3-D Secure is an international security standard that is used to verify the identity of card users in online billing. It was developed to reduce the risks of unauthorized use of cards by third parties. 3-D Secure enables online card purchases a higher level of security, as s for each purchase it checks the cardholder's authenticity with his/her personal message and a one-time password sent to the SMS. This means an improved security for cardholders and also for online dealers from unauthorized use of cards.
As EMV is implemented worldwide, fraudsters are finding credit card fraud more difficult, so many are moving on to the more lucrative account takeover. In this version of identity theft, a fraudster gains unauthorized access to a customer’s account (ranging from banking and brokerage accounts to social media and store loyalty accounts), often through a data breach, malware or phishing. The fraudster then updates the account’s contact information so the victim no longer has control over the account. Often, the victim is unaware their account has been compromised.
Acquiring Bank / Acquirer
This is a bank or financial organization that carries out the whole range of operations to interact with bank card service points, which consists of terminals in the trade and service network and ATMs. Upon receipt of data on operations performed in the network, the acquirer sends them to the system for making appropriate calculations. The acquirer is responsible for refunds to merchants where purchases were made or services were paid for using cards.
Any third party acting on behalf of a bank, a financial institution or a non-bank institution (including an E-Money issuer or other payment services provider) to deal directly with customers, under contractual agreement. The term “agent” is commonly used even if a principal agent relationship does not exist under the regulatory framework in place.
AI (Artificial Intelligence / Advanced Machine Learning)
Artificial intelligence (AI) is everywhere these days, from chatbots to Amazon’s bi You Might Like” customer suggestion list. It was one of the top 10 strategic technology trends in 2016 according to Gartner, and few areas have leveraged it as fully as the fraud management industry. It lets even small businesses keep pace with the volume of transactional data coming and benefit from increased sales, reduced fraud and an improved customer experience.
This is a confirmation, a code sent by the issuing bank to confirm that the buyer's plastic card exists, is usable and the requested amount is within the allowed limit. Confirmation is requested during the authorization operation.
Arbitration occurs when an unbiased third party resolves a dispute between two parties outside litigation by hearing their evidence and testimony and making a ruling.
ASV (Approved Scanning Vendor)
Company approved by the PCI Security Standards Council to conduct external vulnerability scanning services to identify common weaknesses in system configuration.
ATM (Automated Teller Machine)
This is a device designed to receive cash using a plastic / smart card.
Method for verifying the identity of a person, device, or process attempting to access a computer. To confirm the identity/user is valid, one or more of the following is provided: (1) A password or passphrase (something the user knows); (2) A token, smart card, or digital certificate unique to the user (something the user has); (3) A biometric identifier, such as a fingerprint (something the user is or does
In a payment card transaction, authorization occurs when a merchant receives transaction approval after the acquirer validates the transaction with the issuer/processor.
A code, consisting of letters and numbers, sent by the issuing bank (Card Issuer), confirming the authorization. The authorization code must be included in the Sales Draft issued by the seller.
AVS (Address Verification System)
Address verification system (AVS) is a fraud filter many merchants use to prevent potentially fraudulent orders from processing. The system checks to ensure that the numerical portions of billing and shipping addresses a customer enters match those on file with the card-issuing bank; if they don’t, the transaction may be either automatically declined or flagged for manual review.
B2B (Business to business payment)
B2B payments usually include those made between two companies engaged in commercial activities.
B2P (Business to person payment)
B2P payments include salary payments.
BALANCE & TRANSACTION LIMITS
Limits placed on a financial services account, including E-Money accounts, such as limits on maximum balance, maximum transaction amounts and transaction frequency.
A collection of transactions that are processed together. Batch is part of batch processing, which is used in two situations: (1) Real-time batches - used for the settlement of pre-authorized transactions; (2) File batches - used to process together card-not-present transactions (authorization and settlement) of recurring nature, such as bill payments, subscription payments, etc.
This is a type of data processing in which a certain set of transactions is processed at a time.
Batch Transaction Cycle
Submission of a collection of transactions associated with a particular merchant account provided in a single batch file.
BIN (Bank Identification Number)
The first six digits (or more) of a payment card number that identifies the financial institution that issued the payment card to the cardholder.
BIOMETRIC IDENTIFICATION SYSTEM
A system that facilitates the identification of a person through biometric verification or by evaluating one or more distinguishing biological traits, such as fingerprints, hand geometry, earlobe geometry, retina and iris patterns and voice
The principle that access to systems or data is granted by a user’s business need—only what is necessary for a user’s job function.
Card Data / Customer Card Data
At a minimum, card data includes the primary account number (PAN), and may also include cardholder name and expiration date. The PAN is visible on the front of the card and encoded into the card’s magnetic stripe and/or the embedded chip. Also referred to as cardholder data.
Card-Not-Present Fraud / CNP Fraud
A card-not-present (CNP) transaction happens when a customer makes a purchase by mail, by phone or online, where the customer is not physically present to show the credit card at the time of purchase. This payment method is convenient for customers and essential to online retailers — but it’s also vulnerable to fraud. Cybercriminals steal credit card information — often by skimming or purchasing data on the dark web — and then use this information to make fraudulent purchases. These fraudsters often purchase high-value items, like electronics, to get the most “bang for their buck” before a cardholder realizes their account has been compromised. The merchant is generally liable for the losses associated with CNP fraud, which includes loss of product, shipping expenses, fees and penalties, and damage to reputation.
