Terms & Definitions Glossary
Merchant Services Dictionary of Credit Card Processing
Quick Index
- 2, 3 or 4 Tier Billing
- AAA
- ABA
- Access Control
- Account Number
- ACH
- Acquirer
- Acquiring Bank
- Acquirer Processing Fee (APF)
- Acquirer Program Support Fee
- AES
- AFD
- Aggregate Fee Percentage
- Approval Code
- Approved Scanning Vendor
- ASV
- Assessment
- Association
- Authentication
- Authentication Credentials
- Authorization
- Authorization Approval Code
- Authorization Response Code
- AVS
- AVS Response Code
- Basis Point
- Batch
- Batch Header Fees
- Bank Identification Number/BIN
- Blind Credit
- Chargebacks
- CERT
- Check Conversion
- Check Guarantee
- Check Reader
- Check Verification
- CIS
- Compensating Controls
- Corporate Purchasing Card
- CPS
- Credits
- Cross Border Assessment Fee
- Cryptoperiod
- CVV / CVV2
- Data Usage Fee
- DDA Demand Deposit Account
- Degaussing
- Discount Rate
- DSS
- EBT
- EDC
- EDI
- EIRF
- Effective Rate
- Electronic Draft Capture (EDC)
- Elite Card
- Enhanced Card
- ESN
- ESO
- ETF
- Factoring
- Firewall
- Flat Rate Billing
- Fleet Cards
- Floor Limit
- Forced Sale/Auth
- Front Rate
- Gateway
- Government Card
- Ghost Authorization
- Gross Billing
- GSA
- Hashing
- IIN / I.I.N.
- Independent Sales Organization
- Index Token
- Interchange
- Interchange Compliance
- Interchange Plus
- Interchange Reimbursement Fee
- International Acquirer Fee
- International Service Assessment Fee
- International Processing Fee
- International Service Fee
- Internet Protocol
- IP
- IP Address
- IP Spoofing
- ISO
- Issuer Identification Number
- Issuer Response Code
- Issuing Bank
- Large Ticket
- Level 1
- Level 2
- Level 3
- Loyalty Card
- Match List
- Merit Cards
- Major Industry Identifier (MII)
- Merchant Category Code (MCC)
- MCC / M.C.C.
- MICR
- Middleware
- Mid Qualified Rate
- Misuse of Authorization Fee
- NABU / N.A.B.U.
- NEC / N.E.C.
- Network
- Network Access and Brand Usage Fee
- Network Security Scan
- No Signature Required (NSR)
- Non Qualified Rate
- NSR
- Offline Debit
- Offline Sale
- Online Debit
- PA-QSA
- Payment Application
- PAN
- Payment Cards
- PCI Compliance
- PCI SSC
- PED
- PII
- PIN / P.I.N.
- POI
- POS / P.O.S.
- Post Authorization
- Preapproval Authorization
- Prior Authorized Sale
- Processing Integrity Fee
- Processor
- Purchasing Cards
- PVV
- Qualified Security Assessor
- QSA
- Quick Payment System (QPS)
- RDC
- Rebates
- Remote Deposit Capture
- Report on Compliance, ROC
- Report on Validation, ROV
- Response Code
- Retrieval Request
- Risk Analysis, Risk Assessment
- Router
- RSA
- SAQ
- Security Policy
- Security Protocols
- Self Assessment Questionnaire
- Settlement
- Settlement Network Access Fee
- SIC / S.I.C.
- Smart Card
- SQL
- SSC
- SSH
- SSL
- Standard Industry Code (SIC)
- Standard
- Straight Pass Through
- Strong Cryptography
- Surcharges
- Terminal ID
- Terminated Merchant List (TMF)
- TID
- Tier Billing
- TLS
- TPA
- TPS
- Truncation
- Travel & Entertainment (T&E) Card
- VAR sheet
- Virtual Terminal
- Visa Signature Preferred (VSP)
- Voice Authorization
- Void
- WEP
- World Cards
- WPA / WPA2
- Zero Floor Limit Fee
- Zero Interchange Program
- 2 Tier, 3 Tier, 4 Tier Billing
- Processing price structure in which individual credit card types are grouped or ‘lumped together’ into Tiers at contrived rates. Tiers may be labeled Qualified, Mid-Qualified, Non-Qualified or Debit/Check Card. Fixed rate would be single Tier billing. This billing is nearly always a disadvantage to merchants because Tier rates are usually higher than the individual card types they comprise. Interchange Plus pricing is the only truly honest, fair, transparent pricing because all card types are revealed at their true bank cost on the statement.
- 1 Tier (Flat Rate/Fixed Rate) — Worst possible scenario for merchants. All cards receive the Non Qualified rates. These may be 3% - 5% or more on all card types, even when debit interchange may only by 0.95%.
- 2 Tier — Includes Qualified & Non Qualifed rates only. Qualified may include Debit cards or Debit & plain basic credit cards. Non qualified will include all remaining card types (30-45 card types). This is the second worst pricing structure.
- 3 Tier — Includes Qualified (Debit), Mid Qualified (Rewards/Travel cards) and Non Qualified Card types (all remaining cards including business, foreign, and standard).
- 4 Tier — The most ideal of Tiered pricing, this includes all in the 3 Tier categories above but adds a Debit (Check Card) rate. Only Interchange Plus is a better price structure.
For a helpful article on Tiers: Tiers of Pain: Are you NonQualified?
- ABA Routing Number
- American Bankers Association (ABA). A unique, nine (9) digit Bank Identifying Number that directs electronic deposits to the proper bank. This number precedes the account number at the bottom of the check.
- AAA
- Abbreviation for “authentication, authorization, and accounting.” Protocol for authenticating a user based on their verifiable identity, authorizing a user based on their user rights, and accounting for a user’s consumption of network resources.
- Access control
- Mechanisms that limit availability of information or information-processing resources only to authorized persons or applications.
- Account Number
- See Primary Account Number (PAN).
