This allows customisation of applications, depending on the needs of the user and can streamline day-to-day processes.
Apple Pay is a mobile payments service that utilises Near Field Communication (NFC) to initiate secure payments between Apple devices and contactless POS terminals.
A fee charged by the network to both issuing and acquiring banks in addition to the interchange fee. Assessments are how the networks generate revenue, taking a fee from each bank for every transaction.
The approval process from the acquirer to the issuer that the card has enough funds to cover a specific amount. The approval is sent from the processor of the acquirer to the processor of the issuer. An authorisation must complete in 9000 milliseconds before it times out.
The process of matching card transactions and outstanding documents for consistent, accurate and complete accounting.
Automatic payments are payments that are automatically debited from the payer’s bank account on a certain date/period for a specified amount.
Every payment card has an available balance that governs its purchasing power; this factors into the authorisation process.
Bank payment processing greatly simplifies paying for purchases online. Transaction processing occurs almost instantly, which is convenient for both the business and the client.
A banking licence is legally required in order to establish a bank. There are various prerequisites in order to obtain a banking licence, from capitalisation to an extensive business plan. These differ depending on the jurisdiction in which the business operates.
Fee charged for each submission of a batch file to a payment processor. Batch fee(s) are volume based fees charged for the processing load on the system that ingests and ultimately executes the transactions specified in a given batch file.
Business identifier code or BIC identifies the beneficiary’s bank and is essential while making cross-border payments.
Big Data refers to structured and unstructured data that is too large or too complex to be processed by a traditional data management application. Financial services use Big Data to better understand their customers’ behaviour using predictive data analytics. You will typically find Big Data implemented for sentiment analysis, fraud detection, fraud prevention and personalising customer interaction.
The first four to six digits of a card representing the unique identification number of the issuing or acquiring bank.
BIN sponsor is a bank or financial institution with a card scheme membership. BIN sponsor is the issuer of the card from a legal standpoint, with obligations towards authorities and card schemes for card issuance.
As a regulated financial institution licence holder, a BIN sponsor is authorised to hold cardholder funds.
Partnering with a BIN sponsor enables your company to avoid becoming a direct member of a scheme, whilst still controlling the end-customer relationship and the card’s branding.
BIN sponsors differ in terms of pricing, geographical coverage and scope of services
The abbreviation 2DS stands for 2 Dimension Secure, a type of payment gateway that processes transactions without additional authentication.
Many companies that have already implemented Bitcoin as a payment method liked the safety of online payments, the absence of fraud and chargebacks, as well as low transaction fees.
Blockchain is essentially a secure digital record of transactions. Each block contains data around an individual transaction such as date, time, amount and is designed to be difficult to alter. Blockchain is structured so that individual blocks are linked together in a single list, called a chain. They are popularly used in cryptocurrencies such as bitcoin. |
The use of blockchain in payment processing helps to mitigate operational risks during payment processing due to a distributed ledger-based accounting system.
A financial term that describes a common unit of measure. One basis point is equal to 1/100th of 1% or 0.01%.
A business case captures the reasoning for initiating a project or task. It should be presented in a well-structured written document, but may also sometimes come in the form of a short verbal argument or presentation.
The abbreviation 2DS stands for 2 Dimension Secure, a type of payment gateway that processes transactions without additional authentication.
Classifies any transaction or use case where a business sends money to a consumer.
The process of completing a transaction and the initiation of funds transfers by a merchant.
The process used by card manufacturers to encode cardholder data on the chip and magnetic stripe, and also imprint on the physical card body.
Card schemes are global card payment transaction processors. They receive payments from acquirers and route them to the issuer. Card schemes partner with card issuers, and with acquirers accepting payments made with those cards. While the core payment transaction service may be the same, card schemes can have differing segment and geographical focus areas, and offer scheme-specific features and pricing models.
Parameters set on a card to limit when, where, and how often cards can be used. These controls can include purchase amount, merchant ID, merchant category code (MCC), time/date, and more.
CVC or Сard Validation Code and CVV or Card Verification Value are 3-digit security authentication numbers printed on the magnetic stripe at the back of payment cards relied upon by the issuer to validate the presence of the actual card.