Data of a real-life credit card somewhere, which are used by the carder, as a rule, only for transactions via the Internet;
Professional criminals specializing in illegal activities in the field of circulation of plastic cards and their electronic details.
A type of agent that only provides cash-in and cash-out services. Due to their limited functions in a digital payment model, cash agents are usually viewed as less risky and are therefore subject to less stringent regulations than regular agents that perform account opening and loan processing.
A marketplace in which the iGaming products or services are paid for and received at the point of sale.
The process by which a customer exchanges cash for electronic value. Cash-in transactions are usually a credit to the customer’s E-Money account.
CASH-OUT / Pour
The process by which a customer exchanges electronic value for cash. Cash-in transactions are usually a deduction from a customer’s E-Money account.
Relying largely or entirely on monetary transactions that use electronic means rather than cash. In cashless transactions, payments are made or accepted without the use of hard cash.
In cashless transactions, payments are made or accepted without the use of hard cash. Cashless payments are digital methods for exchanging financial transactions between two parties.
A cashless society describes an economic state whereby financial transactions are not conducted with money in the form of physical banknotes or coins, but rather through the transfer of digital information between the transacting parties.
When a cardholder identifies a questionable transaction on a credit card statement, the cardholder can file a complaint with the credit card issuer. If the issuer determines the cardholder isn’t responsible for the payment (e.g., if the card has been stolen, or if the goods were never received), the issuer will refund the original transaction amount back to the cardholder. The issuer will then reverse any payment previously made to the merchant and charge the merchant an additional fee.
When a customer opens a chargeback dispute, most acquiring banks immediately return the transaction amount to the customer while the dispute is researched. The bank will also automatically deduct chargeback fees from the merchant’s account.
While chargebacks were established to protect customers against the losses that arise due to both identity theft and unfair merchant practices, customers are increasingly taking advantage of the loophole that automatically favors customers during a credit card dispute. In these scenarios, the customer files a chargeback on a legitimate transaction so they can keep the product and receive a full refund on the original purchase.
For merchants who accept credit cards, chargeback insurance provides a 100% guarantee that protects the merchant in the event the fraud solution partner approves a transaction that turns out to be fraudulent and results in a chargebacks. Should this happen, the fraud partner pays the entire cost of the chargeback.
Chargeback protection generally covers a portion of the losses a business might incur due to fraudulent transactions. Although chargeback protection works to limit fraud losses, it won’t reimburse merchants fully for chargebacks that happen. Instead, merchants receive invoice discounts based on pre-determined KPIs that aren’t met. Chargeback protection can vary greatly by vendor. Some vendors don’t cover against any losses, leaving merchants responsible for any and all chargebacks and penalties, and instead simply offer tools to help monitor transactions and identify fraud.
A merchant’s chargeback ratio is the number of chargebacks compared to overall transactions for a given month. As the number of chargebacks against a retailer rises, so does the ratio. It’s important to note that each card issuer calculates this ratio slightly differently. Visa, for instance, divides the current month’s number of chargebacks by the current month’s number of transactions.
Chargeback Reason Code
Chargeback Reason Code is a two-digit number that encodes the reason for the payment return.
Chip / EMV Chip
The microprocessor (or “chip”) on a payment card used when processing transactions in accordance with the international specifications for EMV transactions.
Chip & Signature / Chip & PIN
A verification process where a consumer uses their signature with an EMV Chip-enabled payment terminal when they made deposit or request for withdrawal.
This is an Internet server connected to a payment processor, which has everything you need to accept payments: software that stores information about all purchases and the total price, a database, etc. Commerce Server usually allows you to establish a connection over one of the secure protocols such as SSL.
This is an e-mail sent to the merchant by the payment processor containing information about the Batch files submitted to the processor.
Transaction that represents the decrease in customer’s debt in case of cancellation of transaction, applied bonuses, etc.
Agencies that collect and sell data related to an individual’s creditworthiness is called a credit bureau. While they have no direct say in whether a person is extended credit, credit bureaus collect valuable information that lets creditors decide how creditworthy an individual is.
Credit Card Fraud
Credit card fraud refers to theft in which a credit or debit card is used to pay for a transaction, with the intention to keep the goods and services without paying for them. Types of credit card fraud include identity theft, identity assumption and fraud sprees. Fraudsters may obtain a victim’s credit card data by buying the information on the deep web, by using skimmers at gas station pumps, or through corporate data breaches.
An individual who purchases a subscription to a merchant’s goods/services and pays for them either through the gateway or through an external system (for example, a terminal not integrated with the gateway), in cash/by check.
A record that holds critical data about the customer (a person or an organization) including basic demographic/contact information and activity-related information (such as current balance, letter flags, etc).
Resulting of all customer transactions that represent the actual amount of debt of a customer or a merchant. A positive (outstanding) balance represents the amount due on the customer´s next invoice. A negative balance means that the merchant owes money to the customer (can be the ground for a refund).
A record representing the movement of money on the customer´s account that results either in the increase (revenue transaction) or decrease (asset transaction) in customer’s debt.
