Acronym for “authentication, authorization, and accounting.” Protocol for authenticating a user based on their verifiable identity, authorizing a user based on their user rights, and accounting for a user’s consumption of network resources.
Mechanisms that limit availability of information or information-processing resources only to authorized persons or applications.
Account data consists of cardholder data and/or sensitive authentication data.
Account number (Primary Account Number)
A unique sequence of numbers assigned to a cardholder account which identifies the issuer and type of financial transaction card.
A licensed member who maintains the merchant relationship and acquires the data relating to a transaction from the merchant or card acceptor and submits that data into the interchange, either directly or indirectly.
This is a yearly fee charged by some ISO’s and acquirers to maintain a merchant’s account. This is also called a renewal fee, subscription fee, or membership fee.
A process defined in operations regulations whereby a transaction is approved by or on behalf of, an issuer; commonly understood to be receiving of a sales validation by the merchant, by telephone, or authorisation terminal.
A code that notifies you that you have obtained the authorisation for a specific card transaction. Note: You should print this on the sales draft
Automated Teller Machine (ATM)
An unattended, magnetic stripe-reading terminal that dispenses cash; accepts deposits and loan payments; enables a bank customer to order transfers between accounts and make account enquiries.
The average amount of all transactions charged by a merchant on a monthly basis.
AVS (Address Verification System)
In 1996, Visa®/MasterCard® headquarters introduced a new regulation requiring all businesses who manually key in the majority of their credit card transactions to have a special fraud prevention feature on their credit card processing equipment. This feature is referred to as an address verification system (it checks to see that the billing address given by the customer matches the credit card). If you opt not to use AVS, VISA® and MasterCard® will not support your transactions and will charge you an additional percentage on those sales.
A debit or credit card issued by an issuing bank.
A collection of credit card transactions saved for submitting all at one time, usually each day. Merchants who do not have real-time verification systems must submit their transactions manually through a POS terminal.
The practice of collecting information to detect deceitful buyers or high risk merchants with purpose of preventing fraud in e-commerce is what is known as blacklisting.
The code that a lodging or car rental merchant gives to a cardholder. The cancellation code confirms that the cardholder did, indeed, cancel a reservation.
This is the fee charged by the ISO or acquirer if a merchant cancels his contract before the specified contract period expires.
A payment card industry governing body which sets rules and interchange rates. Visa, Mastercard, and American Express, are the three largest card associations in Europe.
The permission given by the bank to transfer cardholder’s capital into the merchant’s account is known as card authorisation.
Holding the fund from a debit or credit card transaction until the full transaction is captured is called pre-authorisation.
A physical device, often attached to a legitimate card-reading device, designed to illegitimately capture and/or store the information from a payment card.
Card Security Code
The anti-fraud measure in a form of a three or four digit number placed on a credit or a debit card is what is known as Card Security Code (CSC).
The customer to whom a card has been issued or the individual authorised to use the card.
A charge back occurs when a card holder disputes a credit card transaction with his or her credit card issuer. The card issuer initiates a charge back against the merchant account. The amount of the disputed transaction is immediately withdrawn from the merchant’s bank account, and the merchant has 10 days in which to dispute the charge back with proof of purchase, signature, proof of delivery, etc. A charge back is ultimately decided and resolved by the card association. A charge back fee is usually assessed to the merchant on top of the actual transaction. See also retrieval request.
The process of exchanging financial transaction details between an acquirer and an issuer to facilitate posting of a cardholder’s account and reconciliation of a customer’s settlement position.
A credit card issued jointly by a member bank and a merchant, bearing the “brand” of both.
“Code 10” Authorisation
This is a voice authorisation code which you might initiate when you suspect a card is stolen or fake, or when a customer is acting suspiciously.
A Web server that contains the software necessary for processing customer orders via the internet, including shopping cart programs, dynamic inventory databases, and online payment systems. Commerce servers are usually also secure servers.
A bankcard issued to companies for use by company employees. The liability for abuse of the card typically rests with the company and not with the employee.
A refund, or a return of goods by a consumer to the merchant
A plastic card bearing an account number assigned to a cardholder with a credit limit which can be used to purchase goods and services and to obtain cash disbursements on credit. The cardholder is subsequently billed by an issuer for repayment of the credit extended at once or on an installment basis.
