|
Acceptor:
A business that has qualified to accept credit or debit cards as payment.
Acquirer:
An acquirer is an organization licensed as a member of Visa / MasterCard as an affiliated bank or bank/processor alliance that is in the business of processing credit card transactions for businesses (acceptors) and is always acquiring new merchants.
Acquiring Bank:
An acquiring financial institution (or "acquirer") contracts merchants to enable credit card transactions. The acquirer deposits the daily credit card totals and debits the end-of-month processing fees from the merchants' accounts.
Address Verification Service (AVS):
The process of validating a cardholder's given address against the issuer's records, to determine accuracy and deter fraud. A code is returned with the authorization result that indicates the level of accuracy of the address match.
Adjustment:
An adjustment is initiated by the acquirer to correct a processing error. The acquirer debits or credits the merchant DDA account for the dollar amount of the adjustment.
Audio Response Unit (ARU):
This is an electronic authorization and capture product where the merchant uses a touch-tone telephone to process transactions.
Authorization:
The process of verifying the credit card has sufficient funds (credit) available to cover the amount of the transaction. An authorization is obtained for every sale. An approval response in the form of a code sent from a card issuing financial institution that verifies availability of credit or funds in the cardholder account to make the purchase.
Authorization Response:
An issuing financial institution's message reply to an authorization request. May include: Approval -- transaction was approved Decline -- transaction was not approved Call Center -- response pending more information, merchant must call the toll-free authorization phone number.
Auto Close:
A terminal feature that allows an end-of-day batch closing to occur automatically at a specified time, without having to be initiated by the merchant.
Average Ticket (Average Sale):
The average dollar amount of a merchant's typical sale. The average ticket amount is calculated by dividing the total sales volume by the total number of sales for the specified time period.
Batch:
The accumulation of captured credit card transactions in the merchant's terminal or POS awaiting settlement.
Botnet:
Also known as a zombie network. A collection of compromised computers connected to the Internet that can be controlled remotely by a botmaster.
Botmaster:
Hackers with command control over a botnet. Usually uses IRC channels to control zombies either individually or as a collective army.
Capture:
The submission of an electronic credit card transaction for financial settlement. Authorized credit card sales must be captured and settled in order for a merchant to receive funds for those sales.
Cardholder:
Customer to whom a card is issued or individual authorized to use the card.
Card Not Present:
A transaction where the card is not present at the time of the transaction. Internet, telephone or mail orders are card not present transactions.
Card Verification Value (CVV):
The three digit code printed in the signature panel on the back of the card. CVV is a method s of reducing the risk of fraudulent transactions.
Chargeback: A credit card transaction that is billed back to the merchant after the sale has been settled. Chargebacks are initiated by the card issuer on behalf of the cardholder. Typical cardholder disputes involve product delivery failure or product/service dissatisfaction.
Click Fraud:
The act of repeatedly clicking on pay-per-click ads for the purpose of defrauding advertisers and/or earning fraudulent commissions.
Close Batch:
The process of sending the batch for settlement.
Commercial Cards:
Credit or charge cards issued to businesses to cover expenses such as travel and entertainment and procurement. Includes the multiple payment card brands of purchasing cards, business cards, corporate cards and multi-utility fleet cards.
Compromise:
Intrusion into computer system where unauthorized disclosure, modification, or destruction of cardholder data is suspected.
Corporate Card:
Charge card designed for business-related expenses, such as travel and entertainment.
Credit (Reversal):
Nullification of an authorized transaction (sale) that has not been settled. If supported by the card issuer, a reversal will immediately "undo" an authorization and return it to the open-to-buy balance on a cardholder's account.
DDA Account:
This is the merchants Demand Deposit Account, otherwise known as the merchant's home town bank account.
Debit Card:
Payment card whose funds are withdrawn directly from the cardholder's checking account at the time of sale (online debit on a Debit Network) or after batch settlement (off-line debit on a Credit Card Network).
Deposit Correction Notice (DCN):
Adjustments (debits or credits) made for an out-of-balance condition due to various problems in the transmittal. The correction is made by the merchant's acquirer at the time of capture prior to being sent out for interchange.
