Payments A to Z glossary
A list of payment industry terms used throughout the emerchantpay website and documentation.
See two-factor authentication .
3D Secure (3DS)
Widely referred to as 3DS, Three-Domain Secure is a cardholder authentication protocol that provides an additional layer of security for online transactions. 3DS has been upgraded to 3DS2 to ensure a more seamless payment flow across different channels.
‘ACME’ is a fictitious name of a non-existent business [i.e. no real-world incorporation; no association with any industry, goods or services]. This fictitious name of a non-existent business is used solely for illustrative purposes. emerchantpay does not assume any responsibility in case of similarity with a verbal or graphic representation of an actual business.
Also referred to as an acquiring member or an acquiring bank, an acquirer is a financial institution that processes credit or debit card payments on behalf of merchants by securely routing the card payment data on to the relevant card scheme for authorisation by the issuer .
Acquirer Reference Number (ARN)
A unique number used to track credit or debit card transactions as they move from the merchant’s bank (i.e., the acquirer ) through the card scheme to the cardholder’s bank (i.e., the issuer ).
Address Verification Service (AVS)
A fraud management tool that verifies the billing address of the cardholder used in the transaction with the address associated with the cardholder’s bank account. AVS enables merchants to detect suspicious transaction activity and to prevent fraud.
Alternative Payment Method (APM)
Also referred to as a local payment method, is any form of payment that is not a cash or credit/debit card payment by a major bank. Examples include bank transfers , direct debit, digital wallets , mobile payments , Buy Now Pay Later (BNPL) payments, prepaid cards , and more.Local payment methods highlight alternative payment methods that are popular in specific regions or countries.
Application Programming Interface (API)
A set of protocols for building and integrating software applications. APIs enable different systems to interact with each other and exchange data. Examples of APIs include web services, remote APIs, SDKs, library-based APIs, frameworks, and more.
The procedure that enables a cardholder or merchant to resolve a chargeback -based dispute outside the judiciary courts. The dispute must be submitted only when both parties agree to initiate the procedure.
The process by which a credit or a debit card transaction of a specific amount is reserved by a card issuer . Authorisation is valid only for a set period of time, during which it can be cancelled or captured by the merchant to complete the transaction.For more information, see Capture vs authorisation: here’s what you need to know.
Authorisation approval expired
A transaction that was never submitted for processing will typically expire about 30 days (or four and a half weeks) after its initial authorisation .
The message merchants receive from the card issuer when an authorisation request is approved in the form of a code. This code is usually recorded on the transaction receipt as proof of authorisation.
Also known as an authorisation request fee, is the amount the merchant is charged each time a transaction is passed on to the issuer for authorisation. This fee applies regardless of the status of the authorisation (e.g., approved/declined/cancelled).Note that an authorisation fee is not the same as a transaction fee.
Any business day during which banks and other financial institutions are closed. Depending on the country, schools, retail stores, and businesses may be closed as well.
Bank Identification Number (BIN)
See Issuer Identification Number (IIN) .
A bank transfer is a payment method that allows the sending of money from one bank account to another, usually electronically.
The automatic processing of related transactions in a batch without cardholder interaction. Batch processing is different from transaction processing where each transaction is processed one at a time and is initiated by the cardholder.
The default currency used to issue invoices based on the cardholder’s billing country.
A business day is generally considered to be Monday through Friday, from 9:00 to 17:00 local time, excluding weekends and public holidays.When conducting international transactions, individuals and businesses should be aware that business days may vary per country due to a difference in the local public and bank holidays .
Buy Now Pay Later (BNPL)
An APM and a type of financing that allows customers to make purchases and pay for them later or in instalments, sometimes interest-free.
The submission of a credit or debit card transaction for processing and settlement after the payment method has been authorised. See also clearing .
See issuer .
Card not present (CnP)
A transaction in which the cardholder cannot physically present the card to the merchant at the time of sale. Examples include online payments or payments conducted via telephone, mail, or a mobile device.