CVV (Card Verification Values)
There are three- to four-digit numbers either on the back or front of credit cards that can help reduce the risk of credit card fraud. These numbers are printed on the card, rather than embossed or stored in the magnetic strip. As a result, requiring these numbers can minimize card-not-present fraud, since fraudsters will generally need to have the card in hand to have this information. Requiring a CVV for every purchase can add another layer of security to online transactions. If the number provided by the customer matches what the bank has on file, the transaction can be safely processed. Some credit card issuers will even provide one-time-use CVVs for online purchases, further increasing the security of transactions.
Dark Web / Dark Net / Deep Net / Deep Web
The dark web, is a hidden part of the worldwideweb that’s not indexed by traditional search engines like Google. Dark web sites use a layered network structure to encrypt web traffic within multiple layers and bounce traffic to random computers worldwide. Each bounce removes a layer of encryption, preventing anyone from matching the traffic’s origin with its destination.
The dashboard is a control panel in which a client activates the account. We define the type of account with regard to the acquiring bank and the offer (commissions, percentages, recurring payments, etc.) The Merchant can access the dashboard through which he/she has access to his/her account (overview of transactions, turnover status, etc.)
DDA (Demand Deposit Account)
A standard account (checking account), where funds can be transferred.
Unlike a credit card, the amount spent by the buyer is automatically deducted from his account. Debit card payments usually require a PIN.
A transaction that the issuer refuses to authorize the payment.
Deep learning, a collection of machine learning techniques, is a multilayered approach to learning that lets human analysts feed a learning algorithm and vast amounts of data to a computer and then has the computer teach itself how to make decisions about that data. The result: Deep learning uses an extensive neural network to ask (and answer) questions about the data and to extract numerical data, using the answers to solve problems that require thought and successfully manage the complexity of classifying datasets.
The moment when the operator forms (closes) the Batch file and sends transactions to complete.
The bank where the operator's funds, withdrawn from the players' card accounts, are sent.
In the context of tokenization, there can be cases when a merchant needs to retrieve a payment card or bank account number from a token that is stored within the gateway. For example, a merchant, integrated with gateway, wants to make a payment on behalf of its client in a store that is not integrated with gateway and needs a live card number for that. For such cases, gateway provides ability to detokenize a token via detokenization mechanism. Detokenization is done in two phases: (1) detokenization request is submitted via the API call. For this purpose, a service user with a corresponding priviledge assigned is used; (2) detokenization response is received via the user interface after a user gets re-authenticated and enters a token that needs to be detokenized. For this purpose, a human user is used.
A sequence of characters, obtained by means of asymmetric cryptography (Public Key Cryptography), attached to the message and confirming its authenticity.
The Fair Credit Billing Act, created in 1975, established the dispute (or chargeback dispute) process that lets customers question the validity of a transaction that appears on their statement. These disputes may arise due to situations like unauthorized charges, merchandise not received, failure to cancel recurring charges or defective merchandise. Customers may first contact the merchant directly in an attempt to resolve the dispute. If that fails, customers may file a chargeback with their credit card company to resolve the dispute.
E-PAYMENT / ELECTRONIC PAYMENT
Any payment made through an electronic funds transfer (EFT).
E-wallet / Electronic Purse / Digital Wallet
It is a smart card that stores digital cash (e-money). A digital wallet that facilitates online payments and is serviced by an intermediary such as PayPal, Skrill and Neteller. A program for paying for goods by credit card. Before buying something, the buyer registers in the payment gateway, receives a name and password, and then can make a purchase on any website that supports this type of digital wallet.
ECR (Electronic Cash Register)
A device that registers and calculates transactions and may print out receipts, but does not accept customer card payments.
EDI (Electronic Data Interchange)
This is a global computer network, separated from the Internet, used by banks and other financial institutions to process payments.
EFT (ELECTRONIC FUNDS TRANSFER)
Any transfer of funds initiated through an electronic terminal, telephone, mobile phone, tablet, phablet, computer system or magnetic tape for the purpose of ordering, instructing or authorizing a payment services provider to debit or credit a customer’s bank or E-Money account.
Electronic Data Capture
The use of a POS terminal to authorize and transfer transactions to a bank card processor or other MAP. The role of a POS terminal can be played by special software or a Payment Gateway.
Uniform international requirements for microprocessor cards, describing the requirements for the card, terminal and the process of information exchange between the card and the terminal.
Linking a credit card of a bank account to the online, with the ability to change their data via the Internet.
False Declines / False Positives
It happen when a legitimate transaction is flagged by a merchant’s fraud protection system and is inadvertently declined. It often occurs because a cardholder trips a merchant’s fraud detection program (for example, making a large purchase that’s being shipped somewhere other than the customer’s billing address) and is wrongly identified as a fraudster.
PCI Forensic Investigators (PFIs) are companies approved by the PCI Council to help determine when and how a card data breach occurred. They perform investigations within the financial industry using proven investigative methodologies and tools. They also work with law enforcement to support stakeholders with any resulting criminal investigations.
Fraud can refer to anytime a person gains something of value — ranging from money to physical goods to services — by engaging in deliberate criminal deception or omission. There are myriad types of fraud — including investor, accounting, credit card and insurance fraud — but the end goal is the same: A criminal knowingly receives a benefit they’re not rightfully entitled to.
A fraud analyst monitors customer or business accounts and transactions to identify and prevent suspected fraud. Transactions may be flagged for any number of reasons, including transaction type and amount, shipping/billing address mismatch, or a higher-than-usual volume. If the analyst sees a high-risk or a suspicious transaction, they will flag it for further analysis, which may involve contacting the account holder or conducting more research.
