This page discusses commonly used terms in the payment processing industry. Use the letters in the left navigation bar to easily find the term you're looking for.
American Bankers Association - A unique, nine (9) digit Bank Identifying Number that directs electronic deposits to the proper bank. This number precedes the account number at the bottom of the check.
One of the group of processing institutions that have networked together to exchange (clear and settle) electronic transactions. Also a way of processing payment electronically like an eCheck (Electronic Check) in which the bank’s Routing number and Account Number are required and funds are transferred from the buyer to the seller account electronically.
The financial institution (or sponsoring bank) accepting the payments from a credit card holder (customer) on behalf of a Merchant. The Acquiring Bank has a contract (merchant account) directly with the Merchant or indirectly through an independent Processor providing the Merchant with a line of credit.
American National Standards Institute. A non-profit that oversees voluntary consensus standards for US products, processes and systems. Encryption key transfer, storage and injection are subject to ANSI Standards.
Software Application Interface. A set of routines, protocols and tools for building software applications.
Also called “Authorization Approval Code,” “Authorization Response Code,” or “Issuer’s Response Code.” (Also see Response Code).
A multi-digit alphanumeric code assigned by the Issuer to identify the approval for a specific authorization request. This guarantees the merchant that funds will be available for 30 days, and freezes the card holder’s funds for 10-21 days, presuming proper protocols are followed.
A transaction resulting in an Approval Code is not final until the Batch containing the transaction is settled. Approval Codes containing letter characters are usually a result of a business, commercial, corporate, or purchasing credit card transaction.
A Preapproval Authorization may be processed to check the validity or credit limit of a credit card, which will generate an Approval code which must later be entered to complete the transaction using a Forced Sale.
Process of verifying identity of an individual, device, or process.
Occurs when a merchant receives transaction approval after the acquirer validates the transaction with the issuer/processor.
Address Verification System - Validates the billing address of the credit card to make certain the ZIP code and/or Street number or other information matches what is on file. This can also decrease credit card fraud if the thief does not have access to the card holder’s actual billing address.
Bank Identification Number/BIN
Also called Issuer Identification Number (IIN/I.I.N.). The first six (6) digits on every credit, debit, prepaid or gift card identifying the Issuer (bank) which operates and manages the account. There are over 100,000 BINs for over 9,000 banks issuing them worldwide. The first digit of the BIN is the Major Industry Identifier (M.I.I.).
The eight (8) digits before the last Check Digit on the 16 digit credit card is the Cardholder's account number.
Hundredth of a Percent. Also abbreviated as BP.
- 1 basis point = 0.01% = 0.0001
- 50 basis points = 0.05% = 0.005
- 100 basis points = 1% = 0.01
- 2,000 basis points = 20% = 0.2
- 30,000 basis points = 300% = 3.0
All of the credit card transactions (sales) occurring before Settlement (close of batch), which should be done at the close of the business day or when no more transactions are expected for the day. Batch close, also called Settlement, may be set to “Automatic” which is a preset time each day, or “Manual” which requires the Merchant to settle the transactions from the Terminal, software or POS system.
Fees incurred when your customer refutes the validity of a transaction (by filing a Dispute) with his or her Issuing Bank who then forcibly reverses the transfer of funds. The Merchant may dispute the validity in which case Acquiring Bank and Issuing Bank shall reach an agreement.
- Technical — Expired authorization, non-sufficient funds or processing error.
- Clerical — Duplicate billing, incorrect amount billed, or refund never issued.
- Quality — Consumer claims goods never received as promised at time of purchase.
- Fraud — Consumer claims they did not authorize purchase or identity theft.
Also ‘Refunds.’ A full or partial refund of a sale to the Cardholder for a previous transaction not made during the current Batch. If a refund is needed during the current Batch, a Void must be issued instead, which cancels the transaction as if it never took place. Only the authorization attempt will appear in the cardholder's records.
CVV, CVV2, or Card Verification Value. Refers to either magnetic stripe data or printed number security feature located on the back of payment card. If you require this CVV, it will cut down on the use of card numbers stolen from credit card statements or plucked off of the Internet. Of course, if the thief has the actual credit card, then requiring the CVV has no benefit.
Your Processor's charge, expressed as a percentage rate plus a Per Item (P/I) fee on each transaction, and is set by your Processor or Merchant Services company. Example of a discount rate: 0.94 + 30¢.
The cost to process any credit card transaction always includes 3 fees: Processor's Discount Rate + Per Item Fee, Interchange Rate (% + P/I), and Assessment. Some processors hide these fees by combining them into a single fee, like Tier billing.
