Glossary of Industry Terms

Account Number Truncation      
The process of not printing the full primary account number and expiration date on a receipt. Typically, only the last four digits of the primary account number are printed.

Acquiring Bank (Merchant Bank)A bank that is an authorized member of Visa & MasterCard that is in the business of processing credit card transactions on behalf of businesses (merchants).

Address Verification Service (AVS)    
A real-time service offered to combat fraud and validate a cardholder’s given address (street number and zip code) against the card issuer’s records. AVS is used in a non-face to face processing environment (mail order/telephone order). The network response helps the merchant determine the level of accuracy of the address match. AVS only works for US-issued credit cards.

An adjustment is initiated by the acquiring bank to correct a processing error. The error could be a duplication of a transaction or the result of a cardholder dispute. The acquiring bank debits or credits the merchant’s DDA account for the dollar amount of the adjustment.

American Express (AMEX)    
A company that both issues cards and acquires transactions through merchants. This is unlike Visa and MasterCard which are associations of financial institutions.

Assessments are processing fees merchants pay to the Card Associations to finance their roles in operating the network, setting rules, setting pricing, research and development, and marketing/branding. They are a set percentage of the sale and are generally collected on a daily or monthly basis.

Associations are any entity formed to administer and promote credit and cards. The best known examples of Associations are MasterCard and Visa.

The process of verifying that the credit card has sufficient funds (credit) available to cover the amount of the transaction. An authorization is obtained for every sale. An approval response in the form of a code is sent to a merchant’s POS (point of sale) from a card issuing financial institution that verifies availability of credit or funds in the cardholder account to make the purchase. Also see Point-Of-Sale.

Authorization Code 
A code that a credit card issuing bank returns in an electronic message to the merchant’s POS equipment that indicates approval of the transaction. The code serves as proof of authorization.

Authorization Response   
An issuing financial institution’s electronic message reply to an authorization request, which may include:
* Approval — transaction was approved
* Decline — transaction was not approved
* Call Center — response pending more information, merchant must call the toll-free authorization phone number.

The process by which daily batches of transactions are automatically summarized and transmitted for end of day settlement processing at a pre-determined time.

Automated Clearing House (ACH)    
The Automated Clearing House is a batch-oriented electronic funds transfer system which provides for the interbank clearing of electronic payments for participating financial institutions. The Federal Reserve System acts as the ACH operator clearing transactions for financial institutions.

Average Ticket (Average Sale) 
The average dollar amount of a merchant’s typical sale. The average ticket amount is calculated by dividing the total sales volume by the total number of sales for a specified time period.

A credit card issued by a Visa or MasterCard-sponsored financial institution. (American Express, Discover, Diners Club, JCB, etc., are issued directly from their respective operations, rather than through banks).

Bank Identification Number (BIN) 
The first 6-digits of the account number used by the card issuer to identify their institution. The American Express account number range begins with “3”, the Visa account number range begins with “4”, the MasterCard account number range begins with “5” and the Discover account number range begins with “6”.

Batch Processing    
The action of processing transactions together at one time (in a batch) as opposed to individually (one at a time). Typically batch processing occurs in situations where a cardholder signs-up to be billed on a regular basis. This could be a monthly cable TV bill, insurance bill, or subscription service.

The submission of an electronic credit card transaction for financial settlement. Authorized credit card sales must be captured and settled in order for a merchant to receive funds for those sales. Also see Settlement.

Card Verification Value (CVV2  CVC2  CID- V Code) 
The Card Verification Value is the three-digit security code that is printed on the signature panel on the back of a credit card. These numbers provides extra security against unauthorized use during non-face to face transactions. If merchants input the Card Verification Value as part of authorizing a MO/TO transaction, the card issuer will respond that there is a match or no match with what they have on file for this card. By using the Card Verification Value, the merchant is able to make a more informed decision about the validity of the card and the transaction.

Card-Swiped Transaction    
A transaction where a card is read by a magnetic stripe card reader.

The individual to whom the card is issued or who is authorized to use an issued card.

Cardholder Data
Full magnetic stripe or the PAN (payment account number) plus any of the following: 
* Cardholder name
* Expiration date
* Service Code

Cardholder Data Environment 
Area of a computer system network that possesses cardholder data or sensitive authentication data. Those systems and segments directly attach or support cardholder processing, storage, or transmission. Adequate network segmentation, which isolates systems that store, process, or transmit cardholder data from those that do not, may reduce the scope of the cardholder data environment and thus the scope of the PCI assessment.