Card present (CP)
A transaction in which the card is physically present and payment details are captured in person, at the time of purchase.Payment data can be captured by different card present transaction methods such as traditional countertop card machines, POS systems with card readers, contactless card terminals, or card readers connected to smart devices.
A technical and commercial arrangement set up to serve one or more card brands, which provides the organisational, legal, and operational framework necessary for the functioning of the services marketed by those brands. Visa and Mastercard are common card schemes.
Card Verification Code (CVC)
Also referred to as Card Verification Value (CVV), is an authentication code located at the back of the cardholder’s physical credit or debit card. The code is typically three digits (four digits in the case of American Express-branded cards) and is used during the authorisation process as an extra security layer in CNP transactions.
The individual or entity to whom a credit or a debit card is issued.
Cardholder Verification Method (CVM)
A method used to evaluate whether the person presenting the card is the legitimate cardholder at the moment of a sale. Examples of CVMs include a PIN number or signature.
Cardholder Verification Method (CVM) limit
The amount above which the terminal requires a CVM from the person presenting the card. Typically, contactless payment methods have CVM limits.
The act of reclaiming funds that have been paid to a merchant in instances of a dispute or improper card payment. The chargeback process is initiated by the cardholder’s issuer against the merchant for the transaction amount plus any applicable chargeback fees.A chargeback occurs because the cardholder has never received their goods or services, has been refused a refund, or has experienced fraud. Chargebacks normally take several business days for full settlement .
Chargeback Dispute Resolution Network (CDRN)
A network of issuers established by Verifi to help merchants resolve pre-dispute cases and prevent chargebacks . The CDRN provides chargeback alerts to participating merchants before a chargeback occurs, giving them up to 72 hours to resolve the case. Upgraded by the Rapid Dispute Resolution (RDR) tool.
The defined period in calendar days during which time the issuer can charge the transaction back to the acquirer . Although time limits may vary, the typical chargeback period should not exceed 120 days.
Chargeback reason code
A two-to-four-digit code used to identify the specific reason for the chargeback . The code is generated by the issuer involved with the chargeback.
The process of exchanging transaction details between an acquirer and an issuer from the moment a transaction is made until it is fully settled . The clearing process ensures that the transaction is reconciliated and settled according to the rules and frameworks governing the transaction.
Client-side encryption (CSE)
Also referred to as “ encryption at source”, is any encryption that is applied to sensitive data before it is transmitted from the sender’s device to a server.At emerchantpay, this refers to encryption that a merchant can apply in a server-to-server integration using the emerchantpay CSE library. Learn more here.
Contactless card payment
A debit or credit card transaction that is performed without the card (or chosen device) coming into direct contact with the card reader (e.g., inserting or swiping the card into the reader). The technology that enables this type of payment is NFC .Apple Pay, Google Pay, and Samsung Pay all use the standard NFC protocol and support contactless payments securely.
Also known as an international payment, is a transaction where the payer and the transaction recipient (i.e., the payee) are based in different countries. Some of the most common cross-border payment types are bank transfers , online credit and debit card payments, alternative payment methods , and mobile payments .
Also known as an eWallet, is a software-based application that securely stores virtual versions of debit and credit cards. Digital wallet owners can complete purchases via NFC technology and their preferred payment method using their smartphone or another device where the digital wallet is installed.Apple Pay, Google Pay and Samsung Pay are popular digital wallet examples.
Dynamic Currency Conversion (DCC)
Also referred to as Cardholder Preferred Currency (CPC), is a credit card feature that allows cardholders to make POS purchases or ATM cash withdrawals abroad using their card’s default currency.Typically, the cardholder has the option to choose whether to convert the transaction amount before proceeding, since exchange rates apply. If the cardholder chooses DCC, the related exchange rate information is displayed on the receipt.
Also known as electronic commerce or internet commerce, is the process of buying and selling goods and services on the internet. Although commonly used to refer only to online purchases, eCommerce can be any type of commercial transaction that is facilitated through the internet.
The end-to-end software solution that facilitates the buying and selling of goods and services online. Depending on the chosen eCommerce platforms, online retailers can have a suite of tools to manage and grow their business such as accounting, inventory, marketing, customer service infrastructure, and more.