- Acquiring Bank
- (or acquirer) The financial institution (or sponsoring bank) accepting the payments from a credit card holder (customer) on behalf of a Merchant. The Acquiring Bank has a contract (merchant account) directly with the Merchant or indirectly through an independent Processor providing the Merchant with a line of credit.
- Acquirer Processing Fee (APF)
- Currently 1.95¢ ($0.0195)— The Visa Acquirer Processing Fee applies to all U.S.-based VISA authorizations acquired in the U.S. regardless of where the issuer/cardholder is located. If your business is based in the U.S., the acquirer processing fee will be added to all Visa authorizations. similar to MasterCard NABU fee.
- Acquirer Program Support Fee
- Currently 0.55% — MasterCard fee applies under the same circumstances as the Cross-Border Assessment Fee (Domestic/Foreign), and nearly always combines with it, bringing the cost of the transaction to 0.95% above the normal card rate on MasterCards issued abroad.
- AES
- Abbreviation for “Advanced Encryption Standard.” Block cipher used in symmetric key cryptography adopted by NIST in November 2001 as U.S. FIPS PUB 197 (or “FIPS 197”). See Strong Cryptography.
- Aggregate Fee Percentage
- See also Effective Rate, a calculation of the total fees divided by total sales, expressed as a percentage. Formula: Total Fees/Total Sales Volume. Example: if total fees were $300.00 on $9,000 monthly credit card sales, the Aggregate Fee Percentage and Effective Rate would be 3.33%
- Amex
- Abbreviation for American Express.
- ASV, Approved Scanning Vendors
- organizations that validate adherence to certain DSS requirements by performing vulnerability scans of Internet facing environments of merchants and service providers. The Council has approved more than 130 ASVs.
- Approval Code
- Also called “Authorization Approval Code,” “Authorization Response Code,” or “Issuer’s Response Code.” (Also see Response Codes).
A six digit alphanumeric code assigned by the Issuer to identify the approval for a specific authorization request. This guarantees the merchant that funds will be available for 30 days, and freezes the card holder’s funds for 10-21 days, presuming proper protocols are followed.
A transaction resulting in an Approval Code is not final until the Batch containing the transaction is settled. Approval Codes containing letter characters are usually a result of a business, commercial, corporate, or purchasing credit card transaction.
A Preapproval Authorization may be processed to check the validity or credit limit of a credit card, which will generate an Approval code which must later be entered to complete the transaction using a Forced Sale.
NOTE: Once approved, you should save the Approval Code as you will need this to complete the sale later on your terminal, POS, software, online or directly with your Processor.
- Codes for TSYS [Total Systems] the largest network (formerly Vital)
- Assessment
- A licensing fee, like a royalty, which pays a percentage to the respective Association (brand of card) on every transaction. Visa and MasterCard assess 0.11% + 2¢ per transaction (see VISA APF fee or MasterCard NABU fee), Discover assesses 0.10% + 2¢ per transaction. Additional assessments apply to international cards and currency conversions, ranging between 0.4% - 0.8% above this and other fees.
- All Visa Interchange Rates may be found at usa.visa.com/merchants/operations/interchange_rates.html
- All MasterCard Interchange Rates may be found at www.mastercard.com/us/merchant/support/interchange_rates.html
- Association
- The association is the brand name of the Card which may be either the Visa Association, MasterCard (formerly MasterCharge) Association, Discover, American Express, Diners Club, Carte Blanche, JCB (Japan) and others. Associations charge a fee named “Assessment” on every transaction processed worldwide, whether or not this is reported on a Merchant statement. For example: if merchant is on Tiered billing, et al, actual processing fees may be hidden so that only the Tier qualification rate is shown.
- Authentication
- Process of verifying identity of an individual, device, or process. Authentication typically occurs through the use of one or more authentication factors such as:
- Something you know, such as a password or passphrase
- Something you have, such as a token device or smart card
- Something you are, such as a biometric, fingerprint, retina, facial recognition
- Authentication Credentials
- Combination of the user ID or account ID plus the authentication factor(s) used to authenticate an individual, device, or process.
- Authorization
- Granting of access or other rights to a user, program, or process. For a network, authorization defines what an individual or program can do after successful authentication. For the purposes of a payment card transaction authorization occurs when a merchant receives transaction approval after the acquirer validates the transaction with the issuer/processor.
- Authorization Approval Code
- see Approval Code
- Authorization Response Code
- see Approval Code
- Automated Clearing House (ACH)
- One of the group of processing institutions that have networked together to exchange (clear and settle) electronic transactions. Also a way of processing payment electronically like an eCheck (Electronic Check) in which the bank’s Routing number and Account Number are required and funds are transferred from the buyer to the seller account electronically.
- Automated Fuel Dispensor (AFD)
- A terminal device used to accept payment for fuel at a petroleum service station.
- AVS
- Address Verification System. Validates the billing address of the credit card to make certain the ZIP code and/or Street number or other information matches what is on file. This can also decrease credit card fraud if the thief does not have access to the card holder’s actual billing address.
Merchant may decide:
For best qualification rates on transactions, AVS should be used.- AVS match is ignored
- AVS match is optional
- AVS is required.
Remember, however, IF AVS Match is set to “required” and IF the customer has recently moved or does not remember which of his/her card is billed to which address and owns multiple addresses including homes and businesses, the transaction will not be approved until the address does match successfully. This may result in loss of sales. We recommend using Required AVS Match only on large ticket sales, as this will lower the transaction rate on matched AVS by at least 0.31%.
also see AVS Response Codes - AVS Response Code
- Part of a transaction response code generates a single letter code in response to the Address Verfication System (AVS) check. Most terminals and POS systems also offer an “AVS Only Check” for verification before the transaction is actually run if a merchant chooses. Here are the definitions of the possible response code characters:
- A — Street addresses matches, but the ZIP code does not. The first five numerical characters contained in the address match. However, the ZIP code does not match.
- E — Ineligible transaction. The card issuing institution is not supporting AVS on the card in question.
- N — Neither address nor ZIP matches. The first five numerical characters contained in the address do not match, and the ZIP code does not match.
- R — Retry (system unavailable or timed out).
