Glossary: Payment Processing Terminology

Click on the letter below to view glossary terms A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Term Definition
3D Secure
3-D Secure is an XML based protocol designed to be an additional security layer for online credit and debit card transactions.(Card Not Present or CNP ecommerce and online payments). It goes by different names depending on the card brand; Visa Secure (formerly Verified by Visa), MasterCard SecureCode, American Express SafeKey, J/Secure.
During checkout, a transaction using 3-D Secure will initiate a redirection to the website of the card issuing bank to authorize the transaction. Each issuer could use any kind of authentication method including instant mobile text password (the protocol does not cover this).  Now mandated in some countries,
3D Secure 2.0 was a complete reprogram, based on input from all the stakeholders, to reduce friction at checkout.
3-D Secure is the only cardholder identity verification method recognized by the card brands that shifts certain types of fraud liability to the issuer. Card brands state merchants will have increased approvals using this protocol.
An abbreviation for Automated Clearing House, a widely used system for processing automated electronic deposits directly into and withdrawals from bank accounts. Example, a consumer requests that their utility bill be paid automatically via ACH monthly. The utility generates the variable request for payment from the consumers bank account on file.
The bank or financial institution that accepts credit and or debit card payments (acquires transactions) for products or services on behalf of a merchant. The merchant account contract is held with the acquirer. Acquirers are known by different names. They can be referred to as a bank, a merchant bank, a processor, or an independent sales organization (ISO)Example: First Data Merchant Services is an acquirer. First Payment Systems is an ISO offering acquiring on the First Data platform.
Audit Logs
A registry that shows the identifier, date, and time that the stored data is accessed.
The process by which a card issuer approves or declines a credit card purchase. Authorization occurs automatically when you swipe the magnetic stripe of a payment card through a card reader. See also: Voice Authorization Center
Basis Point
unit that is equal to 1/100th of a percentage point. Basis points are used in the credit card processing industry to denote a rate change, or the difference (spread) between two interest rates. This is partially due to the large effect of small changes. For example 10 basis points = .001 or .1%. See also, Merchant Discount.
Abbreviation for basis point.
Call or Call Center
A response to a merchant’s authorization request indicating that the card issuer needs more information about the card or cardholder before a transaction can be approved; also called a referral response.
Card expiration date
See: Good Thru date
Card security features
The alphanumeric, pictorial, and other design elements that appear on the front and back of all valid credit and debit cards. Card-Present merchants must check these features when processing a transaction at the point of sale to ensure that a card is valid.
Card Verification Value 2 (CVV2)
A fraud prevention system used in card-not-present transactions to ensure that the card is valid. The CVV2 is the three or four digit value that is printed on the back of credit cards. Card-not-present merchants ask the customer for the CVV2 and submit it as part of their authorization request. For information security purposes, merchants are prohibited from storing CVV2 data.
The person to whom a credit card is issued.
Cardholder Information Security Program (CISP)
A program that establishes data security standards, procedures, and tools for all entities – merchants, service providers, issuers, and merchant banks – that store cardholder account information. CISP compliance is mandatory.
A merchant, market, or sales environment in which transactions are completed without a valid credit card or cardholder being present. Card-not-present is used to refer to mail order, telephone order, and Internet merchants and sales environments.
A merchant, market or sales environment in which transactions can be completed only if both a valid credit card and cardholder are present. Card-Present transactions include traditional retail – department, grocery, and electronics stores as well as boutiques, etc. – cash disbursements, and self-service situations, such as gas stations and grocery stores, where cardholders use unattended payment devices. Track data from the magnetic swipe is the primary proof that a customer was present and a signature or pin entry is required.
This term refers to a person who works in a main cashiering station. The primary function of this individual is cash handling, payment processing, and or check processing.
A merchant centric, enterprise payment processing platform to securely accept payments through all channels, including retail, MOTO, ecommerce, mobile, ebpp, online payments. Includes virtual terminal and payment gateway.
CenPOS account identifier. Each merchant account can have one or more CenPOS MID’s. For example, one each for department to coincide with internal revenue reports.
A transaction that is returned as a financial liability to a merchant bank by a card issuer, usually because of a disputed transaction. The merchant bank may then return or “charge back” the transaction to the merchant.
Cardholder Information Security Program developed by Visa and applicable to all merchants who accept Visa credit cards.
Code 10 call
A call made to the merchant’s voice authorization center when the appearance of a card or the actions of a cardholder suggest the possiblity of fraud. The term “Code 10” is used so calls can be made without arousing suspicion while the cardholder is present. Specially trained operators then provide assistance to point-of-sale staff on how to handle the transaction.
