Handy Merchant Glossary
Acquirer (Bank Processor): An organization that provides a merchant with facilities to accept card payments, accounts to the merchant for the proceeds and clears and settles the resulting obligations with card issuers.
Address Verification Service (AVS): The credit card processing verification identifier used to confirm the cardholder's billing address. The billing address verification validates the address on file at the card issuing bank.
Authorization: Verification of a bankcard transaction by a bankcard-issuing bank, other institution, or approved independent service provider. Authorization is initiated by accessing (by voice or electronic terminal) bank processor’s designated authorization center(s). Authorization is based on the cardholder account status and available credit.
Authorization Code: The alpha/numeric code designated by the issuer given to a sales transaction as verification the sale has been authorized. The authorization code is always included on the merchant sales draft.
Bank: A financial institution that provides merchant accounts to enable a unit for accepting credit card payments. Funds are deposited into an established bank account.
Bankcards or Cards:MasterCard, Visa, Discover, and American Express credit and/or debit cards issued by a financial institution (bank).
Bank Card Issuer: The financial institution that holds contractual agreements with and issues cards to cardholders.
Business/Corporate/Commercial Card: A Business Card, Corporate Card, Fleet Card or Purchase Card issued for Commercial use, often with a higher discount expense than consumer cards.
Capture: The second part of the credit card transaction. This function puts the charge on the cardholder’s account and deposits the funds in the bank account. The capture amount can be for less than the authorization amount, but never for a higher amount than the authorization (less refunds, transaction adjustments, or fees, transaction debits of merchant activity).
Card Verification Value Code (CVV2, CVC2and CID): The 3-digit codes that appears in the signature panel on the back of MasterCard, Visa, and Discover cards and the 4-digit code printed on the front of American Express cards. The card verification value code is a fraud prevention tool that helps merchants wins chargeback disputes.
Cardholder: The person or entity whose name is embossed on a card or whose name appears on a bankcard as an authorized user.
Cardholder Data: Cardholder data is any personally identifiable data associated with a cardholder. This could be an account number, expiration date, name, address, social security number, etc.
Card Not Present Transaction: The payment card is not available to the merchant for swiping through a card reader. Therefore, the payment information must be manually keyed into the processing system. Card Not Present Transactions are used for mail-order, telephone order (MOTO), faxed order, and e-commerce or internet transactions.
Card Present Transaction: The customer presents his/her card for payment, the card is swiped through a reader, and the customer signs a receipt for the merchant’s records. Card Present Transactions are most often processed by a payment terminal or Point-of-Sale (POS) system.
Card Truncation: The printed receipt masks all but the 4 digits of the card number on the customer and merchant receipts and the settlement detail/total reports. The expiration date is suppressed on receipts and settlement reports.
Chargeback: A chargeback is a previous transaction that is being disputed by the cardholder or their issuing institution. A chargeback occurs when a cardholder disputes a charge, if proper bankcard acceptance and authorization procedures were not followed or the unit cannot to provide documentation that the customer authorized the transaction. The bank debits the department CFOAP and credits the cardholder’s card account.
Chargeback Fees: The card associations permit the cardholder bank to collect additional fees for items that result in a chargeback. You may be subject to these Association Chargeback Fees if you failed to follow card acceptance and authorization procedures and the card issuer has a valid chargeback.
Code 10: The universal code provides the merchant a method of alerting the authorization center and without alerting the cardholder (or the person presenting the bankcard) that a suspicious transaction has occurred. The code 10 operator will ask a series of questions to be answered with yes or no responses.
Copy Request/Documentation Retrieval/ Inquiry: A request for a merchant to provide a copy of the original merchant sales slip and itemized receipt or invoice if the cardholder is disputing the charge. Copy requests must be acted on within two (2) days, and if ignored, can lead to a chargeback.
Customer: An individual or entity that makes a payment for goods or services.
Cryptography:The advanced process of encoding and decoding data that prevents unauthorized parties from reading data as it travels over the internet, also known as encryption or decryption
Debit Card: A plastic card used to initiate a debit transaction for goods and services. The card issuing bank will debit the cardholder’s checking account.