A transaction where the card cannot be physically presented to the merchant at the time of transaction as in the case of online transactions.
A transaction where the cardholder can present a physical card to the merchant. Transactions can be completed via swiping the card through a magnetic card reader, waving the card in front of a contactless payment terminal or inserting the card into a chip-reading device to request the transaction authorisation.
Cardholder means the end-customer using the card to execute a payment. A cardholder applies and receives the card from the issuer, and usually pays some form of service fee for the issuer. Fees may be baked into a subscription service form; alternatively the card can be free of charge but costs of issuing can be indirectly outweighed through increased customer usage, loyalty, and spending.
An electronic document that contains the public key of the certificate holder and which is attested to by a Certificate Authority and rendered unforgeable by cryptographic technology (signing with the private key of the certificate authority).
Fee charged for a chargeback. In the instance of a chargeback, additional work may be required to remediate the issue, including but not limited to: notifications, evidence collecting, escalation and others. Most if not all service providers involved in the transaction may charge chargeback fees to the end merchant that incurs the initial chargeback.
A card with a credit line from an issuing bank that has to be repaid in full at the end of the billing term – usually 30 days. Some software companies like Expensify adopt 1 day billing cycle to minimize risk.
A “chargeback” is the transaction made by the card issuer to the merchant’s acquiring bank because of a dispute, POS error, or fraud. An excessive number of chargebacks can result in issues with card networks who may refuse to onboard merchants on their networks.
The process of exchanging financial transaction details (but not actual funds) to facilitate the posting of that transaction to a cardholder’s account and reconciling an issuing bank’s settlement position.
A type of payment card typically attached to a line of credit that a user can make purchases against.
If the card manufacturer uses the chip already for someone else with a similar use (e.g. a different programme manager, Neobank etc.), then they can proceed with a CNS, thereby just changing some of the configurations of the chip.
A co-branded card is a credit or debit card that a retailer issues in partnership with a card network or financial institution. It can be used everywhere where bank cards are accepted.
This is the process of introducing a new product or production method into commerce—making it available on the market
The level of risk in a bank’s portfolio arising from concentration to a single counterparty, sector, or country.
Classifies any transaction where a consumer pays a business.
A card that uses near field communication (NFC) or other radio-frequency transmission protocols to initiate payments with POS terminals.
A Correlation ID, also known as a Transit ID, is a unique identifier value that is attached to requests and messages that allow reference to a particular Transaction or event chain.
Ensures that the settings of all payment card products comply with MasterCard’s brand specifications.
A type of payment card with a revolving credit line that a user can make purchases against. Any outstanding balances usually incur interest rate from the issuing bank.
A report that U.S. financial institutions are required to file with FinCEN for each deposit, withdrawal, exchange of currency or other payment, or transfer that exceeds a certain monetary threshold.
A bank, a financial institution, or other entity that is responsible for managing, administering, or safekeeping assets for other persons or institutions. A custodian holds assets to minimise risk of theft or loss, and does not actively trade or handle the assets.
Policies, practices, and procedures that enable a financial institution to predict with relative certainty the types of transactions in which the customer is likely to engage.
A type of payment card typically tied to funds held in a deposit account.
Also known as a mobile wallet, digital wallets are typically phone-based apps that store digital payment credentials and can be used to make purchases online and in-store. Also known as an E-wallet.
An amount withdrawn from an account.
Also known as a mobile wallet, digital wallets are typically phone-based apps that store digital payment credentials and can be used to make purchases online and in-store. Also known as an E-wallet.
Acquirers charge merchants in the form of a discount rate for handling card payments. Discount rates are charged from the transaction amount, so that card payments can be the same cost as cash payments to the consumers. In this case the interchange fees for the issuers are paid out of the merchant discount rate.
A virtual card is a debit or credit card that does not come with a physical card, but can instead be accessed via a website or mobile app. These can be used for most online purchases. A disposable virtual card can be used once, and then the card details are automatically erased, and new details are generated. These are generally used in order to protect against online card fraud.
Also known as a chargeback. A situation where a card owner, either a consumer or a business, is challenging the validity of a transaction, including an unauthorised purchase, or goods and services that were not delivered. Disputes are commonly handled between the cardholder, the issuing card program, card network, and merchant.