Fraud filters make it easier for e-commerce merchants to identify and respond to potentially fraudulent transactions. One of the most common is a purchase amount filter, which lets e-commerce merchants set upper and lower limits for transaction amounts. Any purchase that falls outside the range can be flagged and held for further review, processed as usual but trigger a report, or automatically declined. Because most merchants know their typical transaction size, setting the filter will notify them when unusual transactions occur. Fraud filters can be extremely effective when used properly. But if a merchant layers multiple filters incorrectly, the filters may not work as intended, with some rules being overruled by others and decreasing the efficacy of the system.
After a criminal fraudulently takes something of value from a merchant, the merchant experiences a range of fraud losses, from the product itself to the fees and penalties associated with any chargebacks to the reputational damage associated with fraud.
Fraud Managed Services
Fraud managed services focuses on preventing fraud from happening, rather than merely reacting to fraud attacks. With fraud managed services, a team of experienced analysts manages all aspects of the business’s e-commerce activity, actively watching transactions and implementing comprehensive chargeback management strategies to stop fraudulent orders before they’re approved. The fraud managed services provider may be liable for the fraud risk if a fraudulent transaction is approved.
Fraud Prevention Vendors
Every e-commerce business needs a fraud prevention solution, and many vendors are dedicated to monitoring and stopping fraudulent card-not-present transactions. Some vendors provide transactional analysis using advanced artificial intelligence (often as an outsourced solution); others use a managed services solution, in which a team of experts manages every aspect of an e-commerce business’s activity. Still other vendors combine the two for a hybrid approach to fraud management.
Fraud Protection Software
Some merchants integrate fraud protection software into their prevention strategies. These automated software programs help businesses identify risky transactions in real time and reduce the impact of customer fraud. Using algorithms, the software scans transactions from multiple sources, uses past transactional data to analyze risk factors and flags transactions for further analysis.
Friendly fraud occurs when a cardholder disputes (or files a chargeback on) a purchase because they forgot they made the purchase, another family member authorized the purchase, or even because the customer misunderstood the merchant’s return policy. What differentiates this type of fraud from others is that these customers aren’t trying to be deceitful; they’re simply making an honest mistake.
Gatweay / Payment Gateway
A payment gateway is a solution that connects merchants and their customers, allowing businesses to accept transactions for their services. Payment gateways process credit card payments and other electronic payments for organizations, including e-commerce and brick-and-mortar merchants, transferring key transactional data between payment portals and the front-end processor or bank. The payment gateway process is incredibly complex — it includes securing payment data according to PCI DSS standards, sending transaction data to the payment processor and processing the payment — yet it generally takes just seconds to complete. While banks often serve as payment gateways, payment service providers — like PayPal and Square — can also fill this role. The right payment gateway can help assure customers a website is trustworthy and can provide a seamless purchasing experience; choosing the wrong service can result in a decrease in sales and a loss of customer confidence.
It is a malicious computer program that generates digital identification details (conventional and electronic) of plastic cards (as a rule, an identification pair).
High-risk industries are those that are particularly vulnerable to online credit fraud and chargebacks, like merchants doing business in verticals such as gaming, adult entertainment, online gambling and travel. Because of this vulnerability, many credit card processors believe businesses in these industries are too risky to work with, leaving the businesses at the mercy of a high-risk credit card processor's less-than-desirable terms and conditions. They may find themselves stripped of even this agreement if the merchant can’t control their chargeback ratios.
A honeypot is a tempting set of data or an attractive computer system that lures fraudsters and counteracts their attempts to hack into or otherwise compromise an information system. Similar to a police sting operation, a honeypot acts as bait by appearing to be a legitimate part of a website; however, it’s actually being monitored by information technology professionals. Watching and recording this activity gives fraud prevention specialists insights into new modes of attack by fraudsters while also testing the security of network infrastructure.There are two kinds of honeypots: (1) Production honeypots are designed to look real; they’re also intended to keep a hacker busy while the system administrators ensure there are no other vulnerabilities in working production systems: (2) Research honeypots let professionals analyze hacker activity in an effort to shore up a system’s defenses. Uniquely identifying information that’s “stolen” from a honeypot may also be used to track the stolen data and identify hackers.
Automatic creation of a Batch file in a payment processor or payment gateway.
A computer that performs authorization and termination.
Host emulator is an internal emulator of transaction processing used for integration testing with the gateway. It emulates particular responses depending on the incoming parameters. For example, depending on the amount used in a transaction, it can generate approval or decline for a transaction.
Identity theft happens when fraudsters gather enough critical pieces of personal data about an individual (such as name, driver’s license number, date of birth and address) and pose as that person to open new accounts and make purchases. This may also be referred to as “true name identity theft.”
Integrated Payment Terminal
A payment terminal and electronic cash register in one device that takes payments, registers and calculates transactions, and prints receipts.
We are talking about integration of online payments when we want to link a payment module to a selected online store based on different platforms.
Integrator / Reseller
An integrator/reseller is a company that merchants work with to help set up their payment system. This may include installation, configuration, and support. These companies may also sell the payment devices or applications as part of their service.