- S — Card type not supported. The card type for this transaction is not supported by AVS. AVS can verify addresses for Visa cards, MasterCard, proprietary cards, and private label transactions.
- U — Address information unavailable. The address information was not available at the issuer.
- W — 9 digit ZIP code match, address does not. The nine digit ZIP code matches that stored at the issuer. However, the first five numerical characters contained in the address do not match.
- X — Exact match (9 digit zip and address) Both the nine digit postal ZIP code as well as the first five numerical characters contained in the address match.
- Y — Address and 5 digit zip match. Both the five digit postal ZIP code as well as the first five numerical characters contained in the address match.
- Z — 5 digit ZIP matches, but the address does not. The five digit postal ZIP code matches that stored at the VIC or card issuer's center. However, the first five numerical characters contained in the address do not match.
- B — Street address matches for international transaction. Postal Code not verified due to incompatible formats.
- C — Street address and Postal Code not verified for international transaction due to incompatible format.
- D — Street address and Postal Code match for international transaction.
- F — Address & ZIP match for this United Kingdom (UK) transaction.
- G — Address not verified for this international transaction.
- I — Address not verified for this international transaction.
- M — Address & ZIP match for this international transaction.
- P — Postal Code match for international transaction. Street address not verified due to incompatible formats.
U.S. DOMESTIC CODES:
INTERNATIONAL CODES:
- Basis Point
- Hundredth of a Percent. Also abbreviated BP. Examples:
1 basis point = 0.01% = 0.0001
50 basis points = 0.05% = 0.005
100 basis points = 1% = 0.01
2000 basis points = 20% = 0.2
30,000 basis points = 300% = 3.0
- Batch
- All of the credit card transactions (sales) occuring before Settlement (close of batch), which should be done at the close of the business day or when no more transactions are expected for the day. Batch close, also called Settlement, may be set to “Automatic” which is a preset time each day, or “Manual” which requires the Merchant to settle the transactions from the Terminal, software or POS system.
For the lowest transaction rates (best qualifications), batch every day, and do not let more than 72 hours pass between batches (settlements) or you may see transactions on your statement downgrade to EIRF or Standard, which may be 1-3% higher.
- Batch Header Fees
- An optional charge, although there is really no cost relating to batch settlement. Some processors use this in lieu of a Statement fee (which should not really exceed $5-10 per month) but some processors even charge both.
- Bank Identification Number (BIN or IIN)
- Also called Issuer Identification Number (IIN/I.I.N.). The first six (6) digits on every credit, debit, prepaid or gift card identifying the Issuer (bank) which operates and manages the account. There are over 100,000 BINs for over 9,000 banks issuing them worldwide. The first digit of the BIN is the Major Industry Identifier (M.I.I.).
The eight (8) digits before the last Check Digit on the 16 digit credit card is the Cardholder's account number.
- Blind Credit
- A Credit (Refund) applied to a transaction for which a record is not currently accessibile or available within the Merchant's records. The transcation ID number or original approval codes may not be known, but the credit can still be applied to the Cardholder's credit card. Note that a Merchant must be approved in advance for this capability and not all Processors support this function.
- CERT
- Carnegie Mellon University’s “Computer Emergency Response Team.” The CERT Program develops and promotes the use of appropriate technology and systems management practices to resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.
- Chargebacks
- Fees incurred when your customer refutes the validity of a transaction (by filing a Dispute) with his or her Issuing Bank who then forcibly reverses the transfer of funds. The Merchant may dispute the validity in which case Acquiring Bank and Issuing Bank shall reach an agreement. NOTE: frequent chargebacks adversely affect privilege to process credit cards, especially if more than 1% of all transactions result in chargebacks.
There are Four Types of Chargebacks:- Technical — Expired authorization, non-sufficient funds or processing error.
- Clerical — Duplicate billing, incorrect amount billed, or refund never issued.
- Quality — Consumer claims goods never received as promised at time of purchase.
- Fraud — Consumer claims they did not authorize purchase or identity theft.
- Check Conversion
- The process of converting a paper check into the form of an electronic debit.
- Check Digit
- The last digit on a credit card is the Check Digit, for validation using an algorithm where all of the numbers are added up in specific combination. The beginning of the Primary Account Number (PAN) is the BIN. For more information, see Anatomy of a Credit Card number.
- Check Guarantee
- A service that guarantees payment on each check presented, up to a limit defined by the account, provided that the merchant follows correct procedures in accepting the check. The guarantee service collects any returned items, in which the merchant typically follows a stringent set of procedures. See also Check Verification.
- Check Reader
- A hardware device that can be integrated to a terminal or point of sale (POS) device that reads the MICR line on a check for authentication, negative file comparison, or truncation.
- Check Verification
- An authorization service that allows merchants to look into a database to determine if customers have a history of returned checks. Merchants may also add checks that have been returned for nonsufficient funds (NSF).
- CIS, Center for Internet Security
- Non-profit enterprise with mission to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls.
- Compensating Controls
- Compensating controls may be considered when an entity cannot meet a requirement explicitly as stated, due to legitimate technical or documented business constraints, but has sufficiently mitigated the risk associated with the requirement through implementation of other controls. Compensating controls must: (1) Meet the intent and rigor of the original PCI DSS requirement; (2) Provide a similar level of defense as the original PCI DSS requirement; (3) Be “above and beyond” other PCI DSS requirements (not simply in compliance with other PCI DSS requirements); and (4) Be commensurate with the additional risk imposed by not adhering to the PCI DSS requirement. See “Compensating Controls” Appendices B and C in PCI DSS Requirements and Security Assessment Procedures for guidance on the use of compensating controls.
- Corporate Purchasing Card
- (see Purchasing Cards.)
- CPS
- Custom Payment Service refers to Visa cards authorized electronically, requiring qualification validation for the lowest rates.
- Credits
- Also ‘Returns.’ A full or partial refund of a sale to the Cardholder for a previous transaction not made during the current Batch. If a refund is needed during the current Batch, a Void must be issued instead, which cancels the transaction as if it never took place. Only the authorization attempt will appear in the cardholder's records.
