Glossary of Terms

A merchant/vendor qualified to accept credit or debit cards as payment.

Automated Clearing House file. A file containing instructions for the exchange and settlement of electronic payments passed between financial institutions. 

An organization licensed by Visa/MasterCard as an affiliated bank or bank/processor alliance that is in the business of acquiring new merchant businesses (acceptors) and processing their credit card transactions.

An acquirer that contracts with the bank and merchants (acceptors) to enable credit card transactions. The acquirer deposits daily credit card totals and debits end-of-month processing fees from merchants’ accounts.

An action initiated by the acquirer to correct a processing error, such as duplication of a transaction or a cardholder dispute. The acquirer debits or credits the merchant’s DDA (Demand Deposit Account) for the dollar amount of the adjustment.

Audio Response Unit. An electronic authorization and capture product allowing merchants to use a touch-tone telephone to process transactions.

Processing fees merchants pay to the Card Associations to finance their roles in operating the network, setting rules and pricing, research and development and marketing/branding. Assessments are a set percentage of the sale and are generally collected on a daily or monthly basis.

Any entity formed to administer and promote credit cards. The best known examples of Associations are MasterCard and Visa.

Verification that the credit card has sufficient funds (credit) available to cover the amount of the transaction. An authorization is obtained for every sale. An approval response code is sent to the merchant’s POS (point of sale) system from a card issuing financial institution, verifying availability of credit or funds in the cardholder account to make the purchase.

A code returned by a credit card issuing bank in an electronic message to the merchant’s POS equipment indicating approval of the transaction and serving as proof of authorization.

An issuing financial institution’s electronic message reply to an authorization request. Typical responses include:

• Approval – transaction was approved.
• Decline – transaction was not approved.
• Call Center – response pending more information.  In this event, the merchant must call the toll-free authorization phone number.

A configuration feature that allows an end-of-day batch closing to occur automatically at a specified time, without merchant initiation.

The average dollar amount of a merchant’s typical sale. Calculated by dividing the total sales volume by the total number of sales over a specified time period.

Address Verification Service. The process of validating a cardholder’s given address against the issuer’s records to determine accuracy and deter fraud. Provided as one element of credit card authorization, a code is returned with the authorization result, indicating the level of accuracy of the address match and helping to secure favorable interchange rates.

A credit card issued by a Visa or MasterCard-sponsored financial institution. (American Express, Discover, Diners Club, JCB, etc., are issued directly from their respective operations, not through a bank or sponsored financial institution).

An accumulation of captured credit card transactions awaiting settlement in the merchant’s terminal or POS.

The submission of an electronic credit card transaction for financial settlement. Authorized credit card sales must be captured and settled for a merchant to receive funds for those sales (see Settlement).

An EFT (see Electronic Funds Transfer) Network Member-Bank that runs a credit or debit card “purchasing service” for account holders. (i.e. the CitiBank Visa Card issued by CitiBank).

A transaction that occurs without a physical card present at the time of the transaction. Card not present transactions require the manual entry of credit card data into a website, payment terminal or POS.

A person or business to whom a card is issued, or an individual authorized to use the card.

Data held by or printed on a credit or debit card. Including but not limited to full magnetic stripe or chip data, PAN (payment account number), cardholder name, expiration date and service code.

The areas of a computer or network that possesses cardholder data or sensitive authentication data. These directly attach to or support cardholder processing, storage, or transmission of cardholder data.

A credit card transaction that is billed back to the merchant after the sale has been settled. Chargebacks are initiated by the card issuer on behalf of the cardholder and typically involve product delivery failure or product/service dissatisfaction.

The Center for Internet Security, a non profit enterprise dedicated to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate security controls.

The process of sending the batch (see Batch) for settlement.

Credit or charge cards issued to businesses to cover expenses such as travel, entertainment and procurement. Includes purchasing cards, business cards, corporate cards and multi-utility fleet cards. Visa and MasterCard have special procedures for passing billing information back to the card issuing bank for display on cardholder statements.