Electronic Funds Transfer (EFT)
The electronic, paper-free transfer of money from one bank account to another. These transfers take place independently from bank employees. There are several types of EFT payments, some of the most common ones include e-checks (electronic checks), direct deposits, phone payments, ATM transactions, online, and card present transactions.
The process of encoding sensitive information or data before it is transmitted, with the goal of preventing fraudulent activities through unauthorised access to the data.
Europay, Mastercard, Visa (EMV)
A global standard for ensuring that chip cards and POS terminals operate seamlessly and successfully. The name stands for the three companies that originally developed the EMV standard – Europay, Mastercard, and Visa. The standard is now managed by EMVCo, a technical body with even control between Visa, Mastercard, JCB, American Express, China UnionPay, and Discover.
In accordance with Mastercard regulations, first presentment occurs when the acquirer submits transaction data via the Single or Dual Message System to the issuer after the cardholder’s account has been credited.In Dual Message System, this is a First Presentment/1240 message.
A maximum purchase amount for a single transaction that does not require the merchant to obtain terminal or telephone authorisation . Any transaction exceeding the floor limit must be authorised.
Foreign exchange (FX)
A method of converting money from one currency to another. Foreign exchange transactions can take place on the foreign exchange market, also known as the forex market.
Also known as a four-party scheme, the four main parties involved in an online transaction: cardholder , merchant , acquirer , and issuer .
Fraud or risk management are any processes, procedures, and technologies used to assess fraud risk within an organisation and to develop an anti-fraud programme that aims to deter fraudulent activity.
Payment fraud is any false or illegal transaction. It occurs when someone steals another individual’s or organisation’s payment and/or identity information and uses it to make an unauthorised transaction or purchase.
Any activity where a customer makes a purchase and then disputes the charge with their bank without having a legitimate reason to do so.
See payment gateway .
The process of identifying the geographical location of a user or computer device. Location-positioning services and location-aware apps are integral elements of geolocation technology.
A merchant who operates within a high-risk industry, such as gaming, gambling, travel services, subscription services, debt collection and so forth. Due to the nature of the business, the merchant is at a substantial risk for customer disputes, returns, fraud, or financial failure.
High-risk merchant account
A high-risk merchant account is a business that has been labelled by a PSP as having a higher risk of fraud or chargebacks and returns. High-risk merchant accounts typically pay higher processing fees because of the added risk.
Hosted payment page
The payment (or checkout) page of a merchant’s online store hosted on a separate PCI-compliant server. The merchant has the option to customise its look and feel, ideal for small to medium-size businesses looking to minimise their security requirements and development overhead.
The process of purchasing goods and services within an application on a mobile device, such as a smartphone or tablet. Payments are made either with cards or alternative payment methods (e.g., digital wallets). In-app payments provide a highly effective user experience as they allow the user to make a purchase without leaving the application.
Used to increase the total authorised transaction amount on a confirmed payment before it is captured . The incremental authorisation does not replace the original authorisation and it is in addition to a previously authorised amount. After capture, the pending authorisation disappears, and the total captured amount is shown as one entry.
Independent Sales Organisation (ISO)
A third-party company that sells card processing services independently from a financial firm or bank. ISOs usually partner with acquirers to find, open and manage merchant accounts on behalf of the merchant in exchange for a higher fee, or for a percentage of the merchant’s sales.
Interbank Card Association (ICA) number
A unique four-digit number assigned by Mastercard to identify the member bank involved in the processing of the transaction. The member could be a financial institution, third-party processor , or other party involved in the transaction.
A pricing model in the card processing industry which is mostly used in Europe and the United States. The model provides a transparent fee structure with a breakdown of the true costs charged by the relevant card issuer , card scheme , and acquirer processing a given transaction.
The fee the acquirer pays to the issuer for each card-based transaction made inside a card network. For cash transactions, the interchange fee is typically referred to as a reverse interchange and relates to the fee paid from the issuer to the acquirer. The fee is set by the bank card associations.