Copy request
A request by a card issuer to a merchant bank for a copy or facsimile of a sales receipt for a disputed transaction. Depending on where sales receipts are stored, the merchant bank either fulfills the copy request itself or forwards it to the merchant for fulfillment. A copy request is also known as a retrieval request.
Credit receipt
A receipt that documents a refund or price adjustment a merchant has made or is making to a cardholder’s account; also called a credit voucher.
Cross Cut Shredding
The process of using a shredder to cut paper both vertically and horizontally to more completely destroy documents.
One way of completely removing information from electronic media so that it can no longer be retrieved. Degaussing demagnetizes the media, which erases the data.
Merchants are required to inform cardholders about their policies for merchandise returns, service cancellations, and refunds. How this information is conveyed, or disclosed, varies for Card-Present and Card-Not-Present merchants, but in general, disclosure must occur before a cardholder signs a receipt to complete the transaction.E
Abbreviation for electronic bill presentment & payment.
Abbreviation for electronic funds transfer. Example, a consumer logs into their bank account online to pay their electric bill. The  electric company is on a list of service providers in the bank bill pay system, so a check is not issued. The payment is made via EFT.
A formal request for payment submitted to a customer or client when requesting payment for services or goods delivered. It usually consists of a written record of a transaction. Also known as a “bill” and, occasionally, as a “statement” on the supplier’s letterhead, addressed to business with terms and remit address.
Electronic Bill Presentment & Payment
Electronically delivery of an invoice with a mechanism for electronic payment. Examples: Invoice delivered as PDF attachment to email or text message and a liink is provided to a secure portal where payment can be made.
EMV is a global standard for credit and debit payment cards based on chip card technology. EMV comes from the initial letters of Europay, MasterCard and VISA, the three companies which originally cooperated to develop the standard for interoperation of IC cards (“Chip cards”) and IC capable POS terminals and ATM’s, for authenticating credit and debit card payments. CLICK long version EMV definition
EMV Chip
EMV chip-based payment cards, also known as smart cards, contain an embedded microprocessor, a type of small computer. The microprocessor chip contains the information needed to use the card for payment, and is protected by various security features.
Endorse a check
To sign, stamp, or imprint the back of a check as evidence of the legal transfer of its ownership.
Encrypted data
Data converted to a code for security purposes
External Scans
A process performed by a PCI-certified assessment partner to scan the IP address of the Web portals that accept credit card information for vulnerability in firewalls, virus protection, software, and security. UCSC uses Trustwave to conduct these scans and administer PCI questionnaires.
A security tool that blocks access from the Internet to files on a merchant’s or third-party processor’s server and is used to ensure the safety of sensitive cardholder data stored on a server.
Good Thru date
The date after which a bankcard is no longer valid, embossed on the front of all valid credit cards. The Good Thru date is one of the card security features that should be checked by merchants to ensure that a Card-Present transaction is valid. Also known as the Card expiration date.
High-risk merchant
A merchant that is at a high risk for chargebacks due to the nature of its business. High-risk merchants include direct marketers, travel services, outbound telemarketers, inbound teleservices, and betting establishments.
ISO Independent Service Organization
Performs acquiring services. An organization that is not an Association (Visa & MasterCard) Member, but has a relationship with an Association Member (banks) who participates acquiring functions. ISO’s developed to provide greater competition and choice in the marketplace for merchants.
Individual accountability
For financial control purposes, individual accountability is the delegation of authority to qualified persons to initiate, approve, process and review business transactions and the holding of those persons responsible for the validity, correctness and appropriateness of their actions.
Each individual’s involvement who touched a transaction can be identified by computer ID, cashier ID on a cash register, handler ID on an endorsement stamp, signature or initials any of which uniquely identify the individual.
Individual Taxpayer Identification Number (ITIN)
A tax processing number issued by the Internal Revenue Service to people who are not eligible to receive a Social Security Number (SSN). An ITIN begins with “9” and has the same format as a SSN (###-##-####).
Interchange is a term used to describe the portion of fees a merchant pays to their credit card processor processor, which the processor MUST pay to the customer card issuer. Interchange consists of a percentage of the sale and a per transaction fee, and dues and assessments. There is no exception- all merchants pay interchange, though the description of the payment may vary. Since 2009, there has been a plethora of new mandatory fees to process credit card transactions if the merchant is on interchange plus pricing. These additional fixed fees such as NABU fees are not technically interchange, but because they are non-negotiable, they are frequently referred to as interchange fees.
Interchange Optimization