- Cross-Border Assessment Fee
- Domestic — Currently 0.4% — The domestic MasterCard Cross-Border Assessment Fee applies to U.S. acquired transactions paid for with a card issued outside of the U.S. and settled in USD (US Dollars).
- Foreign — Currently 0.8% — The foreign Cross-Border Assessment Fee applies to international transactions settled by U.S.-based merchants in a foreign currency, requiring conversion to USD (US Dollars).
- Cryptoperiod
- The time span during which a specific cryptographic key can be used for its defined purpose based on, for example, a defined period of time and/or the amount of cipher-text that has been produced, and according to industry best practices and guidelines (for example, NIST Special Publication 800-57).
- CVV / CVV2
- CVV, CVV2, or Card Verification Value. Refers to either magnetic stripe data or printed number security feature located on the back of payment card. If you require this CVV, it will cut down on the use of card numbers stolen from credit card statements or plucked off of the Internet. Of course, if the thief has the actual credit card, then requiring the CVV has no benefit.
Data element on a card’s magnetic stripe that uses secure cryptographic process to protect data integrity on the stripe, and reveals any alteration or counterfeiting. Referred to as CAV, CVC, CVV, or CSC depending on payment card brand. The following list provides the terms for each card brand:
- CAV - Card Authentication Value (JCB payment cards)
- CVC - Card Authentication Value (JCB payment cards)
- CVV - Card Validation Code (MasterCard payment cards)
- CSC - Card Security Code (American Express)
- CID - Card Identification Number (Amex, Discover)
- CAV2 - Card Authentication Value 2 (JCB payment cards)
- CVC2 - Card Validation Code 2 (MasterCard payment cards)
- CVV2 - Card Verification Value 2 (Visa payment cards)
MasterCard, Maestro & Cirrus call this a CVC, or Card Validation Code. A card security feature. CVC 1 is a three-digit value encoded on Tracks 1 and 2 in three contiguous positions in the discretionary data field of a magnetic stripe on a MasterCard card, Maestro branded card, or Cirrus branded card. CVC 2 is indent-printed into the tamper-evident signature panel on a MasterCard card. Chip CVC is a three-digit value encoded in the Track 2 Equivalent Data field in three contiguous positions within the discretionary data field of the chip on a MasterCard card, Maestro branded card, or Cirrus branded card. The CVC is intended to inhibit the alteration or misuse of card data and enhance the authentication of the card.
CVV/CVV2 Response Code Definitions
- Space — CVV2 processing not requested
- M — CVV2/CVC2 Match
- N — CVV2/CVC2 not matched
- P — Not processed
- S — CVV2 should be printed on the card, but it was indicated that the value was not present
- U — Issuer does not support CVV2
- X — Service provider did not respond
- Data Usage Fee
- Applies to all Discover Card U.S.-based settled transactions. The Data Usage Fee is not assessed to authorizations that are not settled.
- Degaussing
- Also called “disk degaussing.” Process or technique that demagnetizes the disk such that all data stored on the disk is permanently destroyed.
- Demand Deposit Account (DDA)
- Any bank account.
- Discount Rate
- Your Processor's charge, expressed as a percentage rate plus a Per Item (P/I) fee on each transaction, and is set by your Processor or Merchant Services company. Example of a discount rate: 0.94 + 30¢.
The cost to process any credit card transaction always includes 3 fees: Processor's Discount Rate + Per Item Fee, Interchange Rate (% + P/I), and Assessment. Some processors hide these fees by combining them into a single fee, like Tier billing.
Discount Rates depend on factors like your industry type (retail, eCommerce, mail/telephone order, hotel, petrol, grocery, etc.) Certain types of businesses qualify for special pricing which can be very low, yet many processors do not pass these savings on to their merchants. See Merchants.
- DSS/D.S.S.
- Data Security Standards are the regulations and practices created and governed by the Payment Card Industry Security Standards Council or (P.C.I.). Also see PCI SSC.
- EBT
- Electronic Benefit Transfer (like Food Stamp Program) are electronic cards issued for government benefits from a Federal account to a retailer account to pay for products. EBT is used in all 50 States, the District of Columbia, Puerto Rico, the Virgin Islands, and Guam. EBT has been implemented in all States since June of 2004.
- Electronic Draft Capture (EDC)
- Electronic authorization and deposit of credit card transactions without submission of paper drafts to bank for payment — may also be referred to as capture. This would apply especially to all eCommerce merchants.
- EIRF
- Electronic Interchange Reimbursement Fee is a penalty assessed by Visa when address verification fails or transactions are settled (batched) late.
- Effective Rate
- (See also Aggregate Fee Percentage/AFP). A simple but effective benchmark revealing the real, actual percentage of fees that a Merchant is charged on all transactions. It is calculated by dividing the Total Fees Paid by the Total Volume of credit card transactions. (fees ÷ volume)%. Example: if total fees were $300.00 on $9,000 monthly credit card sales, the Aggregate Fee Percentage and Effective Rate would be 3.33%
E.R. is especially meaningful because it helps reveal hidden fees and inflated fees. Example: often a Discount Rate is low because “Back End” fees (surcharges, etc.) offset a low Front Rate.
- Electronic Data Interchange
- A computerized system that allows linked computers to conduct business transactions through a computer-to-computer exchange of standard business data according to agreed-upon data formats.
- Elite Card
- A MasterCard reserved for businesses or individuals with near perfect credit and high incomes and enjoy no Credit Limit on purchases, usually. These cost merchants a higher rate.
- Enhanced Card
- A MasterCard reserved for people of high incomes and higher credit limits. These cards do cost the merchant slightly more on interchange rates.
- ESN, Electronic Serial Number
- A permanent identification number used to recognize mobile devices.
- ESO, Encryption & Support Organizations
- An ESO is one that loads or injects software or encryption keys into ATMs, terminals or PIN pads.
- ETF
- Abbreviation for Early Termination Fee, which is a penalty Processors charge merchants for cancellation of contract or agreement prior to the expiration of the contract. The reasoning is usually that processors incur substantial expenses in signing up a new merchant including new equipment programming, file setup, billing administration, credit, background and TMF checks and network setup fees plus registration with associations.