Internal Security Assessor (ISA)
A professional who has been certified by the PCI Security Standards Council and conducts internal security audits for a qualifying organisation. After successful PCI DSS training and certification, the professional can support and control the proper application of PCI DSS measures and controls within the qualifying organisation.
Also known as a card issuer or issuing bank, is a bank or other financial institution that issues payment cards to cardholders. When a cardholder makes a transaction, the funds are routed from the issuer through the card schemes to the acquirer . The issuer’s main role is to verify that the cardholder has enough funds or credit to cover the transaction.
Issuer Identification Number (IIN)
Also known as a Bank Identification Number (BIN), refers to the initial set of four to six numbers on a payment card that identifies the financial institution that issued the card. The number is unique to the issuer and its partnering provider and complies with the international standard ISO/IEC 7812.The purpose of the IIN is to identify the card issuer and inform acquirers and card issuers how to route a transaction.
Also known as a manually entered transaction, occurs when credit card information is manually entered in to a physical card terminal . Typically performed in a physical store when the customer’s card cannot be swiped and read by the terminal, or if the merchant’s card reader is malfunctioning.
Know Your Business (KYB)
The due diligence check of a business and industry against money laundering activities or other financial crimes. KYB checks allow businesses to determine whether they are dealing with legitimate businesses or fictitious shell companies.Similar to KYC , with KYC measures focused on identifying businesses and KYB on identifying customers.
Know Your Customer (KYC)
Also known as Know Your Client, KYC measures are designed to protect financial institutions against financial crimes. There are several steps involved in a KYC check: establishing the customer’s identity, understanding the nature of the customer’s activities, and qualifying the legitimate source of funds.
Local Payment Method (LPM)
See Alternative Payment Method (APM) .
Magnetic Swipe Reader (MSR)
Also known as a magstripe reader, MSR encompasses devices such as point-of-sale (POS) terminals and key card readers that read card data from the magnetic stripe on the back of a credit or a debit card.
Mail Order/Telephone Order (MOTO)
A form of card not present payment taken over the telephone, email, fax, or even via post. Customers provide their card details and merchants enter them into a virtual terminal to process the payment.
Manual Key Entry (MKE)
See key-entered transaction .
A platform where vendors can offer their products and services to a selected audience. In a form of an eCommerce website or a mobile app, online marketplaces typically earn a commission for each sale made via the platform. Examples of marketplaces include Amazon, eBay, and Etsy.
Any party that is involved in wholesale trade online or in physical locations. Merchants can operate in various industries such as eCommerce, retail, travel and hospitality, gambling, forex, and others.
A special type of a business bank account that allows businesses to accept and process electronic payments. In order to open a merchant account, businesses must partner with a merchant acquirer for the settlement of payment transactions.
The written contract between the merchant, the merchant acquirer and/or the PSP that entitles the merchant to accept card payments. The agreement details the full range of terms and conditions set out for both parties related to the acceptance of card transactions and other associated bank card activity.
Merchant Category Code (MCC)
A numerical code, typically four digits, used to classify business types by the type of goods and services they provide. Also referred to as a merchant classification code, an MCC is assigned to each merchant by the credit card processor .
Merchant Identification Number (MID)
A unique number that a PSP and/or acquirer assigns to a merchant as a part of their merchant agreement. A MID identifies the merchant and the legitimacy of the business and facilitates the movement of funds from the customer’s bank account to the merchant’s bank account.
Merchant of Record (MoR)
The entity that is responsible for processing a consumer’s credit and debit card transactions and takes on the liability related to each transaction. The MoR ensures compliance with the PCI DSS standard, handles all transactions, refunds, chargebacks , cancellations, and disputes, and monitors any laws where the transactions are taking place. The MoR is the name that appears on the consumer’s credit or debit card statement.
Merchant Plugin (MPI)
A software module designed to facilitate 3D Secure verification with the goal of preventing payment card fraud . MPI verifies the customer’s bank account number with its card issuer to determine if it is enrolled in the 3D Secure programme.