Debit Card Off-Line:A bankcard, used to purchase goods and services which debits the cardholder's personal deposit account. No PIN number is required to process off-line debit cards, transacts as a credit card.
Debit Card On-Line: A bankcard used to purchase goods and services and to obtain cash. A PIN number is required to process on-line debit cards.
Decryption:The process of decoding or unscrambling data that has been encrypted to prevent unauthorized parties from reading it during internet transmission.
Deposit Account: A checking account through which all bankcard transactions and adjustments are processed by the bank processor.
Discount Rate (Merchant Fees): A collection of fees charged by the acquirer to process the merchant's transaction. This includes interchange fee, assessment, and per item charges.
Electronic Commerce (E-Commerce): The buying and selling of products or services over electronic systems such as the Internet.
Encryption: An online data security method of screening data that is made unreadable and without the use of a corresponding encryption key.
Factoring or Draft Laundering: Credit card factoring is essentially processing transactions through a merchant account for a business or entity other than the specific business that was screened for the merchant account. Credit card factoring, also known as credit card laundering, or even money laundering, can exist in many forms. The most basic form of factoring would be a business processing transactions for another business. Another common case of factoring is when a business opens a branch, DBA, or sub-business and attempts to process through the central company’s merchant account.
Factoring is used as a method to launder money via credit cards. A business would theoretically process payments for illegal products or services and end up with a clean deposit in their bank account a few days later or when a business processes for someone else. In the event of fraud or chargeback’s, the processing banks have a hard time figuring out who is responsible for the credit transactions, because they could have been run by multiple businesses. In the end, the customer gets their money back, and the processing bank is left to recoup from the business.
Firewall: A security tool that blocks access to files from the Internet and is used to ensure the safely of sensitive cardholder data stored on a merchant server.
Government Issued Picture ID: Any picture identification card issued by the U.S Government. Examples of a Government Issued Picture ID include non-expired State Identification Card, Driver’s License, Passport, and Military Identification Card.
Internet Protocol (IP) Address:A numeric code that identifies a particular computer on the internet. Every computer network on the internet has a unique address that has been assigned by the internet service provider (ISP) and requires IP addresses to connect to the internet.
Keyed/Manually entered transaction: A card present transaction or not present is when the merchant manually keys the card data into a terminal or POS system or register or e-commerce system.
Magnetic Stripe: A stripe (on the bankcard) that is magnetically encoded with cardholder data of account information.
Merchant: A department/unit that accepts credit/debit cards as a method of payment for goods or services.
Merchant Account: An account established for a bank deposit and bank processor of credit sale amounts and debit processing fees.
Merchant Fees (Discount rate): A percent or per-transaction fee that is deducted from the unit's gross credit card receipts and paid to the bank.
Merchant Identification Number (MID #): A 6 to 16-digit number ID number provided under the merchant agreement.
Operating Regulations or Regulations:All merchants must follow the bank card operating regulations of MasterCard, Visa, Discover, American Express and the bank acquirer.
Payment Card Industry Data Security Standards (PCI DSS):An independent body founded by Visa International, MasterCard Worldwide, American Express, Discover Financial Services and JCB to govern the security standards for the payment card industry. Common standards for merchants and third parties resulting from the alignment of MasterCard, Visa, and other card associations with the similar goal of protecting payment card account data wherever it is processed, transmitted, stored or accessed.
PCI Security Standards Council (PCI Co.): PCI Co. owns, develops, maintains and distributes the Payment Card Industry (PCI) Data Security Standard (DSS) which is located on their website at: https://www.pcisecuritystandards.org/
Primary Account Number (PAN): The unique payment card number (typically for credit or debit cards) that identifies the issuer and particular cardholder account and often referred to as a credit or debit card account number.
Partial Authorization: Provides an alternative to a declined transaction by permitting a cardholder to return an authorization approval for a partial amount, an amount less than transaction amount requested by the merchant, when the available card balance is not sufficient to approve the transaction in full.