Dispute Management is to solve issues with the payment transaction and recover losses. Either it is initiated by the cardholder by disputing a transaction or the card issuer cannot support the processed transaction, e.g., no such card account. The requirement for the dispute management may come from the card scheme and/or from the local legislation.
Fee paid to the card network for use of their cards and to process transactions on their networks.
Fee paid to the card network for use of their cards and to process transactions on their networks.
E-commerce payment processing is a must for all companies or stores that sell their products or services online.
Fee that merchant(s) may incur as a result of the merchant terminating the processing agreement before the end of a specified period of time.
An electronic form of a check.
A reversed eCheck.
A failed eCheck.
In the payment world, EDI can be used to create and exchange purchase orders, invoices, bills, and other payment information paperlessly.
The electronic transfer of money from one bank account to another without bank interaction. One of the most widely-used EFT programs is direct deposit, through which payroll is deposited straight into an employee’s bank account.
Electronic money (e-money) is a digitally stored record of monetary value held by an issuer for the purpose of making payment transactions. These are issued by EMIs authorised to hold funds and issue e-money.
Electronic Money Institutions (EMI) are financial institutions granted a licence to issue e-money by a local financial regulatory body like FCA (UK), BaFIN (Germany), and BNB (Bulgaria).
Refers to natively building and incorporating payments processing as an integral part of a business offering or product.
EMI agents are third-party providers registered with the local regulatory body for the purpose of selling or marketing services of EMIs without the permission to hold customer funds.
Payment programs built for business-to-business applications (for example, for expense payment).
Fees charged to merchants to lease or for maintenance of payment processing equipment.
“For benefit of” (FBO) funds are held in an issuer bank account for stored value card programs.
Charges assessed by one entity to another.
Financial Regulators are national bodies that regulate and supervise the financial services and payment providers on the market. They are members of the European Banking Authority.
The trading of one currency for another. When a trade occurs, a fee is applied by the financial institutions of the receiving or originating institution.
The purpose of the fraud monitoring process is to minimise the losses for Issuers due to fraudulent card usage and provide safe and frictionless payment experience for cardholders.
Freelancers cooperate with a number of customers – individual entrepreneurs, self-employed people, and legal entities. This implies certain challenges in payments and this is what freelancer payment methods are for.
To prevent or restrict the exchange, withdrawal, liquidation, or use of assets or bank accounts. Unlike forfeiture, frozen property, equipment, funds, or other assets remain the property of the natural or legal person(s) that held an interest in them at the time of the freezing and may continue to be administered by third parties. The courts may decide to implement a freeze as a means to protect against flight.
Any business set up and controlled by another organisation. While not necessarily illicit, criminals use front companies to launder money by giving the funds the appearance of legitimate origin. Front companies may subsidise products and services at levels well below market rates or even below manufacturing costs.
A secure connection involved in the transmittal of a payment transaction message between the merchant point of sale and the acquiring processor.
Google Pay is a mobile payments service that utilises Near Field Communication (NFC) to initiate secure payments between Google devices and contactless POS terminals.
Funds that in a GPA are “open-loop” funds that can be used at any merchant, subject to authorisation controls.
A GPA Order refers to the direction of funds into a user’s general-purpose account (GPA).
A high risk business is one that carries more financial or reputational risks to payment intermediaries than a low-risk business.
International Bank Account Number is a standard numbering system used to facilitate cross-border bank payments.
Refers to an operation that has no additional effect if it is called more than once with the same input parameters; in the payment world, idempotency is important because it prevents requests from being processed repeatedly in the case of multiple, inadvertent submissions.
An ISO contracts with a member bank to provide merchant or cardholder solicitation. ISO representatives sell business payment processing solutions to merchants so they can accept card payments, as well as card readers and payment processing rate contracts for a given acquirer or ISO.
Refers to the act of building and incorporating payments processing into an existing business offering or product. This type of payments processing shares data between the business management system and the payments system.
An ISV is an individual or organisation that sells software that incorporates a payments strategy or processing as part of its product offering. This type of software is generally associated with an integrated payments approach.
Interchange fees are typically paid by the merchant’s bank (the acquirer) to the customer’s bank (the issuing bank) to cover the costs of handling the transactions. The interchange fee is a strong revenue stream for card issuers.