Mobile commerce (mCommerce)
The buying and selling of goods via wireless handheld devices such as smartphones, smartwatches, or any other personal digital assistant connected to the internet.
A payment made via a portable electronic device such as a smartphone, a smartwatch, or any other personal digital assistant connected to the internet.
Multi-currency processing (MCP)
Allows online businesses to accept payments from customers in their preferred local currency. MCP facilitates global expansion for businesses by enabling them to price and charge for goods and services in a variety of foreign currencies, while continuing to receive settlement and reporting in their domestic currency. See also settlement currency .
Near Field Communication (NFC)
A short-range wireless communication technology that facilitates the exchange of data between electronic devices. NFC is the technology that allows consumers to make payments with mobile wallet apps in their smartphones as well as via NFC-enabled credit and debit cards.
A database typically maintained by payment processors and credit card companies of cardholders who have been blacklisted due to frequent chargebacks or other suspicious transaction behaviour and fraud -related activities and disputes.
No Cardholder Verification Method (No CVM)
A method available for EMV cards where a transaction can be executed without the cardholder verification check. Typically, “no CVM” is selected for POS terminals and systems that do not support PIN or signature verification, and therefore they usually have a low transaction threshold. In such cases, merchants can filter for transactions for which another CVM check is needed.
Typical in the travel and hospitality industry, is a transaction where cardholders make hotel reservations in advance and do not complete the payment thereafter. In such cases, merchants can charge the cardholder a no-show fee in accordance with their cancellation policy. The cardholder also has the option to dispute the no-show charge with their card issuer .
Non-transactional bank account
Also referred to as a non-payment account, is a bank account that has restrictions on how funds can be paid in to and out of the account. Examples of non-payment accounts include savings accounts, retirement investment accounts, and fixed-term accounts.Typically, banks will place a limit on the number of transactions per month from such accounts. Once the limit is reached, the account becomes non-transactional and any attempts to withdraw or transfer money will result in a fee for returned or failed payments.
A transaction that is approved or declined via offline communication between the chip and PIN card and the card terminal . Risk parameters are embedded in the card such as a progressive offline transaction amount limit or a consecutive offline transaction limit. In offline authorisation there is no direct electronic communication or authorisation by the card issuer .
A card verification method for EMV chip cards. When the cardholder enters their PIN at the card terminal , the PIN is compared with the PIN stored on the chip card. With this type of EMV chip card, the cardholder verification can occur even when the terminal is not connected to a network.
Omnichannel payment solution
Also referred to as unified commerce, is a comprehensive solution for payment processing that allows merchants to integrate all of their payment channels—online, in-app, and point of sale —into a single record of their customer interactions.With an omnichannel payment solution, merchants can offer customers the ability to purchase goods online and return them in-store, for example.
A payment solution, especially popular among returning buyers, that enables customers to complete a payment without entering their full card details and credentials for every purchase. After their first transaction, customers are given the option to save their card details on the merchant’s website. After this, customers only need to enter their card’s CVC/CVV security code to complete an order.
This refers to a transaction that is approved or declined via real-time online verification with the card issuer .
A card verification method for EMV chip cards with magnetic stripes. When the cardholder enters their PIN at the card terminal, the PIN is encrypted and electronically sent to the card issuer for verification.
A card terminal that generates an online authorisation request for each transaction.
Pay by link (PBL)
A payment method which allows merchants to send a secure link with a predefined payment amount to customers, usually via email or text message. When the customer clicks on the link they are redirected to a secure payment page to complete the payment.
May be used in different contexts across the payments industry, but generally refers to a lump sum of money paid to an individual or a business entity. Pay-outs can also be in a form of an automated recurring payment or can be initiated on demand by the merchant.
Also referred to as a bank card, ATM card, or cash card, is a generic term for any physical card electronically linked to a bank account. The cardholder can use the card to pay for goods and services online and offline or to withdraw cash.
Payment Card Industry (PCI)
The payment card industry consists of all financial institutions which store, process, and transmit cardholder data. Often used to refer to the Payment Card Industry Data Security Standard (PCI DSS) security standards developed by the Payment Card Industry Security Standards Council (PCI SSC) .