An automated process that edits each transaction and enriches the data elements to ensure that each transaction qualifies for the lowest rate possible for any given card and transaction type.
Interchange Management
Interchange management is a system to analyze whether each transaction qualifies for the lowest rate possible for any given card and transaction type. It may be an automated or manual process.
A formal request for payment submitted to a customer or client when requesting payment for services or goods delivered. It usually consists of a written record of a transaction. Also known as a “bill” and, occasionally, as a “statement” on the supplier’s letterhead, addressed to business with terms and remit address.
(IP) Internet Protocol address
A unique number that is used to represent individual computers in a network. All computers on the Internet have a unique IP address that is used to route messages to the correct destination.
A formal request for payment submitted to a customer or client when requesting payment for services or goods delivered. It usually consists of a written record of a transaction. Also known as a “bill” and, occasionally, as a “statement” on the supplier’s letterhead, addressed to business with terms and remit address.
The issuer is the bank or other organization that issues that payment card on behalf of the payment brand or directly by the payment brand. Visa and MasterCard do not issue cards. Their cards are issued through a bank or other organization. American Express, Discover, and JCB International will issue cards directly, and will also acquire those transactions.
Key-entered transaction
A transaction that is manually keyed into a point-of-sale or virdevice.
Least Cost Routing
Least cost routing in the payment processing world is processing any given type of payment via the route that will result in the lowest cost to the merchant. The system must identify the card issuing bank and other factors, then dynamically make intelligent decisions to route the transaction. Example: Routing a retail transaction to the lowest cost pin debit network among mulitple choices vs signature debit.
Level 3 data
Also known as level III data. To qualify for level III interchange rates on corporate, business and purchasing cards, additional data must be submitted with the transaction. The data and applicable cartd types vary by card brand. Some items include Ship to/from ZIP code, Destination country code,VA/ tax amount, invoice, reference number, Discount amount, Freight/shipping amount, Duty amount, Order date. Submitting level III data does not guarantee qualification for level III interchange rates. Additional requirements must also be met, including but not limited to using a level 3 processor and level 3 payment gateway.
Merchant bank
A financial institution that enters into agreements with merchants to accept credit cards as payment for goods and services; also called acquirers or acquiring banks
Merchant location
Magnetic stripe
The black stripe on the back of every credit card. The stripe contains magnetically encoded personal information of the cardholder as well as the credit card number. Comparing the credit card number on the magnetic stripe to the raised credit card number on the front of the card may identify a fraudulent card. A point-of-sale device electronically reads the information on a payment card’s magnetic stripe when the card is swiped through the reader.
Merchants are the organizations accepting payment, usually in exchange for goods or services.
Mail order/telephone order (MO/TO) merchant account
A merchant, market, or sales environment in which mail or telephone sales are the primary or a major source of income. See also: Card-not-present
Merchant agreement
The contract between a merchant and a merchant bank under which the merchant participates in a credit card company’s payment system, accepts credit cards for payment of goods and services, and agrees to abide by certain rules governing the acceptance and processing of credit card transactions. Merchant agreements may stipulate merchant liability with regard to chargebacks and may specify time frames within which merchants are to deposit transactions and respond to requests for information.
Merchant bank
A financial institution that enters into agreements with merchants to accept credit cards as payment for goods and services; also called acquirers or acquiring banks
Merchant location
Any university business unit that accepts credit cards as a form of payment (i.e. legal tender), including retail and web-based operations.
Abbreviation for Near Field Communication. NFC allows for simplified transactions, data exchange, and wireless connections between two devices in close proximity to each other, usually by no more than a few centimeters. For payments, the customer device, usually a mobile phone, is placed near or waved at the merchant receiving device to make the payment.
An abbreviation for Payment Application Data Security Standard, the security requirements applicable to software applications for collecting, transmistting, and protecting credit card information.
 PAN Primary Account Number- the digits in a credit card or debit card.
 PAN Truncation PAN Truncation is a measure to decrease credit card fraud by replacing digits with asterisks (or alternative), preventing most of the digits in a credit card, debit card from appearing on printed receipts, or in electronic storage.
 PAR Payment Account Reference (PAR) is a new data element introduced by EMVCo in January, 2016. PAR is a value that allows acquirers and merchants to link tokenized transactions to transactions that are based on the underlying PAN. PAR is generated and linked to a PAN (and successor PANs associated with the underlying issuer customer account) and will also be associated with all affiliated Payment Tokens when a PAN is tokenized.