ETF fees are usually not more than $300 and may be prorated based on number of months left on contract. Under special circumstances these fees may be waived. It may be worth it to pay an ETF if the savings and improved service to switch is substantial. Some processors require 30 days advance notice in writing before the automatic renewal of a contract. Merchant Services Group LLC does not auto renew.
For a helpful article on Cancellation Fees, read Reading the Fine Print: Understand ETFs
- Factoring
- A major violation of Association rules whereby one merchant processes credit cards for another merchant or another business not approved under the merchant’s processing application and agreement. This includes a business owner processing one's own personal or business credit cards to get cash from one's merchant account or for another business.
If a merchant is found practicing factoring, the merchant will not only lose one's merchant services account and be liable for major penalties, but shall also be added to the Match list, also called the TMF list, making it impossible to process credit cards through any processor or bank. The merchant can easily be caught and found guilty due to a cardholder dispute or chargeback.
- Firewall
- Hardware and/or software technology that protects network resources from unauthorized access. A firewall permits or denies computer traffic between networks with different security levels based upon a set of rules and other criteria.
- Flat Rate
- (see 1 Tier Billing, above.)
- Fleet Cards
- Fleet Cards are variation of commercial or corporate card to purchase goods and services for automobile/vehicle, aviation, or marine fleets.
- Floor Limit
- An amount that Visa and MasterCard have established for single transactions at specific types of merchant outlets and branches that once it reaches a certain amount authorization is required.
- Forced Sale, Force Authorization, Force Transaction
- The final step of a transaction from a Preapproved Authorization or Voice Authorization which requires an Approval Code to complete a transaction the merchant initiated up to 30 days earlier. This sale transaction is not final until Settlement of the Batch.
also called Post Authorization, Offline Sale, Offline Transaction.
- Front Rate
- A tactic some banks or processors use to lure in new merchants by offering a low qualified rate (like 1.69%) and inflating rates of the other cards, like rewards and business cards. The cards which do not fall under qualified rates may be lumped together as “mid qualified” or “non qualified.” Beware of suspiciously low rates. Some companies intentionally quote only their debit rate, neglecting to mention rates on all other card types.
- Gateway
- the middleman providing communication between your company’s software, website or hardware and your Processor. Some Processors ARE the gateway. Most gateway companies make software or provide e-commerce solutions (either invisibly on your website or as the shopping cart). Examples of Gateways include Authorize.Net/CyberSource, SkipJack, SlimCD, 3Delta, etc.
- Ghost Authorization
- An authorization that is approved but never cleared or settled), resulting in additional fees to the merchant. Visa and MasterCard claim these can adversely impact a cardholder’s open-to-buy credit availability, leading to increased declines and confusion at the point of sale. Visa calls the fee for this the Misuse of Authorization Fee, 9¢ ($0.09) while MasterCard calls it a Processing Integrity Fee at 0.25% of the authorized amount. Mastercard requires all authorizations as of 10/2016 be classified as preauthorization, final authorization or undefined authorization.
- Government Card
- A generic term for commercial purchasing cards (purchase cards) issued to federal, state, or local government agencies. It can refer to a Purchase, Travel, or Fleet card.
- Gross billing
- A method of pricing where the processor’s cost of the transaction (Interchange + Assessment) and the discount rate (processor’s charge) are blended, that is, combined together into one aggregate rate.
- GSA
- Government Service Agency — Credit cards issued to government agencies and officials.
- Hashing
- Process of rendering cardholder data unreadable by converting data into a fixed-length message digest via Strong Cryptography. Hashing is a (mathematical) function in which a non-secret algorithm takes any arbitrary length message as input and produces a fixed length output (usually called a “hash code” or “message digest”). A hash function should have the following properties:
- (1) It is computationally infeasible to determine the original input given only the hash code,
- (2) It is computationally infeasible to find two inputs that give the same hash code.
In the context of PCI DSS, hashing must be applied to the entire PAN for the hash code to be considered rendered unreadable. It is recommended that hashed cardholder data includes a salt value as input to the hashing function.
- Index Token
- A cryptographic token that replaces the PAN, based on a given index for an unpredictable value.
- Interchange
- Think of this as a Price List, Fee Schedule or Menu each Card Association (Visa, MC, Discover, Amex) assesses for every variation of card that they create, based on risk. Since different industry types and businesses are naturally higher risks, Interchange rates reflect that.
As of April 2019, Visa has 40+ card types ranging from debit, rewards, business and international while MasterCard carries 50+ with similar variations. Discover & Amex have much fewer.
- All Visa Interchange Rates may be found at usa.visa.com/support/small-business/regulations-fees.html#1
- All MasterCard Interchange Rates may be found at www.mastercard.com/us/merchant/support/interchange_rates.html
- Discover Interchange Rate Schedule may be found at https://www.fltreasury.org/treasury/cash_management/pdf/Discover%20Interchange%20Rates.pdf
- American Express Interchange Table can be found at https://merchant-channel.americanexpress.com/merchant/en_US/accept-credit-cards?linknav=us-merchsite-menutoolbar-acceptthecard&inav=merch_acceptthecard#section=pricingPlans_scroll
- A current review of all changes to interchange can be found on the News Page of this site, in chronology.
- Interchange Compliance
- There is really no such thing. The term may be used by unscupulous companies to scare or overcharge merchants.
- Interchange Plus
- A method of pricing rates where the Discount Rate (processor’s charge) is isolated from Interchange. Because the costs are transparent, it is more honest as it discloses where the fees are really going. However, it may confuse merchants who are not used to seeing “assessment” and “interchange.”
For a helpful article and to see if you have this, see this article: What Is Interchange Plus?
- Interchange Reimbursement Fee
- 1.) A fee that an acquirer pays to an issuer in the clearing and settlement of an interchange transaction, based on either the standard (paper-based) rate or electronic rate.
- Or 2.) A fee that an issuer pays to an acquirer for making a cash disbursement to a cardholder or check purchaser.