Payments made outside the geographical region of the issuer.
An international payment gateway is a technical solution that allows for authorising international card payments.
Fees charged by a payment processing service for reporting payment processing information directly to the IRS for a given merchant.
A card processor processes the transactions on behalf of the merchant or issuer. The processor receives, processes and forwards data between the card scheme and the merchant or issuer. Issuers are members of networks (Visa, Mastercard etc.) and are authorised to issue cards by setting up BIN programs. Issuers are either banks, electronic money institutions or payment institutions.
Connects directly with the networks and issuing banks to provide the system of record, manage issuance of cards, authorise transactions and communicate with settlement entities.
The issuing bank enters into a relationship with the cardholder, and enables cards on a given network. The issuing bank fills three primary roles in payment processing: it is a “network sponsor,” which means it can issue cards on a given network; it is a holder of prepaid funds (for example, for gift cards and other non-credit cards); and it is a “settlement point,” managing a consumer’s card account and paying out to the merchant’s account after a purchase.
The process of approving, declining, and funding card transactions in real-time based on business logic. Cards carry a £0 balance until the release of funds are authorised.
Anti-money laundering policies and procedures of employees of an institution for the purpose of detecting conflicts of interest, money laundering, past criminal activity, and suspicious activity.
Know Your Business, otherwise known as KYB, is the process whereby a business verifies the identity of their potential customer as a Business to Business partnership. It is the due diligence review of that business and industry which when reviewed against Money Laundering techniques, allows you to develop policies and assess suspicious activities or transactions. The target with KYC/KYB is to mitigate risk related to money laundering and other criminal activity. The process includes identification at the beginning of the customer relationship as well as periodical checks during the customer relationship.
Know Your Customer, otherwise known as KYC, is the process whereby a business verifies the identity of their potential customer as an individual. This process begins before any business relationship is established. KYC regulation requires payment facilitators and financial institutions to guard and mitigate risk against money laundering, terrorist funding, and other criminal activity. The process includes identification at the beginning of the customer relationship as well as periodical checks during the customer relationship.
Distancing illegal proceeds from their source by creating complex levels of financial transactions designed to disguise the audit trail and provide anonymity.
A ledger is traditionally the primary book detailing economic transactions. However, with the rise of digitised account keeping, it is also known as a distributed or shared ledger and is a consensus of digital data which is replicated, shared, and synchronised, geographically spread across multiple institutions, sites, or countries. Distributed ledgers inherently lack a central administrator and centralised data storage. One example of a distributed ledger is the blockchain system.
The term “ledger balance” refers to the amount of spendable funds.
The risk that lawsuits, adverse judgments or contracts that cannot be enforced may disrupt or harm a financial institution. Banks and financial institutions will be unable to protect themselves from legal risks if they do not practise due diligence in identifying customers and understanding and managing their exposure to money laundering.
A penalty or fee in a merchant agreement charged by the acquirer in the event an agreement is terminated early by the merchant to recoup costs associated with opening and maintaining the account.
The MATCH™ list, also called Terminated Merchant File (TMF), is a list maintained by Mastercard that identifies high-risk merchants or those that have been terminated by another entity within the last five years.
Merchants are legal entities allowed to accept card payments using virtual or physical POS terminals provided by Acquirers. Merchants pay a per-transaction fee to the acquiring bank.
A merchant account is a type of business bank account intended to accept electronic payments from customers.
The concept of a merchant account is all about online payments processing. The process of opening it involves the registration of an account for a legal entity in a banking institution to accept payments from Mastercard, Visa, and other payment systems.
The bank that manages the account of a merchant where funds from transactions are accumulated.
A four digit number identifying the type of activity performed by the merchant which is often used to identify the type of transaction being performed.
A merchant identification number, also known as MID, is a unique set of characters that identifies the business to a payment processing system.
Refers to funds allocated by merchants to power rewards programs (and accounts) that promote their brands (and partners’ brands) and to encourage brand loyalty.
Mobile payment is a transaction made using a portable device — a mobile phone or tablet. There are plenty of technologies that make mobile payments possible.
Mobile payments are all financial transactions made with smartphones, tablets, or other internet-enabled devices via apps, browser, or physical card readers.