Distributed Denial of Service Attack (DDoS):
An attack by a botnet that bombards the target website with so many requests that it effectively shuts the site down to legitimate traffic. DDoS attacks are usually accompanied by an extortion demand from the botmaster.
DSS:
Data Security Standard.
Discount Rate:
The percentage of sales amounts that the bankcard acquirer charges the merchant for the settlement of the transactions.
Electronic Date Capture (EDC):
Process of electronically authorizing, capturing and settling a credit card transaction.
Encryption:
Process of converting information into an unintelligible form except to holders of a specific cryptographic key. Use of encryption protects information between the encryption process and the decryption process (the inverse of encryption) against unauthorized disclosure.
Gateway:
Software which connects the merchant's website to the secure banking network.
Honeypot:
A trap set to detect, deflect or in some manner counteract attempts at unauthorized use of information systems and computer networks.
Interchange:
The standardized electronic exchange of financial and non-financial data associated with sale and credit data between merchant acquirers and card issuers on various types of cards.
Interchange Fee:
A fee paid by an acquirer to an issuer for transactions entered into interchange. There are multiple categories of interchange, each having its own criteria for its own categories. A transaction must meet the specified criteria for a category in order for that category's rate to be applied. Each transaction is evaluated individually, so various interchange rates may apply within one batch of merchant transactions.
Issuing Financial Institution:
The bank or other financial institution that extends credit to a cardholder through bankcard accounts. The financial institution issues a credit card and bills the cardholder for purchases against the bankcard account.
Keylogger:
Malicious code installed on a zombie machine that can track keystrokes of the user for purposes of harvesting usernames, passwords, identity data, credit card, or other financial information.
Manual Close:
A batch close that must be initiated by the merchant on a daily basis, as opposed to an auto close at a pre-set time.
Merchant:
A business that sells goods or services and has a relationship with a processor/acquirer.
Merchant Identification Number (MID):
This number is generated by a processor/acquirer and is specific to each individual merchant location. This number is used to identify the merchant during processing of daily transactions, rejects, adjustments, chargebacks, end-of-month processing fees, etc.
Mail Order/Telephone Order (MOTO):
Credit card transactions initiated via mail, email or telephone. Also known as card-not-present transactions.
Payment Application Data Security Standards (PA-DSS):
The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data.
PCI:
Payment Card Industry
Payment Card Industry Data Security Standards (PCI DSS):
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, and procedures.
PC Software:
A software program that is designed to perform a specific function on a computer system. Examples would be accounting systems, manufacturing systems, order entry and fulfillment, ticketing, reservations, etc. The application is either purchased or built by the merchant, and must be interfaced with a credit card authorization system in order to provide on-line transaction processing.
Pharming:
Similar to phishing. Pharming uses a false web site to fool targets into giving up usernames, passwords, and personal or financial information.
Phishing:
Impersonating a legitimate institution, such as a bank, for the purpose of harvesting login credentials and personal or account information in order to commit fraud.
Private Label Cards:
Credit, debit or stored-value cards that can be used only within a specific merchant's store. Also referred to as proprietary cards.
Processor:
A processor is the company that routes an Authorization Request and then arranges for Fund Settlement to the merchant.
Procurement/Purchasing Cards:
Charge cards used by businesses to cover purchasing expenses, such as raw materials or office supplies.
Real-Time Processing:
Real-Time Processing means that when a web site's customer conducts an online purchase, that the check or credit card information is conveyed to the processor and an authorization is requested and received at that moment.
Reserve Account:
Used to mitigate risk, a reserve account requires that merchants maintain a reserve account at the processor's sponsoring bank.
Risk Tools:
Gateway features that that allow merchants to configure rules for marking transactions as approved or flagged based on a variety of parameters.
Settlement:
The process of sending a merchant's batch to the network for processing and payment.
Terminal Identification Number (TID):
A unique number assigned to each terminal.
Value Added Reseller (VAR):
Third-party vendor that enhances or modifies existing hardware or software, adding value to the services provided by the processor or acquirer.
Zombie:
A computer connected to the Internet that has been infected by malicious code which allows it to be controlled by a cybercriminal.
|