Payment Card Industry Data Security Standard (PCI DSS)
Often referred to simply as PCI, a set of comprehensive requirements used to increase control around sensitive cardholder data and to help prevent card fraud and various security vulnerabilities and threats within the payment industry. The PCI DSS standard is set and managed by the Payment Card Industry Security Standards Council (PCI SSC) and aims to protect both consumers and financial institutions.
Payment Card Industry Security Standards Council (PCI SSC)
The body that governs and is responsible for administering the Payment Card Industry Data Security Standard (PCI DSS) standard.
The technology responsible for the authentication and secure transmission of payment data among all parties involved in a payment transaction. The payment gateway secures and encrypts the customer’s payment details and passes them from the transaction device to the issuer , and then to the acquirer for authorisation and approval. Once approved by the parties involved, the payment gateway sends back verification to the merchant.
The way a customer chooses to pay for goods and services. Payment methods include cash payments, card payments, bank transfers , digital wallets , mobile payments , and various alternative payment methods .
Also referred to as a checkout page, is a webpage designed to allow customers to purchase their selected goods and services from a merchant online easily and securely.
See Payment Service Provider (PSP) .
Payment Service Directive (PSD)
Its goal is to make payments between EU countries secure and direct by establishing a modern and comprehensive set of laws applicable to all payment services and PSPs in the European Union and the European Economic Area.The directive is administered by the European Commission and provides transparency and protection for consumers while governing the rights and obligations of PSPs and consumers.
Payment service provider (PSP)
Also known as a payment processor, a PSP is a third-party company that provides payment processing services to merchants. PSPs enable merchants to accept electronic payments through a variety of payment methods such as credit and debit cards, bank transfers , direct debits, digital wallets , alternative payment methods , and more.Typically, PSPs provide sellers with both a merchant account and a payment gateway , ensuring that each customer’s transaction is processed safely and securely.
Personal Identification Number (PIN)
A numeric or alpha-numeric code between four to 12 characters mainly used to authenticate the cardholder during ATM cash withdrawals or point of sale (POS) transactions. PINs are usually issued alongside payment cards and aim to provide additional security to the electronic transaction process.
Point of sale (POS)
The physical location, usually a retail store, where customers can make a purchase using a variety of payment methods such as credit or debit card, mobile payment , QR code payment, digital wallet , and many more. The term can also be used to refer to devices or software that process transactions such as cash registers and POS terminals .
Point of sale (POS) terminal/system
Refers to both the hardware and the software involved in a payment transaction made in person. POS terminals are usually situated at retail locations to allow easy and secure payment processing.In a typical scenario, a payment card is swiped, inserted, or tapped on the POS terminal, after which the customer enters their PIN (if required) to authenticate the transaction.
Point-to-Point Encryption (P2PE)
The standard established by the PCI SSC by which cardholder information is encrypted immediately at the point of capture , such as when the card is read by a POS terminal , and transmitted securely to the endpoint (usually to the card issuer ) for verification.
A payment card that is tied to previously added funds onto the card instead of to a bank account.
Primary Account Number (PAN)
Also referred to as a payment card number or simply a card number, a PAN is the unique series of digits embossed across the front of a payment card. A PAN can be anywhere from 14 to 19 digits depending on the account type.
Fees charged to merchants for processing payments from customers. The processing fee depends on the pricing model preferred by the payment processor , the level of risk per transaction, and the specific card type used.
Qualified Security Assessor
A professional or an organisation who has been qualified by the PCI Security Standards Council to validate and assess an entity’s adherence to the requirements of the Payment Card Industry Data Security Standard (PCI DSS) .
Quick Payment Service (QPS)
A programme developed by Mastercard to facilitate card acceptance and speed up high-volume transaction processing at busy locations. Particularly popular among fast-food chains and movie theatres, QPS allows merchants to process transactions without the usual cardholder signature requirement and/or without printing a receipt for the transaction unless requested by the customer.