A mobile wallet is a solution that enables its users to pay and accept payments with the help of a mobile phone without using cash or a bank account.
Card issuing and processing delivered via an open API platform that enables card issuers to create custom, flexible, and scalable payment card products.
Concealing the origins of illegally obtained money, typically by means of transfers involving foreign banks or legitimate businesses.
An element of a financial institution’s anti-money laundering program in which customer activity is reviewed for unusual or suspicious patterns, trends, or outlying transactions that do not fit a normal pattern. Transactions are often monitored using software that weighs the activity against a threshold of what is deemed “normal and expected” for the customer.
To describe funds in a merchant specific account that are allocated only for specific merchants or stores.
A card that works with multiple bank accounts in different currencies and dynamically selects the account that matches the currency of the transaction thus avoiding exchange rates.
The National Automated Clearing House Association, NACHA is a not-for-profit organisation that manages and governs the ACH Network, the backbone for the electronic movement of money and financial data in the United States. NACHA represents nearly 11,000 financial institutions across the United States.
In countries where the schemes are not processing the market directly, there are local third-party processors that facilitate the connectivity between local banks and Mastercard and Visa. For example, Borica is the national processor for all Bulgarian banks.
NFC or near-field communication is a technology that enables the exchange of digital content, making payments, and connecting digital devices via touching or just nearing one another.
Non Profit organisations that are not directly linked to the governments of specific countries, and perform a variety of service and humanitarian functions, including bringing citizen concerns to governments, advocating for causes, and encouraging political participation.
A card that can be loaded only once. Non-reloadable prepaid cards are often used for gift cards and vouchers.
A card that can be loaded only once. Non-reloadable prepaid cards are often used for online gift cards and online vouchers.
Fee charged to process and track transaction(s) that have been reversed due to insufficient funds.
A notice generated by a Receiving Depository Financial Institution in an ACH transaction to inform the Originating Depository Financial Institution of a change in the bank account being accessed in a transaction.
The ODFI functions as the interface between the ACH network and the originator of the transaction, confirming that transactions comply with the rules.
To combat fraud, many processors generate one time use virtual card numbers good for only one transaction (the number then becomes inactive).
OpenSSL is a software library to be used in applications that need to secure communications over computer networks against eavesdropping or need to ascertain the identity of the party at the other end. It has found wide use in internet web servers, serving a majority of all websites.
The risk of direct or indirect loss of operations due to inadequate or failed internal processes, people or systems, or as a result of external events. Public perception that a bank is not able to manage its operational risk effectively can disrupt or harm the business of the bank.
Any entity, institution or person initiating a debit or credit transaction through ACH.
Primary Account Number (PAN) is a 16 digit account number that uniquely identifies the scheme, issuing bank and cardholder.
A card that works with a pre funded bank account and immediately transfers funds from it.
Any of a set of physical properties whose values determine the characteristics or behaviour of something.
Payment and electronic money institutions can passportize their rights to perform services outside of their national boundaries by passporting their licence across other European Economic Area member states.
A payee is an individual or organisation that receives payment in any form, including cash, checks, or wire transfers.
In computing and telecommunications, the payload is the part of transmitted data that is the actual intended message. The payload excludes any headers or metadata sent solely to facilitate payload delivery.
Provisioning involves the transfer of money from one account to another, and involves a third party. Credit card, debit card, cheque, money transfers, and recurring cash or ACH (Automated Clearing House) disbursements are all electronic payments methods
The term “payment acceptance” means the process of accepting payments online or offline, or the share of successful payments out of all attempted payments.
A payment aggregator is a payment service model when a third-party PSP opens a master merchant account and uses it to process their clients transactions.
Fees associated with maintaining PCI compliance, including but not limited to: audit fees, external security assessment fees, infrastructure hosting fees (if cloud-based), and consulting fees (if needed in the absence of a formal compliance officer).
A payment facilitator (PayFac) is a payment service model that involves opening a master merchant account who wants to accept payments online or physically into an acquiring bank and registering clients as sub-merchants.
Fees charged by the gateway for the authorisation, capture, and or processing of transactions.
A payment gateway for multiple merchant accounts is software allowing you to connect more than one merchant account you have at different service providers.