Considered when an entity cannot meet a PCI requirement explicitly as stated due to legitimate technical or documented business constraints, but has sufficiently mitigated the risk associated with the requirement through implementation of other controls. Compensating controls must:

1. Meet the intent and rigor of the original stated PCI DSS requirement;
2. Repel a compromise attempt with similar force;
3. Be above and beyond other PCI DSS requirements; and
4. Be commensurate with the additional risk imposed by not adhering to the PCI DSS requirement.

Unauthorized intrusion into a computer system or network where cardholder data destruction is suspected.

A charge card designed for business-related expenses, such as travel and entertainment (see Commercial Card).

Nullification of an authorized transaction prior to settlement. A reversal will immediately “undo” an authorization, not affecting the open-to-buy balance on a cardholder’s account.  Reversals are not supported by some card issuers.

Deposit Correction Notice. Adjustments (debits or credits) made for an out-of-balance condition due to various problems in the transmittal. Made by the merchant’s (acceptor’s) acquirer at the time of capture prior to being sent out for interchange.

Demand Deposit Account. Typically the merchant’s business bank account.

Payment card enabling the withdrawal of funds directly from the cardholder’s checking account at the time of transaction (online debit on a debit network) or after batch settlement (off-line debit on a credit card network).

Data Encryption Standard. Block cipher encryption was elected as the official Federal Information Processing Standard (FIPS) for the United States in 1976. Its successor is the Advanced Encryption Standard (AES).

The percentage of sales amounts that the bankcard acquirer or travel and entertainment (T&E) card issuer charges the merchant (acceptor) for the settlement of the transactions.

Data Security Standard.

Processing fees paid to the Card Associations by merchants (acceptors) to finance the Associations’ roles in operating the network, setting rules, setting pricing, research and development and marketing/branding. They are a set percentage of the sale, typically collected on a daily or monthly basis.

Electronic Cash Register. A mechanical device used for cash sales that can also be integrated to accept credit cards.

Electronic Data Capture. The process of authorizing, capturing and settling a credit card transaction electronically.

The rejection of a salesby Visa or MasterCard, before a transaction processes through interchange but after the acquirer has paid it.

Europay, MasterCard, and Visa. Also known as “Chip & PIN.” EMV cards are enabled by a microchip that’s impossible to duplicate and requires a personal identification number (PIN) at the point of sale instead of a signature.

The process of converting information into an unintelligible form except to holders of a specific cryptographic key. Use of encryption protects information between the encryption process and the decryption process (the inverse of encryption) against unauthorized disclosure.

Private label credit cards designed for repairs, maintenance and fueling of fleets of business vehicles.

Text printed at the bottom of a receipt. Also known as a trailer. Footers are customizable by the merchant (i.e., Have a Nice Day, No Refunds, Thank You for Shopping With Us, etc.).

An entity responsible for various services offered to merchants and other service providers. Host services range from shared space on a server to a whole range of shopping cart options, payment applications and connections to payment gateways and processors.

The computer hardware on which software resides.

The standardized electronic exchange of financial and non-financial data associated with sales and credits between merchant acquirers and card issuers on various MasterCard and Visa transactions.

A percentage applied, according to Visa/MasterCard regulations, to the dollar value of each transaction. There are multiple categories of interchange, and Visa and MasterCard each have their own criteria for their own categories. A transaction must meet the specified criteria for a category in order for that category’s rate to be applied. Transactions are categorized individually, so various interchange rates may apply within any one batch of a merchant’s transactions.

Independent Software Vendor. Provider of a software application that has a payment solution built into its software program, enabling merchants to have an all-in one business solution.

A transaction that contains additional data provided for purchase/commercial cards. A Level II transaction includes sales tax amount, a commercial card customer code and often the customer’s purchase order number.

A transaction that contains additional data, beyond Level II data, provided for purchase/commercial cards. A Level III transaction includes item-level details of the purchase and enhanced data such elements as a summary commodity code, ship to/from ZIP code, freight/shipping amount, etc.

The strip of magnetic tape affixed to the back of credit cards containing identifying data, such as account number and cardholder name (see Magnetic Stripe Data).