Discount Rates depend on factors like your industry type (retail, eCommerce, mail/telephone order, hotel, petrol, grocery, etc.) Certain types of businesses qualify for special pricing which can be very low, yet many processors do not pass these savings on to their merchants.
Data Security Standards - The regulations and practices created and governed by the Payment Card Industry Security Standards Council or (P.C.I.).
Electronic Benefit Transfer - Usually refers to SNAP (Food Stamps) or On-Line WIC.
A simple but effective benchmark revealing the real, actual percentage of fees that a Merchant is charged on all transactions. It is calculated by dividing the Total Fees Paid by the Total Volume of credit card transactions. (volume ÷ fees)%
Europay, Master Card and Visa joint venture which created the original standards used for Smart Card payment transactions.
Early Termination Fee - ETF is a penalty that Processors charge merchants for cancellation of contract or agreement prior to the expiration of the contract. The reasoning is usually that processors incur substantial expenses in signing up a new merchant including new equipment programming, file setup, billing administration, credit, background and TMF checks and network setup fees plus registration with associations.
Fleet Cards are variation of commercial or corporate card to purchase goods and services for automobile/vehicle, aviation, or marine fleets.
A Credit (Refund) applied to a transaction for which a record is not currently accessible or available within the Merchant's records. The transaction ID number or original approval codes may not be known, but the credit can still be applied to the Cardholder's credit card.
Note that a Merchant must be approved in advance for this capability and not all Processors support this function.
Process of rendering cardholder data unreadable by converting data into a fixed-length message digest via Strong Cryptography. Hashing is a (mathematical) function in which a non-secret algorithm takes any arbitrary length message as input and produces a fixed length output (usually called a “hash code” or “message digest”).
Independent Sales Organization
A company or individual contracted with a Processor to acquire new Merchants. Many ISOs provide customer support, technical support and installation support to its customers on behalf of the Processor.
Think of this as a Price List, Fee Schedule or Menu each Card Association (Visa, MC, Discover, Amex) assesses for every variation of card that they create, based on risk. Since different industry types and businesses are naturally higher risks, Interchange rates reflect that.
As of April 2013, Visa has 40+ card types ranging from debit, rewards, business and international while MasterCard carries 50+ with similar variations.
A method of pricing rates where the Discount Rate (processor’s charge) is isolated from Interchange. Because the costs are transparent, it is more honest as it discloses where the fees are really going. However, it may confuse merchants who are not used to seeing “assessment” and “interchange.”
(or Issuer) the bank who issues the cardholder the credit card and assumes the greatest risk. This banking entity approves the cardholder based on their credit, assesses his or her credit limit, sets his or her APR and terms, and then funds (advances) the Merchant money for the purchase in advance before actually being reimbursed by the cardholder within/after a grace period. (may or may not be where customer holds checking/savings, or institutions like Capital One, Discover, American Express, B of A, General Motors, Ford, Chase, Citibank, Shell Oil, etc.)
Any electronic card which is used only at a single Merchant's business for the purpose of earning discounts, free products and services, or rewards based on frequent buying. These usually have the Merchant's name and logo, and is provided by a 3rd party company (not the processor, but must be compatible with the Processor) to track purchases and manage customer information. This is an effective incentive to award your most loyal, frequent customers by giving back. These specialty or custom cards can be used on certain credit card terminals which also take regular bank cards and/or gift cards. Examples include TenderCard and Global eTelecom.
Merchant Category Code (MCC)
A four-digit number assigned to a business by MasterCard or VISA when the business first starts accepting one of these cards as a form of payment. The MCC is used to classify the business by the type of goods or services it provides. In the US it can be used to determine if a payment needs to be reported to the IRS for tax purposes. To determine your MCC, visit the IRS MCC section here: www.irs.gov/irb/2004-31_IRB/ar17.html.
Magnetic Stripe Reader.
Near Field Communication also known as RFID or Contactless. Uses a chip embedded in a card, fob or smart phone and an antenna that emits a low level electrical charge. The charge powers the chip, which then transmits the customer’s data to the antenna. There are two standards in use today for payments ISO 14443, which is used commonly for one way communication to transmit credit card data and ISO 18092 which is used for two way communication for EMV and couponing on Mobile Wallets.
Original Equipment Manufacturer - Generally in the payment world OEM refers to the company that makes a part or device that is sold by another company. For example MAG TEK makes an MSR for an Equinox terminal. MagTek refers to Equinox as an OEM.
Transaction which had already been initiated by Preapproval Authorization, and a Approval Authorization Code has been generated. The transaction is not final until Settlement of the Batch.
Primary Account Number - A numerical code consisting of 14 or 16 digits both embossed on a payment card and encoded on the magnetic strip. It identifies the Issuer of the card, the card holder’s account number, and a check digit for authentication.