Card Not Present 
A transaction where the card is not present at the time of the transaction (such as mail order or telephone order). Credit card data is manually entered into the terminal or POS, as opposed to swiping a card’s magnetic stripe through a piece of equipment.

The Center for Internet Security Is a non-profit enterprise with mission to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls.

A transaction returned by an issuing bank to an acquiring bank. A transaction may be returned because it was non-compliant with association rules and regulations or because it was disputed by the cardholder.

Close Batch 
The process of sending the batch for settlement.

Commercial Card    
A general name for cards issued to businesses. This includes multiple variations such as Purchasing Cards, Business Cards, Corporate Cards, Travel and Entertainment Cards and Fleet Cards. In some cases, merchants are asked to input additional data as part of the accepting these cards, such as entering the sales tax amount and/or a purchase order number.

Compensating Controls 
Compensating controls may be considered when an entity cannot meet a requirement explicitly as stated, due to legitimate technical or documented business constraints but has sufficiently mitigated the risk associated with the requirement through implementation of other controls. Compensating controls must 1) meet the intent and rigor of the original stated PCI DSS requirement; 2) repel a compromise attempt with similar force; 3) be above and beyond other PCI DSS requirements (not simply in compliance with other PCI DSS requirements); and 4) be commensurate with the additional risk imposed by not adhering to the PCI DSS requirement.

Intrusion into a computer system where unauthorized disclosure, modification, or destruction of cardholder data is suspected.

Corporate Card 
A charge card designed for business-related expenses, such as travel and entertainment. Please see Commercial Card.

Credit (Refund)    
A transaction where the merchant sends money to the cardholder’s account usually because the cardholder has returned merchandise. Credit transactions appear on the cardholder’s statement.

Credit Card    
A card that allows the cardholder to purchase goods or services from a merchant on credit.

Daily Discount 
The process of deducting the processing fees every day from the merchant’s settlement account. Typically this is withdrawn net of the total amount of the sales for the particular day.

DDA Account 
This is the merchant’s Demand Deposit Account, otherwise known as the merchant’s checking account.

Debit Card    
A card linked to a checking account. Unlike a credit card, debit card transactions are deducted automatically from the cardholder’s checking account.

Declined Transaction    
A transaction that was not approved by the card issuer.

Data Encryption Standard (DES). Block cipher elected as the official Federal Information Processing Standard (FIPS) for the United States in 1976. Successor is the Advanced Encryption Standard (AES).

Discount Rate    
A percentage amount charged to process a transaction.

A company that both issues cards and acquires transactions through merchants. This is unlike Visa and MasterCard which are associations of financial institutions.

Dues & Assessments 
Dues & Assessments are processing fees merchants pay to the Card Associations to finance their roles in operating the network, setting rules, setting pricing, research and development, and marketing/branding. They are a set percentage of the sale and are generally collected on a daily or monthly basis.

Electronic Benefits Transfer (EBT) 
The processing of federal and state welfare programs via electronic methods. Typically EBT systems replace paper-based processing.

Electronic Cash Register (ECR) 
A device used for cash sales which can also be integrated to accept credit cards.

Electronic Date Capture (EDC) 
The process of electronically authorizing, capturing and settling a credit card transaction.

EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or “chip cards”). A card enabled with EMV has a microchip that’s impossible to duplicate. It requires a Personal Identification Number (PIN) or a signature to process the transaction.

The process of converting information into an unintelligible form except to holders of a specific cryptographic key. Use of encryption protects information between the encryption process and the decryption process (the inverse of encryption) against unauthorized disclosure.

Fleet cards 
Private label credit cards designed for repairs, maintenance and fueling of business vehicles.

Also known as a trailer, the footer is text printed at the bottom of a sales draft. A merchant can customize the footer (i.e., Have a Nice Day, No Refunds, Thank You for Shopping With Us, etc.).

Gift Card 
A plastic card with an assigned dollar value issued to a cardholder for use at accepting businesses. A gift card typically replaces a paper gift certificate.

Hand-Keyed Transaction 
The process of keying an account number for a transaction versus swiping a card through a magnetic strip card reader to read the primary account number.

The process of manually making a print of the embossed information from a credit or debit card. This is required in a face to face processing environment where a magnetic swipe card reader is unavailable to swipe a credit card or a receipt printer is unavailable.

Independent Sales Organization (ISO)    
A company that is registered with Visa to represent a financial institution for the purpose providing processing services to merchants.

The standardized electronic exchange of financial and non-financial data associated with sale and credit of data between merchant acquirers and card issuers on various types of MasterCard and Visa transactions.