Interchange Fee / Reverse Interchange
Interchange fee is a term used in the payment card industry to describe a fee paid between banks for the acceptance of card-based transactions. Usually, for sales/services transactions it is a fee that a merchant's bank (the "acquiring bank") pays a customer's bank (the "issuing bank"); and for cash transactions, the interchange fee is paid from the issuer to acquirer .
The technical capability to enable a connection between two or more schemes or business models, such as a payment services provider connecting to another payment services provider’s digital financial services model.
Enabling payment instruments belonging to a particular scheme or business model to be used or interoperated between other schemes or business models. Interoperability requires technical compatibility between systems, and can only take effect once commercial interconnectivity agreements have been concluded.
Transaction that represents the outstanding customer balance (increase in debt) to be paid by the customer for a purchased product or a service.
ISO (Independent Service Organization)
This is an organization that helps merchants to accept payments by plastic cards. Merchants should generally already have an open Merchant Account before working with ISO.
Issuer / Issuing Bank
An issuer, a bank that issues bank cards and opens card accounts for individuals and legal entities.
KYA (KNOW YOUR AGENT / AGENT DUE DILIGENCE)
Any third party acting on behalf of a bank, a financial The measures undertaken by a digital financial services provider to assess potential agents and their ability to carry out agent functions related to the provision of digital financial services.
KYC (KNOW YOUR CUSTOMER / CUSTOMER DUE DILIGENCE)
A set of due diligence measures undertaken by a financial institution, including policies and procedures, to identify a customer and the motivations behind their financial activities. KYC is a key component of AML/CFT regimes. CDD generally refers more broadly to the policies and procedures used by a digital financial services provider to obtain customer information and assess the risks of money laundering and terrorist financing posed by a customer, including detecting, monitoring and reporting suspicious activities.
The transformation of "dirty" money into "clean" money, that is, those whose illegal origin is impossible or extremely difficult to trace and prove; severing the connection between money and its illegal origin.
An operation to load digital cash into a digital wallet.
A record of the last digital cash loaded into a digital wallet.
This is the merchant's ability to see the contents of the Batch file from their terminal or ECR before or after the transaction is completed.
Locking / Card Blocking
Blocking any types of card, preventing its further use.
M-MONEY / MOBILE MONEY
A type of electronic money (E-Money) that is transferred electronically using mobile networks and SIM-enabled devices, primarily mobile phones. The issuer of mobile money may, depending on local law and the business model, be an MNO, a financial institution or another licensed third-party provider.
Some computer systems have the ability to “learn,” or make progressive improvements on a task based on algorithms and human input. This machine learning is frequently used with fraud software, allowing fraud prevention programs to make fast transactional decisions while minimizing risk exposure. As machine learning systems find fraud patterns in purchase data, and as they assimilate new data, they can make increasingly accurate predictions and become quite effective at flagging fraud. Yet they can’t work alone. These machines still rely on current data and analysts’ insights to make wellinformed decisions.
Manual Entry / Keyed Entry
Operation of manual input of card parameters from a computer keyboard or POS-terminal.
Merchant represents a customer (tenant) within the gateway. Serves as a logical grouping of data and configuration settings.
A merchant account is a holding account for receipt of credit and debit card transactions, prior to being transferred to your company accounts. Having a merchant account is essential to receive online payments, and must be set up through your payment provider. Once cleared, the funds will be transferred to your company account.
Merchant Bank / Acquirer / Acquiring Bank / Card Processor
A bank or financial institution that processes credit and/or debit card payments on behalf of merchants.
Merchant Category Code / Sic Code
This code, usually consisting of four digits and assigned by the acquiring bank to the merchant, reflects the main activity of the merchant.
Merchant statement is a summary of merchant’s activity over a certain period of time. It provides the information about a number of the processed transactions, splits, fees and charges collected and adjustments applied. Merchant statements can be of two types: (1) Deposit statement - a type of merchant statement that accompanies and explains remittances associated with all of the merchant’s transactions processed on a given business day. Deposit statement helps the merchant to understand the deposits in its bank account that result from transaction processing; (2) Reconciliation statement - a summary statement that explains merchant’s remittance activity and shows all of the associated processing fees over a defined time period, usually a month. Reconciliation statement helps a merchant to understand what merchant fees are charged and why.
A very small amount, perhaps less than a cent.
MNO (MOBILE NETWORK OPERATOR)
A company that has a government-issued license to provide telecommunications services through mobile devices. An MNO is also known as a telco. Due to their experience with high-volume, low-value transactions and large networks of airtime distributors, MNOs have been critical players in digital financial services.
An e-payment made through a mobile phone, tablet or phablet.
Mobile Payment Acceptance
Using a mobile device to accept and process payment transactions. The mobile device is usually paired with a commercially available card-reader accessory.
Method of authenticating a user when two or more factors are verified. These factors include something the user has (such as a smart card or dongle), something the user knows (such as a password, passphrase, or PIN) or something the user is or does (such as fingerprints, other forms of biometrics, etc.)
Near-Field Communication (NFC) Payments / Contactless Payments
NFC payments occur when two devices “talk” when they’re near each other and complete a transaction. Apple Pay, Android Pay and Samsung Pay are some of the most common NFC payment platforms. While many smartphones have this technology built-in, merchants must purchase an NFC-enabled payments reader to accept contactless payments. Because NFC mobile payments are dynamically encrypted, they’re considered a safe way to process transactions.
Designation of the state of the system, when before the execution of the transaction there is a connection with the central computer for authorization in real time.