For purposes of PCI DSS, any payment card/device that bears the logo of the founding members of PCI SSC, which are American Express, Discover Financial Services, JCB International, MasterCard Worldwide, or Visa, Inc.
Payment Card Industry - A council made up of terminal manufacturers, processors, card brands and security experts from the payment industry. This group sets all the standards and practices regarding securing payments, applications and networks.
Major Issuing Banks created PCI (Payment Card Industry) compliance standards to protect personal information and ensure security when transactions are processed. Due to the acute rise in data breaches, hackers and identity theft prevalent, all processors now charge breach insurance or PCI Compliance fees to insure against such a breach, which could result in hundreds of thousands of dollars in damages and fines.
Data Security Standard – PCI standards for payment card data security.
(or Personally Identifiable Information) Information that can be utilized to identify an individual including but not limited to name, address, social security number, phone number, etc.
Personal Identification Number usually consisting of 4 numbers used to authenticate Debit (Check Card) transactions with no signature or AVS required. Secret numeric password known only to the user and a system to authenticate the user to the system. The user is only granted access if the PIN the user provided matches the PIN in the system. Typical PINs are used for automated teller machines for cash advance transactions. Another type of PIN is one used in EMV chip cards where the PIN replaces the cardholder’s signature.
Point of Sale System. POS refers to any electronic credit card terminal, credit card software or computer system including Touchscreens, Kiosks or Virtual Terminals, where credit card transactions may be keyed and/or swiped online in a web browser or software application or Gateway.
An attempt to test a cardholder’s credit card for validity and credit limit before processing a sale transaction to protect the merchant who presumes the credit card to be valid before rendering service, as in the case of a hotel offering advance reservations or a bar offering a tab to patrons. Credit card terminals have this option, which may be called “Auth Only,” which generates an Approval Authorization Code if successful, and can later be used with a Forced Sale to complete the transaction.
A bridge between your customer’s bank (that issued card) and your business bank account. The Processor must either be or also have an Acquiring Bank if it is a non-Bank Processor, like TransFirst).
A business to business or business to government card usually used for small purchases which would normally require a Purchase Order, Invoices or Checks, thus saving unneeded paperwork and making companies more efficient.
In the payment industry, this refers to Point to Point Encryption. Customer account data is encrypted at the swipe and decrypted at either a retailers switch, a payment gateway or by the processor depending on the scheme. There are several schemes in play using various encryption methods.
A Quick Response code. Resembles a barcode and can be imaged by a Smart Phone for advertising or for payment info.
Qualified Security Assessor (QSA)
Company approved by the PCI SSC to conduct PCI DSS on-site assessments. For a list of QSAs, see www.pcisecuritystandards.org/p...
Retail Base Application- Ingenico’s original terminal application, still in use. It is the more robust of the two that they offer. Some terminal features only work with this application.
A number provided by a card issuing bank to a merchant explaining why a particular transaction was declined, or verifying the transactions acceptance. Also see Approval Code.
Tool used by any entity to validate its own compliance with the PCI DSS.
Software Development Kit- Used to create applications to run on payment terminals.
All transactions are not final for processing or payment until settlement, which occurs when all credit card transactions in the current Batch have been closed. Usually, a batch begins with the first transaction of the business day, and ends with the last transaction of the day before the Batch is closed (settled). During settlement, a report is electronically submitted to the processor finalizing the day’s sales as complete. Funds are deposited in the merchant’s account usually 48 business hours after the batch settlement. Voids can not be issued after settlement.
Also referred to as “chip card” or “IC card (integrated circuit card).” A type of payment card that has integrated circuits embedded within. The circuits, also referred to as the “chip,” contain payment card data including but not limited to data equivalent to the magnetic-stripe data.
Secure Reading and Exchange of Data. Created by the PCI Council to provide terminal manufacturers and ISV’s a secure criteria to use in support of P2P.
On a gross statement refers to the difference between a basic consumer card at its lowest rate (commonly called vanilla or plain card) and the rate of the actual card used.
Stored Value Card = Gift Card or Card issued for refunds
Terminal ID (TID)
A unique identification number assigned to a specific point of sale (POS) device by the Acquirer.
See also POS. A credit card terminal run from the computer screen, iPhone or other smartphone or handheld device which runs in a window via web browser or other software application, rather than using dedicated hardware like a physical credit card terminal.
A Preapproval Authorization performed over the phone by a Merchant to verify funds on a card holder’s credit card or the validity of a customer credit card prior to charging the transaction.
A void transaction describes a credit card transaction that has been deleted before settlement (close of batch). The transaction amount has only been authorized to the card holder’s account, therefore the cardholder should see that no funds were removed and card holder’s balance will clear the authorization amount within 24-48 hours.