Interchange Fee    
The predetermined amount that the merchant bank pays the issuing bank for a transaction. Visa and MasterCard set Interchange fees based on a variety of categories such as card types, industry types, and processing environment. There is one set of Interchange fees for all Visa and MasterCard acquiring and issuing financial institutions.

Internet Service Provider (ISP) 
Internet Service Providers (ISPs) are the Website Hosting companies that provide a home for merchant’s web sites.

Invoice Number (Ticket Number)    
A merchant-defined alphanumeric field that prints on the customer receipt. The invoice number is also required to help qualify a hand keyed transaction for the lowest possible Interchange level.

Issuing Bank    
A financial institution that issues cards to consumers and businesses.

Level II Transaction 
A Level II transaction contains additional amount of data that is provided for purchase/commercial cards. A Level II transaction includes Sales Tax Amount and Commercial Card Customer Code (many times the customer’s purchase order number).

Level III Transaction 
A Level III transaction contains additional amount of data that is provided for purchase/commercial cards. A Level III transaction includes line item data which are details around what the consumer is purchasing. Level III transactions also include enhanced data such as a summary commodity code, ship to/from ZIP code, freight/shipping amount, etc.

Loyalty Card    
A plastic card that identifies participants in a loyalty program. Loyalty programs reward cardholders as they buy more merchandise.

Mail Order/Telephone Order (MO/TO) 
A transaction that is not conducted face to face between the merchant and the cardholder.

Magnetic Stripe 
A strip of magnetic tape affixed to the back of credit cards containing identifying data, such as account number and cardholder name.

Magnetic Stripe Data (Track Data) 
Data encoded in the magnetic stripe used for authorization during transactions when the card is presented. Data includes account number, expiration date, name and service code.

Manual Close 
A batch close that must be initiated by the merchant on a daily basis (also known as merchant initiated batching), as opposed to an auto close at a pre-set time.

An association of financial institutions set-up to both issue cards to consumers and businesses and accept cards for payment of goods and services by businesses.

Customer of a processor/acquirer.

Merchant Account    
The type of account used to accept card-based payments.

Merchant Agreement    
The agreement that governs the processing arrangement between the merchant and the acquiring bank. This typically includes the rates and fees charged the merchant as well as the terms and conditions.

Merchant Identification Number (MID)    
This number is generated by a processor/acquirer and is specific to each individual merchant location. This number is used to identify the merchant during processing of daily transactions, rejects, adjustments, chargebacks, end-of-month processing fees, etc.

Member Services Provider (MSP)    
A company that is registered with MasterCard to represent a financial institution for the purpose providing processing services to merchants.

Monthly Discount    
The process of deducting the processing fees once a month from the merchant’s settlement account. The monthly discount method of billing makes reconciliation very easy for the merchant compared with daily discount billing.

NFC (Near Field Communication) 
A form of short-range wireless communication, an antenna and chip embedded into a device (e.g., smartphone) permits merchant payment by waving the device over a card reader to make a purchase.

Payment Applications.

Payment Application Data Security Standards (PA-DSS) 
The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data.

Payment Card Industry Data Security Standards (PCI DSS) 
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures.

Payment Gateway 
A combination of software and hardware that provides a secure interface to the processing network.

Payment Processor 
A company that routes transactions from merchant locations to card issuers for authorization and settlement.

Payment Card Industry.

PCI Security Standards Council 
Open global forum that is responsible for the development, management, education and awareness of the PCI Data Security Standard (PCI DSS) and other standards that increase payment data security.

PCI Compliance 
PCI Compliance refers to industry-mandated security standards that apply to all businesses that handle, process or store credit or debit cards. The three PCI compliance standards are PCI DSS, PA-DSS and the PCI PED.

PCI Compliance Deadlines 
Deadlines for merchants, service providers and software applications to be compliant with the corresponding PCI standard.

Personal Identification Number (PIN) 
The secret code that a cardholder inputs to identify themselves during a financial transaction.

PC Software 
A software program that is designed to perform a specific function on a computer system. Examples would be accounting systems, manufacturing systems, order entry and fulfillment, ticketing, reservations systems. The application is either purchased or built by the merchant, and must be interfaced with a credit card authorization system in order to provide integrated transaction processing.

Point-to-point Encryption 
Point-to-point encryption ensures cardholder data is protected from card swipe all the way through to the processing banks. State of the art encrypted magnetic card readers scan and encrypt cardholder information prior to performing an electronic payment transaction.