While the Internet has made it easier to complete daily tasks, like shopping, banking and booking vacations, it’s also made it easier for fraudsters to carry out their cybercrimes. Some of the most common online scams include phishing, disaster relief scams and lottery winner scams. Unsuspecting customers are asked for —and often release — personal data that’s then used to make fraudulent purchases.
P2B (Person to business payment)
P2B payments include payments for the purchase of goods and services.
P2P (Person to person payment)
P2P payments include both domestic and international remittances.
P2PE (Point-to-Point Encryption)
The PCI Security Standards Council established P2PE standards improve the security of credit card transactions. During the P2PE process, transactional data is securely encrypted at the merchant’s point-of-sale entry and continues until the final credit card processing point.
Transfer of funds from the customer to the merchant that covers debts represented by invoices. The result of a payment transaction is obtained in real-time and is final.
Related to PA-DSS, a software application that stores, processes, or transmits cardholder data as part of authorization or settlement of payment transactions.
Payment Application Vendor
Vendor that sells applications that store, process, and/or transmit card data during payment transactions.
Payment Card Industry (PCI) Compliance
PCI is a set of requirements to ensure you protect your customers’ credit card information when stored, processed, or transmitted.
Payment facilitator is a commercial service provider that simplifies the process of registration and connecting Merchant who want to accept online payments. A Merchant does not need his/her own Merchant account but is connected to its account by the Payment Facilitator, which simplifies the connection procedures from months to days.
Payment fraud refers to any fraudulent transaction a criminal executes that results in stealing a victim’s money, property or sensitive data. While traditional fraud prevention controls used to be enough to prevent payment fraud, fraudsters now engage in subtle behaviors to trick unsuspecting customers to release personal information.
A general term for software that connects two or more, perhaps unrelated, payment applications together. For example, it may pass card data between an application on a payment terminal and other merchant systems that send card data to a processor.
Customer’s payment card or bank account encrypted and stored within the system.
Pricing plan, which determines how often and how much a customer has to pay.
The payment processor service ensures that a credit card has sufficient funds for payment. When this occurs, the funds are then authorised to be transferred to the merchant account. It updates the system status and transmits it back through the payment gateway to your website. Often the gateway and processor services are indistinguishable and are referred to as a single service.
PAYMENT SERVICES / Payment System
This is the term used by payment providers to describe different payment gateway options. These options will often have different capabilities and pricing structures.
Payment System Vendor
A vendor who sells, licenses, or distributes a complete payment solution to a merchant. The solution encompasses the hardware and software needed to handle payments within the store and provides a method to connect to a payment processor.
PCI-DSS (Payment Card Industry Data Security Standard)
The PCI-DSS (Payment Card Industry Data Security Standard) is a security standard for international payment systems (MasterCard and Visa). It provides a framework for the proper protection of card operation users. All organizations that process, transfer or store card data must meet the requirements of the PCI-DSS.
PED (PIN Entry Device / PIN Pad)
Keypad into which the customer enters their PIN.
Permission represents the ability to perform a particular action within the system on the lower level. A user with a particular permission can perform the corresponding action (e.g. view or modify the elements of the system or access different forms and do different actions within these forms). Permissions are associated with the security roles, allowing to control the access level of a particular user. They are also assigned to various elements of the user interface, defining what permissions will be nessesary for a user to have access to the forms and be able to execute the actions on the user interface or within the API.
A common scam by fraudsters is “pharming” attacks, which are similar in nature to “phishing” attacks, with one important difference: Phishing attacks require victims to click on a link to take them to the fraudulent website, whereas pharming attacks automatically install malicious code on a computer and misdirect users to fraudulent websites. Because this code requires neither consent nor knowledge to execute, many victims don’t even realize they’ve been targeted. Pharming attacks are increasing, in part because fraudsters are looking for new ways to collect sensitive personal data from Internet users who are learning how to avoid phishing attacks.
A form of social engineering and identity theft, phishing scams try to trick individuals into revealing personal information. Fraudsters typically contact victims by text, email or phone, posing as an authority figure or a seemingly legitimate company to get the victim’s confidential data. Phishers may also install malicious software on computers, infect computers with viruses or even steal personal information off of computers.
PIN (Personal Identification Number)
A unique number known only to the user and a system to authenticate the user to the system. Typical PINs are used for automated teller machines for cash advance transactions, or for EMV chip cards to replace a cardholder’s signature. PINs help determine whether a cardholder is authorized to use the card and to prevent its unauthorized use if the card is stolen.
Privilege represents the ability to access a particular API or gateway user interface. There are seven privileges that can be granted to the users in the gateway.
Processing Cutoff Time
The point of time when the realtime and batch transaction cycles are closed. This parameter is essential when the remittance is done by the gateway. Transactions settled in this time (in case of terminal capture) or by this time (in case of host capture) are included in the merchant statement on the same day and deposited to a merchant service provider. Processing cutoff time must be earlier than settlement cutoff time to ensure that all transactions processed in the gateway during the day are included in one settlement cycle.
Subset of settings within a Provider Profile responsible for connectivity and secure communication with a Provider. These include URLs, login credentials, encryption keys, etc.