Credit card processors (or third-party processors)
Merchant services providers that handle the details of processing credit card transactions between merchants, issuing banks, and merchant account providers.
The process by which the transaction currency is converted into the currency of settlement or the currency of the issuer for the purpose of facilitating transaction authorisation, clearing and settlement reporting. The currency of the transaction is determined by the acquirer; the currency of the issuer is the preferred currency used by the issuer, and most often, the currency in which the cardholder will be billed.
A plastic card used to initiate a debit transaction. In general, these transactions are used primarily to purchase goods and services and to obtain cash, for which the cardholder’s asset account is debited by the issuer.
Debit fees are based on the debit network which issues the debit card. Debit fees are comprised of network fees and transaction fees. It is usually a flat fee and a statement fee.
A consumer account set up to allow Ecommerce transactions through a particular credit card processing system. Before the consumer can make a purchase, he or she must first establish an account with the credit card processor, who provides an ID and password. These can then be used to make purchases from any website that supports that transaction system.
A record (usually paper) used to document that a product or service was purchased.
Electronic draft capture (EDC)
A system in which the transaction data is captured at the merchant location for processing and storage.
Electronic funds transfer (EFT)
A paperless transfer of funds initiated from a terminal, computer, telephone instrument, or magnetic tape.
Most credit card transactions are conducted electronically by using Electronic Draft Capture (see EDC). Typically this is performed by terminal (like the Verifone 670), Software or via the Internet.
The purchase of debts owed, or “accounts receivable,” in exchange for immediate payment at a discount. In Ecommerce, the term is often applied to ISOs that offer to process credit card transactions through their own merchant account rather than through an account established by the merchant, in exchange for a percentage of the transaction or other fee. Factoring of credit card debt is illegal.
A specific limit used to determine which card transactions you must authorise. If your business has a floor limit of £1,000 — you must get authorisation for any transaction over that amount. Note: All airline, telephone, and mail order transactions must be authorised, even if the amount is under your floor limit.
A portion of the revenue from a merchant’s credit card transactions, held in reserve by the merchant account provider to cover possible disputed charges, charge back fees, and other expenses. After a predetermined time, holdbacks are turned over to the merchant. Note: Merchant account providers almost never pay interest on holdbacks.
Offers various services to merchants and other service providers. Services range from simple to complex; from shared space on a server to a whole range of “shopping cart” options; from payment applications to connections to payment gateways and processors; and for hosting dedicated to just one customer per server. A hosting provider may be a shared hosting provider, who hosts multiple entities on a single server.
A physical impression you make from a customer’s card which appears on the draft. This proves that the card was present when the sale was made. Note: An imprint can be created electronically if you use a magnetic-stripe-reading terminal which includes the correct point-of-sale (POS) entry code.
A device to produce an image of the embossed characters of the bankcard on all copies of sales drafts and credit slips.
The fee that the Card Association charges the merchant to get the funds into his bank (merchant bank) and to get the billing information to the cardholder’s bank (issuing bank). Interchange fees are based on following credit card regulations and capturing appropriate data including pin codes, card swipe, address and electronic signatures as needed. These fees are also based on the timeliness of the settlement of transactions.
The member that enters into a contractual agreement with card associations to issue cards.
The bank that maintains the consumer’s credit card account and must pay out to the merchant’s account in the event of a credit card purchase. The issuing bank then bills the customer for the debt.
The magnetically encoded stripe on the bankcard plastic that contains information pertinent to the cardholder account. The physical and magnetic characteristics of the magnetic stripe are specified in ISO Standards 7810, 7811, and 7813.
Magnetic stripe reader
A device that reads information recorded on the magnetic stripe of a card. Also known as a card swipe reader.
An institution that participates in the programs offered by card associations such as issuers and acquirers.
A retailer, or any other person, firm, or corporation that (pursuant to a merchant agreement) agrees to accept credit cards, debit cards, or both, when properly presented.
A specialised bank approved and issued account to process credit card transactions. One of three parts needed to accept credit cards. Other parts required are a local bank business account (to deposit funds) and a processing solution (to access your merchant account) such as a terminal or gateway.
A bank that has entered into an agreement with a merchant to accept deposits generated by bankcard transactions; also called the acquirer or acquiring bank.
Merchant Identification Number (MID number)
The number a financial institution assigns to a merchant to identify your business.