Being able to accept online payments is crucial for travel businesses, and payment gateways make it possible.
A payment gateway for a website is a special technical solution that enables the website owner to accept online transactions from customers.
Payment methods are different ways in which purchasers pay, and merchants accept payments for the products and services.
The payment page is a web page designed to enable the purchasing process on your site. It is where customers enter their payment details to make a purchase.
A payment processor is a mediator (Software/technology) between a merchant and financial institutions, which is responsible for the entire transaction process.
A PSP (Payment Service Provider) is an entity that provides Merchants the ability to accept electronic payments. PSPs can connect to financial institutions, card and payment networks and manage relationships with them as a service to Merchants.
Payout or pay-out represents an act of paying out the funds to a recipient.
Payment Card Industry Data Security Standard (PCI DSS) is a document and standards developed in 2005 by the Payment Card Industry Security Standards Council to ensure the security of card payments. It constitutes an industry led program safeguarding personal information with the following controls, among other things: Merchants’ compliance with card network security requirements; general PCI DSS compliance by Merchants and their service providers with access to Cardholder or transaction data. Obtaining PCI DSS Level 1 is required for any institution that stores and processes sensitive credit card data.
Peer-to-peer transactions (also referred to as person-to-person transactions, P2P transactions, or P2P payments) are electronic money transfers made from one person to another through an intermediary, typically referred to as a P2P payment application.
A pending credit is unavailable for use by the card or account holder and does not affect purchasing power; typically, a pending credit results when a load has been accepted but the funding hasn’t yet cleared.
Point of sale is the Merchant location, app or website where a transaction by the cardholder to make a payment for goods or services with the cardholder present. Payment card information is used to forward the transaction to an acquiring bank. Typically, the card magnetic stripe is read and the Cardholder’s signature is obtained.
A politically exposed person (PEP) is a person who has a public status and functions. PEPs are usually subject to stricter measures due to a higher risk of potential involvement in corruption, bribery or money-laundering.
“Specified unlawful activities” whose proceeds, if involved in the subject transaction, can give rise to prosecution for money laundering. Most anti-money laundering laws contain a wide definition or listing of such underlying crimes. Predicate crimes are sometimes defined as felonies or “all offences in the criminal code.”
A type of payment card that holds a finite amount of funds and is not directly tied to a bank account or line of credit.
A card that has a prepayment balance without being connected to a bank account. Prepaid cards are often not accepted by merchants for hotels, car rentals, online purchases and other business-related bookings.
A cryptographic key that can be obtained and used by anyone to encrypt messages intended for a particular recipient, such that the encrypted messages can be deciphered only by using a second key that is known only to the recipient (the private key).
A card that is accepted by only one merchant.
Processed markets are one where schemes process transactions directly without the presence of a national processor.
A processor is a software system connected to the networks that process all transactions including Authorisation, Clearing, Settlement, or payment-related processing services for the Issuer. The link between a processor and an issuer is usually a configuration setup rather than an integration effort.
Businesses that manage a card program on behalf of the issuing bank. The Program Manager is responsible for defining the program, operating the program, and managing its profitability. The program manager typically is responsible for establishing relationships with processors, banks, payment networks and distributors and for establishing pooled account(s) at banks.
A prototype is an early sample or model of a product built to test a concept or process or to act as a model to be replicated or learned from. A prototype is generally used to evaluate a new design to enhance precision by system analysts and users. Prototyping serves to provide specifications for a real, working system rather than a theoretical one. In some design workflow models, creating a prototype (a process sometimes called materialisation) is the step between the formalisation and the evaluation of an idea.
Second Payment Services Directive (PSD2) is a EU Directive by the European Commission that regulates payment services and providers within the European Economic Area and the European Union.
Account Information Service allows third-party providers to access existing banks and provide an aggregate view of accounts, balances and transactions.
Payment Initiation Service allows initiation of payments from third-party systems connected to bank accounts after user consent.
The non-secret portion of the cryptographic method used for verification during a Transaction.
An X.509 Public Key Infrastructure (PKI) is implemented by Visa for issuing and managing digital certificates to be used in conjunction with Visa products and services. This PKI consists of a hierarchy of entities called CAs that issue certificates to “Subscribers” (that is, end-entities or other CAs) within the hierarchy.