- IP, Internet Protocol
- Network-layer protocol containing address information and some control information that enables packets to be routed. IP is the primary network-layer protocol in the Internet protocol suite.
- IP Address, IP4 , IP6
- Also referred to as “Internet Protocol Address.” Numeric code that uniquely identifies a particular computer on the Internet. Since 1981, IPv4 (version 4) address contains 4 number sequences of 3 digits, each from 0 to 255, separated by a period "." so that the first possible number is 0.0.0.0 up to a maximum of 255.255.255.255
Although this allows for a maximum of 4.23 billion addresses (32 bits), this number is nearly exhausted and so this number system will be succeeded by IPv6 (or IP6), developed in 1998 and allows for up to 340 undecillion (thousand trillion trillion = 1036) unique addresses using 32 hexadecimals (a hexadecimal character has 16 possible digits: 0123456789ABCDEF).
Examples of each...
- IP4: 64.65.128.202
- IP6: 3ffe:1900:4545:3:200:f8ff:fe21:67cf
- IP Address Spoofing
- Attack technique used by a malicious individual to gain unauthorized access to computers. The malicious individual sends deceptive messages to a computer with an IP address indicating that the message is coming from a trusted host.
- ISO or Independent Sales Organization
- A company or individual contracted with a Processor to acquire new Merchants. Many ISOs provide customer support, technical support and installation support to its customers on behalf of the Processor. However, ISOs who sell off merchant accounts or who are prepaid an advanced commission have little incentive to continue customer service and support. See also TPA - third party agent/agency.
- International Service Assessment Fee
- Currently 0.4% — Combined with the International Acquirer Fee (0.45%) which totals 0.85% on transactions paid for by a Visa card issued outside of the U.S.A.. Introduced October 2009.
- International Acquirer Fee
- Currently 0.45% — Combined with the International Service Assessment Fee (0.4%) which totals 0.85% on transactions paid for by a Visa card issued outside of the U.S.A.. Introduced October 2009.
- International Processing Fee
- Currently 0.40% + 0¢ — is assessed on Discover transactions at US merchants, where the card issuing country is outside of the US. Introduced October 2009.
- International Service Fee
- Currently 0.55% + 0¢ — is assessed on Discover transactions, including Cash Advance, conducted at a merchant location in a country other than the country that the card was issued in. Introduced October 2009.
- Issuer Response Code
- see Approval Code or Response Codes
- Issuing Bank
- (or Issuer)the bank who issues the cardholder the credit card and assumes the greatest risk. This banking entity approves the cardholder based on their credit, assesses his or her credit limit, sets his or her APR and terms, and then funds (advances) the Merchant money for the purchase in advance before actually being reimbursed by the cardholder within/after a grace period. (may or may not be where customer holds checking/savings, or institutions like Capital One, Discover, American Express, B of A, General Motors, Ford, Chase, Citibank, Shell Oil, etc.)
- Large Ticket
- Visa and MasterCard have incentives for high price credit card transactions by offering special interchange rates. Large ticket transactions may be defined as those greater than $100,000, and may even exceed several million dollars. Large Ticket rates are lower rate than regular transactions but may only qualify if the business has been approved for such transaction volume in advance.
- Level 1
- Transactions which qualify as Level 1 and show on statement as L1 or Corporate Card L1 are business card transactions which did not qualify at the lowest rate due to missing or invalid information prompts when the sale was transacted. Prompts which were invalid or missing may include AVS (address verification), Sales Tax, P.O. number, or other fields left blank on a terminal or POS system.
- Level 2
- Transactions qualifying Level 2, shown on statement as L2 or Corporate Card L2 are business card transactions which DID qualify at the lowest rate because all fields/prompts were filled in correctly when the sale was transacted. Prompts include AVS (address verification), Sales Tax, P.O. number, or other fields on the terminal or POS system. For even lower rates, Merchants can request special Level 3 processing where additional prompts are included, which reduces risk of chargeback.
- Level 3
- Additional transaction prompts (questions required for electronic processing of each transaction). This supplemental information to achieve Level 3 qualification may include Customer Code, Invoice and Purchase Order number, Part Number, Item Description, Quantity, Unit of Measure, Unit Price, freight amount, duty amount, product or service ID, product or service description. Transactions which get approved as Level 3 are often a much lower rate and typically involve Business, Purchasing, Fleet, Government, Corporate and Commercial credit cards. Some Level 3 Large Ticket rates may benefit from flat rate transactions where no percentage is charged, only a transaction fee like $35.00, which is much cheaper than normal rates when transactions may be for $10,000 or more.
- Loyalty Card
- Any electronic card which is used only at a single Merchant's business for the purpose of earning discounts, free products and services, or rewards based on frequent buying. These usually have the Merchant's name and logo, and is provided by a 3rd party company (not the processor, but must be compatible with the Processor) to track purchases and manage customer information. This is an effective incentive to award your most loyal, frequent customers by giving back. These specialty or custom cards can be used on certain credit card terminals which also take regular bank cards and/or gift cards. Examples include TenderCard and Global eTelecom.
- Match List
- Member Alert To Control High Risk. Another name for Terminated Merchant File (TMF), below.
- Merit
- MasterCard calls its basic consumer cards Merit cards. Merit III means Swiped (card present) receiving the lowest rate because the cardholder is present (reducing risk). Merit I means Keyed In (card not present) which is assessed a higher rate, because of increased risk of identity theft.
- Major Industry Identifier (MII)
- The first digit of every credit card, debit, prepaid or gift card and also the first of six digits of the BIN (or IIN) number.
- 0 — ISO/TC 68 and other industry assignments
- 1 — Airlines
- 2 — Airlines and other industry assignments
- 3 — Travel and entertainment (Amex, Carte Blanche, Diners Club)
- 4 — Banking and financial (Visa)
- 5 — Banking and financial (MasterCard)
- 6 — Merchandizing and banking (Discover)
- 7 — Petroleum
- 8 — Telecommunications, Healthcare or other industry assignments
- 9 — National assignment (followed by a 3 digit country code)
The last digit on the card is the Check Digit, for validation using an algorithm where all of the numbers are added up in specific combination. For more information, see Anatomy of a Credit Card number.