PSP (PAYMENT SERVICES PROVIDER / Payment Provider)
An entity that provides services enabling funds to be deposited and withdrawn from an account; payment transactions involving transfers of funds; the issuance and/or acquisition of payment instruments such as checks, E-Money, credit cards and debit cards; and remittances and other services central to the transfer of funds. Payment services providers include banks and other deposit-taking institutions, as well as specialized entities such as money transfer operators and E-Money issuers.
PTS (PIN Transaction Security standard)
PTS is a set of modular evaluation requirements for PIN acceptance point-of-interaction (POI) terminals.
Raw Account Data
Unencrypted/untokenized credit card and bank account numbers.
The process of transaction processing that involves a transaction submission and returning of an immediate response.
Realtime Transaction Cycle
Submission of a collection of realtime transactions received within a particular period of time, for an associated account. A new RTC is created when all previous cycles close for that account, and a new transaction is received.
Merchants engage in risk management processes to identify, evaluate, analyze and prevent exposure to the risks that threaten capital and earnings. These risks come in many forms, including weatherrelated risks, liability judgments, employee theft and credit card fraud.
The method for complying with AML/CFT standards based on the general principle that, where there are higher risks, countries should require digital financial services providers to take enhanced measures to manage and mitigate those risks. Where risks are lower, and there is no suspicion of money laundering or terrorist financing activities, simplified measures may be permitted.
RR (Rolling Reserve)
A rolling reserve is a risk management strategy to protect the merchant and its banks from potential loss due to chargebacks. A portion of the credit card volume processed will be secured to cover for the potential business risk relating to chargebacks. Acquiring banks calculate the rolling reserve amount based on a certain percentage of each transaction (for example, between 5-15% on every transaction). Rolling reserves are kept on hold for 180 days and will be released at the end of this period.
A three- or four-digit value printed onto the front or back signature panel of a payment card. This code is uniquely associated with an individual card and is used as an additional check to ensure that the card is in possession of the legitimate cardholder, typically during a card-not-present transaction. Also referred to as card security code.
Security mechanism is a system of elements allowing to control how users can access the system as well as perform different tasks. User access is defined through three aspects: (1) Actions - deals with actions that a user can perform within the system. For example, access different perspectives and forms and perform tasks within these forms; (2) Data access - deals with data that a user has access to, for example, data associated with a particular merchant, reseller, etc; (3) Functions - deals with functions that a user can fulfill within the various business processes implemented in the system.
Sensitive Authentication Data
Security-related information used to authenticate cardholders and/or authorize payment card transactions, stored on the card’s magnetic stripe or chip
SET (Secure Electronic Transaction)
This is a system for ensuring the security of payment by bank cards, developed by VISA, MasterCard, Microsoft and several leading banks, based on public key encryption of information related to card parameters and the separation of information between transaction participants in such a way that none of the participants in the settlement has the entire information. With the SET standard, a buyer and a seller can uniquely identify each other by exchanging digital SET certificates.
Settlement / Capture
This is the second phase of the payment processing, when the previously authorized amount is withdrawn from the card holder’s account and transferred to merchant’s account. The general practice is to do this at the end of the business day.
Stealing card data directly from the consumer’s payment card or from the payment infrastructure at a merchant location such as with an unauthorized hand-held card reader or via modifications made to the merchant’s payment terminal. Its purpose is to commit fraud, the threat is serious, and it can hit any merchant’s environment.
A small merchant is typically an independently owned and operated business with a single location or a few locations, and with limited or no IT budget and often with no IT personnel.
SRED (Secure Reading & Exchange of Data)
A set of PCI PTS requirements designed to protect and encrypt card data in payment terminals. A PCI Council-listed Point-to-Point Encryption (P2PE) solution must use a PTS-approved and listed payment terminal with SRED enabled and actively performing card data encryption.
The result of individuals bypassing security systems through hacking or data breaches to access sensitive personal information. This information is used by hackers or sold on the dark web.
A sub-group of transactions that a batch contains. Batch transactions are split into sub-batches by the system to meet the requirements of a particular processor for the following reasons:
— Quantity limitation for the transactions included in one batch. If a batch contains a number of transactions that exceeds the fixed limit, it is divided into several sub-batches. The maximum quantity of the transactions included in one file submitted to the processor is defined in transactionSubBatchLimit property of the corresponding Processing Profile. If a sub-batch file contains less transactions than set in the limit, one file (Provider) is generated. In cases when a sub-batch contains a larger number of transactions, two or more files (Providers) are generated.
— The difference in how transactions are processed. For example, a batch may contain both direct debit and payment card transactions. In this case, sub-batches are created for processing to be properly performed within the system.
Submitter is a software platform, integrated with the gateway via API. For the integration of submitter within the gateway, service user is used. T
A payment ecosystem platform that enables payment transactions to be routed from one payment system participant to another, whether within the same network or between different networks or schemes.
This is a type of accepting card payments, when information about transactions is stored on the merchant's computer, and the latter manually forms a Batch from them and then sends it for payment.
Agents and others acting on behalf of a digital payment service provider, whether pursuant to a services agreement, joint venture agreement or other contractual arrangement. Digital payment providers should be liable for the actions of third-party providers acting on their behalf regardless of the third party’s legal status and whether they are agents or not. The relationship between the digital payment service provider and the third-party provider is usually regulated by the main MFS regulator.
A process by which the primary account number (PAN) is replaced with an alternative value called a token. Tokens can be used in place of the original PAN to perform functions when the card is absent like voids, refunds, or recurring billing. Tokens also provide more security if stolen because they are unusable and thus have no value to a criminal.