PAR cannot be used to initiate payment transactions nor reverse engineered to obtain PAN data.

PCI Compliance
An abbreviation for Payment Card Industry Compliance; a merchants’ agreement to have met all PCI DSS security requirements applicable as the standard for protecting credit card information.
PCI Security Standards Council

The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.

The Council’s five founding global payment brands — American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. — have agreed to incorporate the PCI DSS as the technical requirements of each of their data security compliance programs.

An abbreviation for Payment Card Industry Data Security Standards. PCI DSS is a set of standards that all organizations, including online retailers, must follow when storing, processing and transmitting their customer’s credit card data.
Payment gateway
A system that provides services to Internet merchants for the secure authorization and clearing of online credit card transactions.
Payment gateway
A system that provides services to Internet merchants for the secure authorization and clearing of online credit card transactions.
The entry of a secure code, known only to the card holder, into an approved pin debit device. The transaction is processed through the debit networks instead of credit networks. Example: Pulse, Interlink.
The entry of a secure code known only to the card holder without pin debit hardware, i.e. internet transactions. The transaction is processed through the debit networks instead of credit networks. Example: Pulse, Interlink. This service is restricted to certain industries and card brands. Example: Higher Education, Utilities.
Pick-up response
This response indicates that the card issuer would like the card to be confiscated from the customer. This action could potentially cause confrontation and safety issues.
Point-of-sale terminal (POS terminal)
The electronic device used for authorizing and processing bankcard transactions at the point of sale.
To affix a date on a check that is later than the date the check is actually written.
Printed number
A four-digit number that is printed below the first four digits of the printed or embossed account number on valid credit cards. The four-digit printed number should be the same as the first four digits of the account number above it. The printed four-digit number is one of the card security features that merchants should check to ensure that a Card-Present transaction is valid.
A purchasing card issued to an authorized employee for the purpose of making low cost purchases of routine supply items.
Qualified Integrators & Resellers (QIR)™
A Qualified Integrator & Reseller (QIR) is an organization that is authorized by the PCI Security Standards Council to “implement, configure and/or support” PA-DSS payment applications. The PCI Council lists all QIRs on its website. As of 2016, the PCI DSS requirements do not include the use of a QIR; however, Visa requires its merchant acquirers to:

Verify that all Level 4 merchants acquired since April 1, 2016 are using QIR providers for POS application and terminal installation and servicing; and
Verify that, by January 31, 2017, all of the Level 4 merchants within their portfolios are using QIRs.