- Merchant Category Codes (MCC)
- (see also SIC codes.) A four-digit number assigned to a business by MasterCard or VISA when the business first starts accepting one of these cards as a form of payment. The MCC is used to classify the business by the type of goods or services it provides. In the US it can be used to determine if a payment needs to be reported to the IRS for tax purposes. To determine your MCC, visit the IRS MCC section here: www.irs.gov/irb/2004-31_IRB/ar17.html.
- MICR
- Magnetic Ink Character Recognition, or MICR, is a character recognition technology used primarily by the banking industry to facilitate the processing of checks. The technology allows computers to read information (such as account numbers) off printed documents. Unlike barcodes or similar technologies, however, MICR codes can be easily read by humans.
MICR, or Magnetic Ink Character Recognition characters are printed in special typefaces with a magnetic ink or toner, usually containing iron oxide. As a machine decodes the MICR text, it first magnetizes the characters in the plane of the paper. Then the characters are passed over a MICR read head, a device similar to the playback head of a tape recorder. As each character passes over the head it produces a unique waveform that can be easily identified by the system.
- Middleware
- A software application or small computer hardware (or both) acting as a bridge between a Processor and another software application or POS system. A middleware program is usually sold by a third party to make a POS system compatible with other Processors which would not otherwise be. Essentially, it translates the credit card transaction language into another language used by other Networks. The most compatible universal network is T-Sys (Total Systems, but sometimes called Vital or VisaNet).
If a POS system advertises that it is compatible with First Data, it may require Middleware to be used with a Processor on the T-Sys network. "PC Charge" is an example of Middleware.
- Mid Qualified Rate
- (see 2, 3, 4 Tier Pricing above.
- Misuse of Authorization Fee
- Currently 4.5¢ — The Misuse of Authorization Fee applies to Visa authorizations that are not followed by a matching clearing transaction (or in the case of a cancelled or timed out authorization, not properly reversed). Introduced October 2009.
From Visa: “The Misuse of Authorization System fee only refers to authorizations that do not have corresponding settled transactions. Merchants may process an Auth Only with the Forced Sale transaction processed a few days later (the original authorization is subsequently used). Note: The auth amounts and settled amounts do not have to match.
“Misuse of Authorization fees are assessed on approved or partially-approved authorization transactions that cannot be matched to a clearing (settled) transaction or an authorization reversal. Clearing must occur within 10 days of authorization for all merchant categories, with the exception of T & E merchants, which must clear transactions within 20 days of authorization, regardless of the transaction date.
“Visa implemented this penalty fee to reduce the occurrence of ‘ghost authorizations’ (authorizations that are approved but never cleared), as these can adversely impact a cardholder’s open-to-buy, leading to increased declines and confusion at the point of sale. To clarify, authorization reversals will only occur for a cancelled sale, or a timeout. An authorization reversal cannot be manually processed by the merchant.”
“Visa Operating Regulations allow for $1 (one dollar) status check transactions for automated fuel dispenser and select lodging merchants, but other merchants must utilize the $0 account verification message.”
- NEC (N.E.C.)
- Abbreviation for “Not Elsewhere Classified”
- Network Access and Brand Usage Fee (NABU)
- Currently 1.85¢ ($0.0185) — Applies to all U.S.-based MasterCard settled transactions. The NABU fee is not assessed to authorizations that are not settled. similar to VISA Acquirer Processing Fee (APF).
- Network
- The electronic bridge made up of telephone/T1 wires connecting bank computers, Processors, and Credit Card Terminals all over the world. Each Network speaks its own language, a proprietary encryption code that is shared only with its partners.
- Some Bank Processors own their own Network, like First Data, Chase/Paymentech, but most are independent and charge Processors a fixed transaction fee for each access ranging from 2¢ to 6.5¢, where high speed connections over the internet are cheaper and dialup connections are much slower and require more overhead, which costs 2-5¢ more per transaction.
- PIN-based Debit Networks are both faster and more reliable because authorizations happen in real time and instantly transfer money into the Merchant’s bank within 36 hours. With credit cards, however, Issuing Banks have to wait until the cardholder pays their bill.
- Examples of Credit Networks include T-Sys (Total Systems originally called Vital and VisaNet, is the largest single payment platform in the world), CardNet, Omaha, NDC, Nova, Global & Concord.
- Examples of Pin-based Debit Networks include Pulse, STAR, NYCE, Maestro, Interlink, AFFN, Shazam, Accel, MPact, Instant Teller, Tyme, Alaska Option, Credit Union 24 and Jeanie.
- Debit networks have been growing increasingly greedy by not only charging transaction fees as high as 18¢, but also insisting on a percentage of the transaction as high as 0.75%, which varies depending on which Debit Network used for the cardholder’s bank or credit union.
- Network Security Scan
- Process by which an entity’s systems are remotely checked for vulnerabilities through use of manual or automated tools. Security scans that include probing internal and external systems and reporting on services exposed to the network. Scans may identify vulnerabilities in operating systems, services, and devices that could be used by malicious individuals.
- No Signature Required (NSR)
- Visa, MasterCard, American Express & Discover now offer this program to speed up the transaction process for fast paced businesses. Benefits & restrictions include:
- Transactions must be on U.S. issued cards of $25 or less from eligible MCCs (Merchant Category Codes)
- Card must be magnetic swiped or contactless in face-to-face environment (or unattended environment if $15 or less)
- Transaction receipt does not need to be given to customer unless requested.
- Non Qualified Rate
- (see 2, 3, 4 Tier Pricing above.
- Offline Debit
- An off-line debit card does not deduct funds from the checking account immediately. Transactions are processed like a regular credit card and the funds are not deducted for approximately 24-72 hours. Off-line debit cards have a MasterCard, and Visa, or Discover logo.
- Offline Sale, Offline Transaction
- see Force Sale. A transaction which had already been initiated by Preapproval Authorization, and a Approval Authorization Code has been generated. The transaction is not final until Settlement of the Batch.