Refers to Top-Up cards that the Company may issue and offer for sale to the Account Holder to facilitate the funding of the Accounts.
An action between a cardholder and a merchant that results in activity in the cardholder's account and/or merchant's balance (for example, sale, credit, chargeback, etc) or non-financial transaction which is a record that registers the transaction that was processed by the internal system or other information that does not have financial implications (for example, activation/deactivation/transfer for gift cards, account verification, etc).
Transactions recorded in the order they were committed.
Parameter that defines how the transaction was initiated. From this point of view, transactions in the system can be of two types: (1) transactions that come from the submitter and their respective responses - sale-auth, sale, credit-auth, refund, decline, blacklist, void; (2) transactions that come from the processor – reversal, chargeback, return, notice.
Transaction processing is a process, by means of which electronic payments are executed. Transaction processing mechanism involves two principal phases: processing and funding. During the processing phase transactions are processed and funds are authorized through gateways, processors and card associations. During the funding process the actual money transfer is happening and funds are deposited into the bank account belonging to the owner of the account, on behalf of which transactions are authorized. The funding process itself can occur in two ways: (1) funds are transferred directly to the merchant; (2) funds are transferred into an intermediary account usually belonging to a 3rd party processor that functions as an agent on behalf of the merchant.
When submitted for processing, a transaction can obtain one of the following states:
— Approval - transaction that has been processed successfully.
— Decline - transaction that got declined. Note that due to specificity of processing flow of some payment providers, delayed declined state may be assigned to the transaction. Delayed decline is a successfully completed transaction subsequently declined by a processor after a certain period of time for a specific reason.
— Blacklist - transaction that has not been processed as the account is in the blacklist due to the previous hard decline.
— Blacklists are introduced to prevent problems induced by the fact that direct debit transactions do not get approved or declined in real-time like credit card transactions. To eliminate waiting for a certain direct debit return, every direct debit transaction is checked against a blacklist before it is submitted to the bank for processing.
— Error - transaction that has not gone through an internal validation of the gateway and has not been sent for further processing. The response code indicates the reason why the transaction was not processed.
— Void - transaction that has been reverted before settlement.
Note that the term void can refer either to transaction state or an operation that reverts the original transaction before it has been settled and cancels the transafer of funds from a customer’s payment card or bank account. No further action can be taken for a voided sale transaction. The range of states that can be assigned to a transaction may vary depending on the transaction type.
Transfer Wallet API
This is an optional API that lets the operator deposit money to the player's account, withdraw money from the player's account, and get the player's balance. To enable the Transfer Wallet API.
In the context of tokenization, gateway provides ability to remove unused tokens from the gateway. This can be done via untokenization mechanism. Untokenization can be done in one of two ways: (1) Automatically - tokens are removed automatically after 365 days of inactivity. (2) Manually - tokens are removed manually via the untokenization API call.
Valid or valid card; genuine card; identification details of a valid or genuine card.
Velocity filters monitor specific data elements (like email address, phone number and billing/ shipping addresses) and limits the number of transactions that a website can process in a certain time frame (e.g., an hour, a day) using this data. The effective use of velocity filters relies on a merchant understanding their good customers and knowing how large and how frequent their purchases usually are.
Verification is a process of confirmation of totals within a particular batch file. It is submitted to processing to a third party such as bank or processor.Verification information can be submitted in three ways: (1) via a phone call to the bank – gateway owner makes a call to provide file totals; (2) via an email notification sent to the bank – gateway sends an email with file totals that is automatically generated by the gateway;(3) via a file generated and uploaded to the bank – gateway generates a verification file and uploads it to the bank’s SFTP.
Verification file is a file used for confirmation of totals within an associated batch file. The information is generally used by a bank to confirm the accuracy of a batch file that has to be processed. Verification file is used for processing of both batch and remittance files. Verification file is a part of verification process.
Verified by Visa
Verified by Visa helps ensure the legitimate cardholder is the one making online purchases by working behind the scenes to analyze a customer’s purchase and compare it against usual payment behavior. If customers are using a new device, Verified by Visa may require a second authentication step — either a password or a code sent to the customer’s mobile phone — before the purchase is processed.
Virtual Payment Terminal
Web-browser-based access to an acquirer, processor or third-party service provider website to authorize payment card transactions. Unlike physical terminals, virtual payment terminals do not read data directly from a payment card. The merchant manually enters payment card data via the securely connected web browser. Because payment card transactions are entered manually, virtual payment terminals are typically used instead of physical terminals in merchant environments with low transaction volumes.
A member of an organized criminal group from among the employees of a merchant, acquirer or issuer.
Voiding is a transaction that cancels a purchase that has not been completed.
This is an API that GamingSoft triggers to manipulate the user's balance and Implemented by the operator.
A payment system of the Internet (used for criminal settlements when buying and selling information about the details of other people's cards, providing consulting carder services, etc.); money received from illegal activities on the Internet.
Wire is an operation of transferring funds between accounts. In the real world, a wire is an electronic money transfer from one account to another. In the gateway, it is a manual transfer of funds from a payment facilitator to a merchant's account.
Wireless Payment Terminal
Payment terminal that connects to the Internet using any of various wireless technologies.
Transfer of transactions with authorization codes to the payment processor in order to transfer money to the merchant's account.