Private Label Cards 
Credit, debit or stored-value cards that can be used only within a specific merchant’s store. Also referred to as proprietary cards.

Procurement/Purchasing Cards 
Charge cards used by businesses to cover purchasing expenses, such as raw materials or office supplies.

Point- of-Interaction (POI) 
The initial point where cardholder data is read from a credit card; generally this is the keyboard where manual entry is made, or the card reader itself.

Point of Sale (POS) 
A location where credit card transactions are performed with the cardholder present, such as a retail store. The card is read magnetically, and the cardholder’s signature is obtained as insurance against the transaction.

POS Terminal 
Equipment used to capture, transmit and store credit card transactions at the point of sale.

Primary Account Number (PAN)    
The account number given to a cardholder’s credit or debit card account. The PAN is typically both printed and embossed on the cardholder’s credit or debit card.

Real-Time Processing 
The action of processing transactions one at a time for instant approval. Typically real-time processing occurs in situations where the merchant wants an authorization immediately such as retail and restaurant locations as well as many Internet processing environments.

A printed record of a transaction including information such as; merchant name, address, phone number, date and time, amount, approval code, cardholder name, and signature.

Recurring Billing 
A tool for submitting and managing recurring or subscription-based, transactions.

Recurring Transaction    
A periodic transaction permitted by the cardholder. For example a monthly cable TV payment, insurance payment, etc. where the cardholder has authorized the merchant to charge their account on a predetermined basis.

Retrieval Request    
A request by the issuing bank to a merchant for documentation concerning a transaction usually regarding a cardholder dispute or an improper sale or return.

Sales Draft (Ticket) 
A form showing an obligation on the cardholder’s part to pay money (i.e., the sales amount) to the card issuer. This is the piece of paper that is signed when making the purchase. Sales draft data can be captured electronically. See Electronic Data Capture.

Secure Payment Gateway 
Secure Payment Gateway companies help other processors conduct secure business on the internet using Secure Socket Layer (SSL) technology. They provide a system that passes credit card data, authorization requests, and authorization responses over the internet using encryption technology. The transaction information is sent by the payment gateway’s secure server to the credit card network where the validity of the card is checked and the availability of funds on that account is verified. An authorization code is then returned to the payment gateway. The authorization is encrypted by the payment gateway and transmitted in an encrypted form to the web server of the merchant.

The financial reconciliation process between merchants, processors, acquiring financial institutions and issuing financial institutions.

Shopping Cart Software Providers 
Shopping Cart Software Providers are software companies that either produce, utilize or resell Shopping Cart Applications (programs) that display merchandise and/or services, and take orders for merchants.

Smart card 
A credit-type card that electronically stores account information in the card itself.

Secure sockets layer is the industry standard that encrypts the channel between a web browser and web server to ensure the privacy and reliability of the data transmitted.

The written record prepared by the financial institution, usually once a month, listing all transactions for an account including deposits, withdrawals, and fees.

Equipment used to capture, transmit and store credit card transactions.

Terminal Identification Number (TID) 
An identifying number assigned to a device to process transactions.

Terminal Software 
Programming that determines the characteristics and features of the terminal.

When applied to data security, it is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token. The PCI Council uses the term “surrogate” to apply to the token, with tokenization a process by which the primary account number (PAN) is replaced with a surrogate value called a token.

Transaction Fee 
A per transaction amount charged to process a transaction.

Travel & Entertainment (T & E) cards 
Credit or charge card used by businesses for travel and entertainment expenses. Examples of these cards are American Express, Diners Club, Carte Blanche and JCB. Also see Corporate Cards.

Terminal Identification Number (TID) 
A unique number assigned to each POS terminal.

Third-Party Processor 
A Third Party Processor is an independent processor that is contracted with by a Bank or Processor to conduct some part of the transaction processing process. In the world of Internet Credit Card Processing, the Secure Payment Gateway Provider is another type of Third Party Processor.

The process of not printing the full primary account number and expiration date on a receipt.

Value Added Reseller (VAR) 
Third-party vendor that enhances or modifies existing hardware or software, adding value to the services provided by the processor or acquirer.

Virtual Terminal 
A tool that allows merchants to process credit card transactions from any computer with an Internet connection.

An association of financial institutions set-up to both issue cards to consumers and businesses and accept cards for payment of goods and services by businesses.

Voice Authorization 
An authorization that is obtained from the card issuer through an interactive voice system.

The process of deleting a transaction, usually because of operator error. Once a transaction has been voided, the corrected transaction can be entered and processed.

Learn more about TRI!