Data encoded in the card’s magnetic stripe, used for authorization during transactions when the card is present. Data includes account number, expiration date, cardholder name and service code.

A batch close initiated by the merchant on a daily basis (also known as merchant initiated batching), as opposed to an automated close at a pre-set time.

Customer of a processor/acquirer. Also known as an acceptor.

A number generated by a processor/acquirer that is specific to each individual merchant location. Used to identify the merchant during processing of daily transactions, rejects, adjustments, chargebacks, end-of-month processing fees, etc.

Mail Order/Telephone Order. Credit card transactions initiated via mail, email or telephone. Also known as card-not-present transactions.

The company’s infrastructure, and systems used to authorize and capture credit card transactions.

Bankcard sales transactions that are processed at a higher interchange rate because they do not meet set Visa/MasterCard criteria for that particular merchant (acceptor). An example of this is a retail merchant that processes a card-not-present transaction (or manually enters card data rather than swiping the magnetic stripe) when the card is actually present. The merchant pays the difference between what they should have paid (card present fee) and what they actually qualified for (the higher card not present fee).

Point-To-Point Encryption. Encryption technology that ensures cardholder data is protected from card swipe all the way through to the processing banks. State of the art encrypted card readers scan and encrypt cardholder information prior to performing an electronic payment transaction.

Payment Application Data Security Standard. The goal of PA-DSS is to help software providers secure distributed payment applications that do not store cardholder data.

Payment Card Industry.

PCI Compliance refers to industry-mandated security standards that apply to all businesses that handle, process or store credit or debit cards. The three PCI compliance standards are PCI DSS, PA-DSS and the PCI PED.

Deadlines for merchants, service providers and software applications to be compliant with the corresponding PCI standard.

Payment Card Industry Data Security Standards. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies and procedures.

Payment Card Industry PIN Entry Device. The PCI PED is a multifaceted security standard that includes requirements for PIN Entry Device security management, policies and procedures.

Point of Entry. The initial point where cardholder data is read from a credit card. This is generally the keyboard where manual entry is made, or the card reader itself.

Point of Sale. The location where credit card transactions are performed with the cardholder present, such as a retail store. The card is read mechanically via magnetic stripe or chip, and the cardholder’s signature is obtained as insurance against the transaction.

Credit, debit or stored-value cards that can only be used within a specific merchant’s (acceptor’s) store. Also referred to as proprietary cards.

The medium of data transport between the merchant application and the processor. The processing network (vendor) authorizes and captures credit card transactions. Examples of processing networks include First Data and TSYS.

Credit cards used by businesses to cover purchase expenses, such as raw materials or office supplies.

A tool for submitting and managing recurring or subscription-based transactions.

A form verifying the cardholder’s obligation to pay money (i.e., the sales amount) to the card issuer. The piece of paper or electronic data capture device that is signed when a purchase is made (see Electronic Data Capture).

Secure payment gateways provide a system that passes credit card data, authorization requests, and authorization responses over the internet using encryption technology. Transaction information is sent by the payment gateway’s secure server to the credit card network, where the card is validated and the availability of funds on the account is verified. An encrypted authorization code is then returned to the payment gateway and transmitted to the merchant.

The process of sending a merchant’s batch to the network for processing and payment. A batch is considered settled once funds appear in the merchant’s bank account.

Software companies that either produce, utilize or resell shopping cart applications that display merchandise and/or services and take orders for merchants.

A credit-type card that employs a chip to electronically store account information in the card itself.

Secure Sockets Layer. The industry standard that encrypts the channel between a web browser and web server to ensure the privacy and reliability of the data transmitted.

Any equipment used to capture and transmit credit card transactions.

An independent processor that is contracted by a bank or processor to conduct some part of the transaction processing process. 

Terminal Identification Number. A unique number assigned to each POS terminal.

Credit or charge cards used by businesses for travel and entertainment expense purposes. Examples of these cards are American Express, Diners Club and JCB (see Corporate Cards).

A tool that allows merchants to process credit card transactions from any computer with an internet connection.