Rapid Dispute Resolution (RDR)
A chargeback prevention tool developed by Verifi as an upgrade to the Chargeback Dispute Resolution Network (CDRN) . Driven by a rule-based engine, merchants can define in advance what types of disputes they would prefer to accept and refund automatically. This way, when the dispute rules are matched, the RDR will communicate with the acquirer to automatically debit the merchant’s account and issue a refund, thus preventing the dispute from becoming a chargeback.
The process of checking account balances against actual spending to ensure all financial records are legitimate, consistent, and up to date. Reconciliation takes place daily, weekly, or monthly depending on business needs.
Also referred to as subscription payments, is a type of payment whereby a merchant is authorised by the customer to charge funds from the customer’s account on a prearranged schedule. Recurring billing usually takes place at regular intervals such as monthly, quarterly, or annually.
An amount of money paid back to a customer, usually because they have returned goods or services they had previously purchased.
The act of transferring money from one party to another. Typically, remittance is associated with international money transfers, as the key distinction between remittance and a regular money transfer is the physical distance of the transfer.
The request for paperwork, either as an original or a legible copy, regarding a payment transaction. A retrieval request is typically filed by the cardholder’s issuer to a merchant when a suspicious transaction needs to be validated.
A set of services, techniques, and systems that analyse and filter transactions by their risk. An effective risk management process helps prevent or minimise potential financial threats to a business.
A risk management tactic used by PSPs , typically when dealing with high-risk merchant accounts . The payment processor withholds a pre-defined percentage of the merchant’s gross sales to cover possible disputed charges, chargeback fees, or other expenses.The held funds are deposited in a non-interest-bearing account for a predetermined amount of time. The rolling reserve conditions are defined in the merchant’s processing agreement with the PSP.
Fees charged by card schemes such as Visa, Mastercard, UnionPay, and more. The fee amount is determined by the corresponding card scheme and usually consists of a percentage of the total value of transactions and/or a fixed rate per transaction.Note that the scheme fee is determined in addition to the interchange fee.
Secure Sockets Layer (SSL)
A cryptographic protocol used for encrypting data between a web server and a web browser, or a mail server and a mail client. SSL allows sensitive information in eCommerce transactions such as passwords and credit card information to be transmitted securely.
Sensitive Authentication Data (SAD)
The information on a card used for authentication at the time of a purchase. Examples of SAD are card security codes ( CVC , CVV, CID, CAV, etc.), PINs , full magnetic-stripe data, and other data used for cardholder verification and payment authorisation. SAD must be deleted as soon as the purchase has been made and cannot be stored even in an encrypted format.
An integration option that enables two servers or systems to communicate with each other. In payment processing, a server-to-server integration allows businesses to have full control over the transaction process and design a custom payment flow for their customers. This integration method is mostly suitable for enterprise businesses that are PCI-compliant .
The final step in a typical payment transaction. It refers to transaction requests that have been completed successfully and transferred as payments to the merchant’s bank account. The timeframe of a settlement depends on the merchant’s agreement with their PSP .
Settlement currency (payment currency)
The currency in which a payment is finalised and processed. See settlement .
The date when a purchase or sale is finalised and the buyer must transfer payment to the merchant while the merchant delivers the purchased goods or services to the buyer. See settlement .
Software with an intuitive user interface that facilitates the purchase of goods and services in an eCommerce environment. The shopping cart is integrated into the merchant’s website or online store, allowing customers to add or delete desired items from their virtual cart and complete the purchase on a checkout page.
Single Euro Payment Area (SEPA)
An EU initiative created to simplify and improve efficiency on all types of cross-border euro payments made between countries in the eurozone. The scope of the network currently covers 36 countries and territories within Europe.
An illegal activity in which thieves capture payment and personal information from a cardholder.
The process of using social media and networking websites as means to promote and sell commercial products and services.By embedding the shopping experience into a platform such as Pinterest or Instagram, customers can browse items and pay for their purchase without leaving the social media app or website.