This is a fee that is imposed if your credit card charges (Discount Rate) do not add up to their monthly minimum amount. For example, your monthly minimum is £25 a month. If your credit card discount rate was 2.25% and you processed £1000.00 in credit card volume, £22.50 is charged to the account plus an additional £2.50 (the difference between the £25.00 minimum and actual discount fees).
Also: The minimum amount in fees and percentages charged by a merchant services provider in a given month. If account activity does not generate the monthly minimum, the account holder must make up the difference.
Acronym for “Mail-Order/Telephone-Order.”
MO/TO discount rate
The discount rate charged by the merchant account provider for credit card transaction in which the actual credit card was not available to the merchant. MOTO discount rates are generally higher than card present rates to account for the increased chance of fraud or non-payment.
Acronym for “primary account number” and also referred to as “account number.” Unique payment card number (typically for credit or debit cards) that identifies the issuer and the particular cardholder account.
Payment gateway (see also – real-time processing)
The code that transmits a customer’s order to and from a merchant’s bank’s transaction-authorising agent — usually a MAP (merchant account provider). See also payment gateway provider.
Payment gateway provider
A company that provides code and/or software for an Ecommerce site to enable it to transfer information from its shopping cart to the acquiring bank, and on through the rest of the credit card transaction. See also payment gateway.
PCI rules prohibit the storage of cardholder information. All merchants and service providers that store, process, or transmit cardholder data are required to comply with PCI DSS. Compliance is not optional. Even the smallest businesses are required to complete an annual self-assessment form, implementing the 12 basic PCI requirements.
Personal Identification Number (PIN)
A four-to-twelve character secret code that allows an issuer to positively authenticate the cardholder for the purpose of approving an ATM or terminal transaction occurring at a point-of-interaction device.
A device, software or virtual product that allows you to connect to a Merchant Account. Without a processing solution, like a credit card terminal, there would be no way to verify, approve and deposit credit card transactions.
Purchasing card/Corporate card
Designed to help companies maintain control of purchases whilst reducing the administrative cost associated with authorising, tracking, paying, and reconciling those purchases.
Having your customer’s credit card information validated and processed for you automatically. The credit card will be charged and the money will be deposited into your bank account all automatically. This is perfect for an internet-based business.
A hardcopy document representing a transaction that took place at the point of sale, with a description that usually includes: date, merchant name/location, primary account number, amount and reference number.
Regular, usually monthly, charges for maintaining a merchant account. Recurring fees include the discount rate, transaction fees, statement fee, and monthly minimum.
A retrieval request is what happens when a cardholder cannot remember a credit card transaction, or the bank wants to order information for some reason. The card issuer initiates a retrieval request, in which the merchant has 10 days to respond with the order information or the retrieval request will turn into a charge back. There is usually a retrieval request fee issued against the merchant also in these cases.
SSL (secure socket layer)
A system for encrypting data sent over the Internet, including Ecommerce transactions and passwords. With SSL, client and server computers exchange public keys, allowing them to encode and decode their communication.
The process by which merchant and cardholder banks exchange financial data and value resulting from sales transactions, cash disbursements and merchandise credits.
Fees charged for establishing a merchant account, including application fees, software licensing fees, and equipment purchases.
A plastic card containing a computer chip that can store electronic “money.” Unlike a credit card, a smart card can only spend out the amount its owner has already put into the card account. It’s similar in function to a prepaid calling card but is available for all purchases.
Action between a cardholder and a merchant or a cardholder and a member that results in activity on the cardholder account.
The date that a cardholder effects a card purchase of goods, services, or other things of value, or effects a cash disbursement.
A charge for each credit card transaction, collected by the MAP (merchant account provider) or ISO. Transaction fees usually fall between £0.01 and £0.03 (UK.).
Virtual Payment Terminal
A virtual payment terminal is web-browser-based access to an acquirer, processor or third party service provider website to authorize payment card transactions, where the merchant manually enters payment card data via a securely connected web browser. Unlike physical terminals, virtual payment terminals do not read data directly from a payment card. Because payment card transactions are entered manually, virtual payment terminals are typically used instead of physical terminals in merchant environments with low transaction volumes.
The purpose of assigning a personal security password with 3-D Secure for online transactions is to ensure that only the cardholder can make use of it.