A real-time payments standard that allows individuals or businesses to instantly transmit funds to a specific card on a given card network. Funds are generally available immediately up to a specified limit based on use case, and funds settle at the time they appear in the account, meaning there is no liability for funds availability.
Qualified Security Assessors are independent security organisations that are qualified to perform PCI Compliance audits.
An institution qualified to receive ACH entries transactions from an operator and credits or debits funds from their appropriate accounts.
An organisation or person that authorises the originator to initiate a bank transfer, either as a debit or credit to an account.
An accounting process to compare two sets of records incoming and outgoing funds to ensure the figures are in agreement and are accurate. Reconciliation is the key method for determining whether the incoming or outgoing funds in an account match the amount spent/returned and that the two values are balanced at the end of a given recording period.
An accounting process to compare two sets of records incoming and outgoing funds to ensure the figures are in agreement and are accurate. Reconciliation is the key method for determining whether the incoming or outgoing funds in an account match the amount spent/returned and that the two values are balanced at the end of a given recording period.
Recurring billing is repeated or regular payments carried out within a particular schedule. This payment scenario doesn’t require re-entering payment data.
Part of the chargeback process. Representment occurs when the merchant does not agree with the customer’s claims and will not accept the chargeback.
The potential that adverse publicity regarding a financial institution’s business practices and associations, whether accurate or not, will cause a loss of confidence in the integrity of the institution. Banks and other financial institutions are especially vulnerable to reputational risk because they can become a vehicle for, or a victim of, illegal activities perpetrated by customers.
Fee charged when a customer or the customer’s issuing bank requests a copy of a sales draft. Credit card processors charge a nominal fee to process the request.
The assessment of the varying risks associated with different types of businesses, clients, accounts, and transactions in order to maximise the effectiveness of an anti-money laundering program.
The assessment of the varying risks associated with different types of businesses, clients, accounts, and transactions in order to maximise the effectiveness of an anti-money laundering program.
Any problems with payments can lead to financial losses, and more importantly, customers’ refusal of the product. That’s what a SaaS gateway is for.
The way customers pay for the SaaS solutions, or billing process, can be referred to as SaaS payment processing.
Safeguarded or pooled accounts are used by electronic money institutions to store customer funds.
Samsung Pay is a mobile payments service that utilises Near Field Communication (NFC) to initiate secure payments between devices and contactless POS terminals.
Sanction lists are shared between governments and regulators to identify people who have been involved in financial crimes for the purpose of fraud prevention and anti-money laundering control.
A sandbox is a term used to describe a testing program for new business models that are not protected by existing regulations. This allows companies to test their new offering, prior to becoming fully licensed, within a representative environment.
Scheme or Networks (US term) are Mastercard, Visa, Amex and other networks that facilitate card payments.
The spot exchange rate charged by the schemes for a given transaction, currency, and date.
A payment gateway accompanies each transaction from start to finish, ensuring the protection of confidential card data and reducing the risk of breaches and fraudulent interventions.
Each payment involves at least two parties – a payer and a payee, and each is concerned about the security of their funds and all the data used while paying.
Secure payment processing is when the data and money of all parties involved in the transaction processing are protected based on specific standards, regulations, and measures.
A key requirement for every participant in the payment system is information security, which for the vast majority of users takes the form of the Payment Card Industry Data Security Standard (PCI DSS). This is a proprietary information security standard for merchants and card issuers handling credit cards branded with the major card network players: Visa, Mastercard, American Express, Discover (plus JCB in Japan). The standard was established to tighten security around cardholder data to reduce the potential for fraud.
To prohibit the transfer, conversion, disposition, or movement of funds or other assets on the basis of an action initiated by a competent authority or a court under a freezing mechanism. However, unlike a freeze, a seizure allows the competent authority to take control of specified funds or other assets. The seized assets remain the property of the person(s) or entity(ies) that held an interest in them at the time of the seizure, although the competent authority will often take over possession, administration, or management of the seized assets.
Settlement is the final stage of dual message transaction processing which is the actual movement of funds as part of the clearing process by which a merchants’ (acquirer) and a cardholders’ (issuer) banks exchange financial data and value (real funds).