Payment Gateway: An acquirer’s link between the e-commerce merchant and the bank processor transaction system. The payment gateway receives encrypted transactions from the merchant server. The gateway then authenticates the merchant, decrypts the payment information, and sends this data through the bank processor; the gateway encrypts the payment data again (along with the response) and sends this back through the Internet to the merchant server. The payment gateway thus supports merchant and cardholder authentication, the safe transmission of payment data, and the authorization and capture of e-commerce transactions.
Phishing:Phishing is a method of "social engineering", through the use of emails or phone calls, to an attempt to trick someone into providing card data for malicious purposes. The name stems from the word "fishing", the idea being that a fake story, "bait" is "cast out" with the hopes that an unsuspecting person will take the bait and reveal sensitive card data to the thief.
NOTE: No one will ever contact you to ask for a FULL card account number, expiration date, payment card verification number or security code. This includes Merchant Card Services as well as our bank processor Global Payments. Please contact Merchant Card Services if you suspect a phishing attempt for cardholder data.
Personal Identification Number (PIN): Personal Identification Number. The confidential individual number or code used by a cardholder to authenticate card ownership for POS terminal transactions.
Point-of-Sale (POS): The merchant location where the customer makes a purchase.
Point of Sale (POS) system: An information processing system of a terminal computer, electronic cash register, contactless reader or payment engine or process, used by a Merchant, to obtain authorizations for collecting transaction funds.
Proof of Delivery:A receipt that is signed by the authorized cardholder at the time when the goods/services are delivered or order picked up to validate a billing address.
Rebuttal:A merchant's written reply to a chargeback with documentation proving the sale was valid, authorized by the named cardholder and the proper merchant transaction processing procedures were followed.
Recurring Payments: A series of transactions processed by the merchant on an ongoing basis until canceled by the cardholder. The pre-authorized order document must include the cardholder's written authorized consent to process continued charges to the cardholder's card account as recurring billed payments with the noted date timeline and cancelation procedures.
Redact: The process of removing sensitive or classified secure information from a document prior to its publication.
Reference ID: This is a unique identifier that the unit web site assigns to each payment transaction. It can be up to 50 alphanumeric characters long. Reference IDs must always be unique. The algorithm used to generate a Reference ID must never allow the same Reference ID to be generated for two different payments.
Return Uniform Resource Locator (URL): This is the URL specified by the unit/departmental web site where customers are directed after a payment has been completed.
Sales Draft/Receipt: A paper or electronic record of a sale transaction for goods or services.
Service Provider: Business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data. Service provider includes companies that provide services that control or could impact the security of cardholder data.
Settlement: The end of business day merchant’s process to deposit credit card transaction activity. The terminal or POS system-register or e-commerce settle at end of business day to process debits and credits by a calculated net amount that will be applied to the deposit account.
Site ID: This is a unique identifier that tells the Payment Server which web site is requesting to process an online payment. It is a simple integer value. A site is a logical boundary for grouping transactions.
Split Sale: Processing two or more transaction sales drafts for a single transaction on “one card” account in order to avoid authorization procedures, not allowed and against bank operating regulations. This is considered circumventing the cardholders authorized transaction limits.
Split Tender: A transaction split between one card and “another card” or “another form of payment,” (such as cash or check). Split tender is a transaction process permitted.
Terminal:The POS equipment used to process, transmit, and capture payment card transactions.
Third Party Provider: Any organization, software integrator, or service provider (such as third party terminal provider) that assists merchant in completing credit card transactions.
Transaction: Sales between a merchant and a cardholder for the payment of goods or services by a sales draft that is processed through the Interchange Systems.
Transaction ID: This is a unique identifier that the Payment Center assigns to each payment transaction. It is always 13 alphanumeric characters. The Transaction ID is returned in the result of the QueryCCPayment message.
Token:This is a unique identifier that the Payment Center assigns to each payment transaction. It is always 48 alphanumeric characters. The Token is returned in the result of the RegisterCCPayment message.
Voice Authorization: The transaction’s authorization is obtained by telephoning a bank processor’s call-voice authorization operator.