A variety of comparing or reconciling functions performed by unit personnel or Accounting Office staff to ensure that transactions are properly documented and approved, and assurance that appropriate individuals are involved.
Process used to confirm the accuracy of a balance appearing in a particular operating or general ledger account by comparing the balance to that which appears in another related, but independent data source, such as a bank statement balance or subaccount ledger summary total.
A payment sent in the mail.
A chargeback that is rejected and returned to a card issuer by a merchant bank on the merchant’s behalf. A chargeback may be re-presented, or redeposited, if the merchant or merchant bank can remedy the problem that led to the chargeback. To be valid, a representment must be in accordance with Payment Card Industry Operating Regulations.
Sales Receipt
The paper or electronic record of a bankcard transaction that a merchant submits to a merchant bank for processing and payment. In most cases, paper drafts are now generated by a merchant’s POS terminal. When a merchant fills out a draft manually, it must include the merchant ID, date, item sold, last 4 digits, auhorization number, and signature.

Service Provider
A business entity that is not a payment brand directly involved in the processing, storage, or transmission of transaction data or cardholder data on behalf of another merchant or service provider. For example, a payment gateway is a service provider. Sometimes a service provider is a merchant.
It also includes companies that provide services (to merchants, service providers or other entities) which control or could impact the security of cardholder data. For example, managed firewall services.

Self-Assessment Questionaire
The PCI required annual review of procedures and processes to ensure compliance with current security standards.
The replication of account information encoded on the magnetic stripe of a valid card and its subsequent use for fraudulent transactions in which a valid authorization occurs. The account information is captured from a valid card and then re-encoded on a counterfeit card. The term “skimming” is also used to refer to any situation in which electronically transmitted or stored account data is replicated and then re-encoded on counterfeit cards or used in some other way for fraudulent transactions.
Short Message Service (SMS) is a text messaging service component of phone, web, or mobile communication systems, using standardized communications.
Split tender
The use of two forms of payment, or legal tender, for a single purchase. For example, when buying a big-ticket item, a cardholder might pay half by cash or check and then put the other half on his or her credit card. Individual merchants may set their own policies about whether or not to accept split-tender transactions.
Third-party processor
A non-member organization that performs transaction authorization and processing, account record keeping, and other day-to-day business and administrative functions for issuers and merchant banks.
A Token is a random alpha numeric character set that replaces sensitive payment data so a merchant can charge the account again. Tokens can be used for ACH or credit card data.
Reprint Report
Any attempted transaction within CenPOS, whether the transaction was approved or not.
Abbreviation for Resource online, a Paymentech service at which provides access to = merchant statements and other reports.
The act between a cardholder and merchant that results in the sale of goods or services.
Truncated data
Data shortened for security purposes. The most common truncation is to show the last 4 digits.
Unsigned card
A seemingly valid credit card that has not been duly signed by the legitimate cardholder. Merchants cannot accept an unsigned card.
Voice authorization
An authorization obtained by telephoning a voice authorization center.
Verified by Visa

Verified by Visa works to confirm an online shopper’s identity in real time by requiring an additional password or other data to help ensure that no one but the cardholder can use his Visa card online.

When customers see the Verified by Visa symbol during online checkout, they can rest assured that their online transactions are protected by the brand they know and trust. And, even if the cardholder isn’t enrolled in the program or their issuer isn’t participating, the merchant is not liable for certain fraud-related chargebacks on Visa personal debit and credit card transactions.

Voice authorization center
An operator-staffed center that handles telephone authorization requests from merchants who do not have electronic POS terminals or whose electronic terminals are temporarily not working, or for transactions where special assistance is required. Voice authorization centers also handle manual authorization requests and Code 10 calls.