Payment processing for small businesses represents a set of tools and services that allow business owners to accept, process and manage different types of payments from their customers.
SoapUI is an open-source web service testing application for service-oriented architectures (SOA) and representational state transfers (REST). Its functionality covers web service inspection, invoking, development, simulation and mocking, functional testing, load and compliance testing.
The term relates to the origin of the funds that are subject of movement between a Financial Institution and a customer.
SSL/TLS Client Certificate
Certificate used to verify the authentication of an end-entity to a server when a connection is being established through a Secure Socket Layer/Transport Layer Security (SSL/TLS) session (secure channel).
SSL/TLS Server Certificate
Certificate used to verify the authentication of a web or application server to the end-entity (client) when a connection is being established through a Secure Socket Layer/Transport Layer Security (SSL/TLS) session (secure channel).
A government-maintained list of codes identifying and classifying business types from which MCC codes used by card networks are derived.
Fees for statement services.
In the world of payment technology, a “store” refers to any place a merchant accepts payments. For example, a retailer might have a chain of (physical) stores plus one or more online “stores” and can accept card payments at each of them. There may be many stores (both real-world physical locations and e-commerce sites) to a given merchant.
To improve the security of online transactions, schemes enforce a strong customer authentication (SCA) method that uses 2 of the following 3 things: something the user has (credit card), something the user knows (password), something the customer is (biometrics).
A government filing required by reporting entities that includes a financial institution’s account of a questionable transaction. Many jurisdictions require financial institutions to report suspicious transactions to relevant government authorities. It is the Irregular or questionable customer behavior or activity that may be related to a money laundering or other criminal offense, or to the financing of terrorist activity. It may also refer to a transaction that is inconsistent with a customer’s known legitimate business, personal activities, or the normal level of activity for that kind of business or account.
Using the SWIFT code, you can make international payments for education, medical treatment or holidays abroad. It is also beneficial to transfer money to individuals outside the country.
The right to end an existing payment processing contract.
Third-party providers (TPP), service providers or often called Fintech companies that can be licensed under the PSD2 to manage electronic money, payment initiation and account information services.
The TID is used to uniquely identify a terminal originating a transaction, which can be a device with a card swipe capability or an e-commerce site. A TID can be used to identify the source of a transaction.
Tokenization is the practice of replacing and protecting a personal account number (PAN) with a substitute value using unique identification symbols, phrases or words, called a token. The process retains all the sensitive information without compromising the security of the data. If this substitute value is stolen, the ability to use it for fraudulent transactions is limited. It can be used to enhance e-commerce transaction security, without needing to incur additional costs for industry compliance and government regulations. Tokenization is governed by the PCI standard and requires certification and audit of any provider of the service prior to its use.
Apple Pay and other mobile payment services use tokenized cards to allow contactless transactions without the need of a plastic card.
The act between a Cardholder and a Merchant or an Acquirer that results in a transaction receipt, if applicable.
Two-way authentication creates a truststore and a keystore on both the client and the server. In Two-Way SSL authentication, the client and server need to authenticate and validate each other’s identities. The authentication message exchange between client and server is called an SSL handshake.
The natural persons who have significant ownership of, as well as those who exercise ultimate effective control over a legal person or arrangement.
The mode of interaction between a user and a computer system. A good UI provides a ‘user-friendly’ experience, meaning the way that a user interacts with the software or hardware is natural and intuitive.
Velocity limits or card limits are scheme enforced limits on cards to prevent frauds, and are configured by the issuer when a card program is set up.
A card that can be used for online transactions and does not have a physical plastic card. The card is generated with a unique card number to settle a particular transaction by an authorised user. Any type of card can be virtual including credit cards, debit cards and prepaid cards. They are often used for one-time, business-to-business payments.
A transaction that is cancelled before it processes and settles through a customer’s credit or debit card.
White label payment processing allows for having a personal electronic payment system that combines payment processing under your brand and internal customer accounts.
A white-label product is a product or service produced by one company that other companies rebrand to make it appear as if they had made it.
A near real-time transfer of funds between bank accounts. This feature is limited for bank to bank or intrabank transfers.
A withdrawal is a process of removing funds from a bank account without the intention of returning them.