Strong Customer Authentication (SCA)
A crucial component of the Payment Service Directive (PSD2) legislation that aims to add an extra layer of security to electronic payments.SCA applies to the European Economic Area and the United Kingdom and requires payment institutions to apply a combination of two forms of security credentials at checkout. Known as two-factor authentication (2FA) , an example is entering both a password and a fingerprint for mobile payment authentication.
See recurring payment/billing .
An additional fee which merchants charge customers to bear the costs for processing cheques and card payments.
Technical fallback transaction
Occurs when an EMV reader cannot read the chip on a payment card either because of a technical issue with the chip or the terminal. In this case, the transaction can be processed using the fallback of the card’s magnetic stripe or another method.
Terminal Identification Number (TIN/TID)
A unique number assigned to every POS device to identify the source of payment card transactions. Typically, the number is eight digits long and is provided by the bank or the merchant service provider with which a business has set up a merchant account .
The European Economic Area (EEA)
The EEA agreement that came into effect in 1994 aims to strengthen trade and economic relations between the contracting parties in the European region. The agreement covers the four fundamental pillars of the internet market – i.e., the free movement of goods, people, services, and capital.The European Economic Area consists of the Member States of the European Union (EU) and three countries of the European Free Trade Association (EFTA) – namely, Iceland, Liechtenstein, and Norway. The United Kingdom and Switzerland are not part of the EEA.
The Financial Conduct Authority (FCA)
The financial regulatory body and conduct regulator of the financial services industry in the UK. Its roles include protecting consumers, keeping the financial services industry stable, and promoting healthy competition between financial service providers.The conduct regulator is based in the United Kingdom but operates independently of the UK government.
The process of substituting sensitive data, such as a credit card number, with “tokens” — i.e., non-sensitive data that has no meaningful value if breached. By employing credit card tokenisation, merchants can transmit data between networks securely without exposing sensitive customer data and card information.
Travel & Entertainment (T&E cards)
Typically a charge card used to pay for hotel reservations, airline, and other business-related expenses. American Express and Diners Club cards are often referred to as travel and entertainment cards.
Two-factor authentication (2FA)
The security measure of requiring a combination of two forms of security credentials for authentication. An example is entering both a password and a fingerprint for mobile payment authentication.
Any account charges which have not been authorised by the cardholder. In most cases, unauthorised charges result from credit card theft where the cardholder has the right to file a dispute in a timely manner.
Also referred to as merchant underwriting, the process of assessing all potential risks relevant to a merchant account such as business financial history, obligations, and trustworthiness. A PSP will perform merchant underwriting as the initial step of the application process.
Value Added Tax (VAT)
Also known as Goods and Services Tax (GST), is a consumption tax determined on the value added in each stage of the production of goods and services. The VAT applies across the European Union, the United Kingdom, and several other countries globally.
Verified by Visa (VBV)
А global authentication service that provides merchants with an extra layer of protection from fraudulent transactions and chargebacks . VBV verifies the cardholder’s identity securely when a Visa card is used online.
A web-based application that allows merchants to manually enter card details to accept a transaction on behalf of the cardholder. Virtual terminals are used to facilitate MOTO transactions.
Created by Visa, an electronic payment network that provides worldwide payment transaction processing, risk management services, and commercial payment products among other capabilities.
Voice payments are facilitated through technology that allows consumers to make purchases verbally, usually in conjunction with a voice assistant powered by a portable smart device.
A void transaction is a transaction that is cancelled before the payment has been fully processed (e.g., the payment has been authorised but not settled ). Voided transactions typically show up as pending transactions until the process is completed and disappear from the cardholder’s account statement within 24 hours.
Zero liability policy
A policy provided by the major credit card issuers to protect cardholders from unauthorised card use. Any fraudulent charges that are reported by the cardholder or detected by the card issuer will be removed from the cardholder’s account.
A policy which requires merchants to obtain authorisation on all transactions, regardless of their value. By contrast, some merchants operate with a predefined threshold known as the floor limit , in which authorisation is required only if the transaction amount is above the threshold.
A zero-value authorisation , also known as zero-dollar authorisation, is a verification method in which cardholders can make a transaction where no amount is charged to their card.