This article explains the meaning of some commonly used terms relating to accepting payments online.
Any party which accepts credit card transactions.
Commonly used by MiGS – this is part of the authentication for your merchant account.
Also referred to as “acquiring bank” or “acquiring financial institution“. An acquirer is an entity that initiates and maintains relationships with merchants for the acceptance of payment cards.
Verification that someone is who they say they are. When you log in to a website with a username and password the process behind that is called Authentication.
Approval of a transaction by or on behalf of an issuer according to defined operations regulations. The merchant receives, via telephone or authorisation terminal, this approval to process the transaction.
Also known as Card Validation Code or Value, or Card Security Code. This commonly refers to the 3 or 4 digit code printed on the back of the card on the signature panel (or on the front of the card for an American Express card).
The process of completing a pre-authorised transaction.
A dispute resolution process that members use to determine the responsible party in a chargeback related dispute.
The facilitation of funds transfer between institutions.
Discipline of mathematics and computer science concerned with information security, particularly encryption and authentication. In applications and network security, it is a tool for access control, information confidentiality, and integrity. In short, principals of cryptography is used to make sensitive data unreadable.
Electronic commerce, commonly known as e-commerce refer to the buying and selling of products or services over electronic systems such as the internet and other computer networks.
Electronic Funds Transfer at Point of Sale – the general term used for debit card based systems for processing transactions through terminals at points of sale.
The process of transforming information using an algorithm to make it unreadable to anyone accept those possessing special knowledge.
Any commercial bank, federal or state savings and loan association, federal or state savings bank, or credit union.
Fraud is an intentional deception made for personal gain or to damage another individual.
Acronym for “hypertext transfer protocol over secure socket layer”. Secure HTTP that provides authentication and encrypted communication on the World Wide Web designed for security-sensitive communication such as web-based logins.
Process of rendering cardholder data unreadable by converting data into a fixed-length message digest via Strong Cryptography. Hashing is a (mathematical) function in which a non-secret algorithm takes any arbitrary length message as input and produces a fixed length output (usually called a “hash code” or “message digest”). A hash function should have the following properties:
- It is computationally infeasible to determine the original input given only the hash code.
- It is computationally infeasible to find two inputs that give the same hash code.
The exchange of transaction data between acquirers and issuers.
Also refers to the fee involved between a merchant bank and a card scheme, usually passed on to the merchant (this is usually around 1-2%).
A scripting language commonly used within website to provide client side programming support. Part of the foundation for JSON.
Mail Order/Telephone Order. A transaction initiated by mail or telephone to be debited or credited to a bankcard account.
A merchant is defined as any entity that accepts payment cards bearing the logos of any of the five members of PCI SSC (American Express, Discover, JCB, MasterCard or Visa) as payment for goods and/or services.
A bank that has entered into an agreement with a merchant to accept deposits generated by bankcard transactions; also called the acquirer or acquiring bank.
A unique number assigned by the acquirer to identify the merchant.
Mastercard Internet Gateway Service.
Acronym for “primary account number” and also referred to as “account number” or “card number“. The PAN is a unique card number (typically for credit or debit cards) that identifies the issuer and the particular cardholder account.
Payment Card Industry – Data Security Standards is an open global forum launched in 2006 that is responsible to enhance Payment Card Industry data security.
The councils five founding global payment brands are American Express, Discover Financial Services, JCB International, Mastercard Worldwide and Visa Inc.
A third party which handles the interaction between a merchant and the acquiring bank in a secure environment. Payment gateways commonly provide additional flexibility and functionality then direct integration with your bank, and allow for your to change banks without changing your integration.
Payments by an issuer to an acquirer on behalf of a cardholder who authorises a merchant to bill the cardholder’s account on a recurring basis (such as monthly or quarterly). The amount of each payment may be the same or may fluctuate. Also referred to as a pre-authorised order (not to be confused with pre-authorization for transactions).
Opposite of a purchase transaction; namely, the cardholder returns goods to the merchant and is credited for their value. Positive interchange and merchant service charge are reversed.
Acronym for “Secure Sockets Layer“. SSL is an established industry standard that encrypts the channel between a web browser and web server to ensure the privacy and reliability of data transmitted over this channel. Most people would know SSL as HTTPS, or recognise the ‘padlock’ icon in the browser indicating a website is secure.
Card Scheme refers mainly to Visa and MasterCard, as the owners of the payment scheme, into which a bank or any other eligible financial institution can become a member. Other schemes include American Express, JCB, Discover and more.
Secure Code/Verified by Visa/3D Secure
3D Secure, which is also known MasterCard SecureCode and Verified by VISA (VbV) is a mechanism designed to provide an additional layer of security and fraud prevention for online transactions. Usually when 3D Secure is used the customer will be prompted for a password they have setup, on a web page hosted by their bank or an approved third party.
The deposit of cleared funds into the merchants designated account (settlement account). Settlement usually occurs late at night, or is considered ‘next day’, however some merchant banks in Australia now offer real-time settlement.
Also known as a settlement account. Generally funds are deposited here and transferred to an assets account.
A unique number assigned by the acquirer to identify the terminal.
A value which is not considered sensitive – used in lieu of sensitive data as an identifier or reference.
Tokenization is the process of replacing some piece of sensitive data with a value that is not considered sensitive in the context of the environment that consumes the token and the original sensitive data.
The process of canceling a pre-authorised transaction (voiding).