- Online Debit
- An on-line debit card deducts funds from the bank account immediately, as soon as the card is used. There is no delay for processing the transaction. On-line debit cards can either have the MasterCard, Visa, or Discover logo, or they can have only the user’s logo, like an ATM card.
- Primary Account Number PAN or P.A.N.
- Numerical code consisting of 14 or 16 digits both embossed on a payment card and encoded on the magnetic strip. First 6 digits identify the Issuer of the card, remaining 7 to 9 digits identify the card holder’s account number except for the last number, the check digit for authentication. "PAN masking or PAN truncation is an anti-fraud measure required which blocks all digits except for the first 6 digits and last 4 digits of the card usually printed on receipts or stored. Example: 123456******7890
- Payment Application
- Any application that stores, processes, or transmits cardholder data as part of authorization or settlement.
- PA-QSA
- Abbreviation for “Payment Application Qualified Security Assessor,” company approved by the PCI SSC to conduct assessments on payment applications against the PA-DSS.
- Payment Cards
- For purposes of PCI DSS, any payment card/device that bears the logo of the founding members of PCI SSC, which are American Express, Discover Financial Services, JCB International, MasterCard Worldwide, or Visa, Inc.
- PCI Compliance
- Major Issuing Banks created PCI (Payment Card Industry) compliance standards to protect personal information and ensure security when transactions are processed. Due to the acute rise in data breaches, hackers and identity theft prevalent, all processors now charge breach insurance or PCI Compliance fees to insure against such a breach, which could result in hundreds of thousands of dollars in damages and fines.
- Note — this applies especially to businesses and institutions which process credit cards using a computer where cardholder information is stored or card numbers are transmitted online. However, if a Gateway completes the online transaction, the Gateway usually assumes the responsibility for PCI compliance. (more info on PCI compliance)
- Banks, Processors, Gateways and Merchants ALL must follow PCI standards in order to accept credit cards. Failure to comply could result in fines or revoking your ability to accept credit cards, although it is not governed by Law. There are Six (6) Standards which must be met. (see here)
- One example of being PCI Compliant includes never keeping a Cardholder’s entire 16 digit credit card number, expiration or CVV2. A merchant should only reference a card by the first 6 digits and last 4 digits of the card, and nothing else. Entire credit card numbers should NEVER by stored on site, saved in computers, mobile devices or Emailed.
- Saved credit card information may still be accessed by secure, encrypted remote log in to your Processor, Gateway or Bank because these companies have a PCI certified secure environment. Saving credit card information in this way is allowed for Manual or Automatic Recurring transactions, like a subscription or auto-renewal.
- PCI SSC
- Payment Card Industry Security Standards Council. See https://www.pcisecuritystandards.org/
The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.
- PED
- PIN Entry Device
- Personally Identifiable Information, PII
- Information that can be utilized to identify an individual including but not limited to name, address, social security number, phone number, etc.
- PIN / P.I.N.
- Personal Identification Number usually consisting of 4 numbers used to authenticate Debit (Check Card) transactions with no signature or AVS required. Secret numeric password known only to the user and a system to authenticate the user to the system. The user is only granted access if the PIN the user provided matches the PIN in the system. Typical PINs are used for automated teller machines for cash advance transactions. Another type of PIN is one used in EMV chip cards where the PIN replaces the cardholder’s signature.
- POI
- Abbreviation for “Point of Interaction,” the initial point where data is read from a card. An electronic transaction-acceptance product, a POI consists of hardware and software and is hosted in acceptance equipment to enable a cardholder to perform a card transaction. The POI may be attended or unattended. POI transactions are typically integrated circuit (chip) and/or magnetic-stripe card-based payment transactions.
- POS/P.O.S.
- Point of Sale system, refers to any electronic credit card terminal, credit card software or computer system including Touchscreens, Kiosks or Virtual Terminals, where credit card transactions may be keyed and/or swiped online in a web browser or software application or Gateway.
- Post Authorization
- another name for Forced Authorization.
- Preapproval Authorization
- An attempt to test a cardholder’s credit card for validity and credit limit before processing a sale transaction to protect the merchant who presumes the credit card to be valid before rendering service, as in the case of a hotel offering advance reservations or a bar offering a tab to patrons. Credit card terminals have this option, which may be called “Auth Only,” which generates an Approval Authorization Code if successful, and can later be used with a Forced Sale to complete the transaction.
also called Prior Authorized Sale.
- Prior Authorized Sale
- another name for Preapproval Authorization.
- Processing Integrity Fee, PIF
- Introduced April 2011 by MasterCard originally at 4.5¢ ($0.045) and now at a whopping 0.25% of the authorized amount, this is the Fee MasterCard charges to discourage merchants from authorizing a cardholder's MasterCard but never charging the customer and closing (settling) the batch. Authorizations, even if not ever completed or settled, affect the customer's "open to buy" available credit. Similar to Visa's Misuse of Authorization Fee. Mastercard requires that authorizations be entered by Merchant as either Preauthorization, Final authorization or undefined authorization to add clarity for cardholders.
While both Visa and MasterCard assess fees when authorized (approved) transactions cannot be matched to a clearing settlement record or an authorization reversal, Visa allows 10 days (20 days for T & E merchants) while MasterCard provides a 120 day window (with T &E merchant segments initially exempt).
Both Visa and MasterCard now penalize the occurrence of “ghost authorizations” (authorizations that are approved but never cleared), as these can adversely impact a cardholder’s open-to-buy, leading to increased declines and confusion at the point of sale. However, within Visa’s program the authorization amount and settled amount do not have to match whereas MasterCard will apply its Processing Integrity Fee if the final transaction amount was less than the authorized amount or the authorized amount varies from the subsequent clearing message amount.
- Processor
- A bridge between your customer’s bank (that issued card) and your business bank account. The Processor must either be or also have an Acquiring Bank if it is a non-Bank Processor, like TransFirst).
Processors assume risk because they guarantee the Issuing Bank that the charge was secure, legitimate (no fraud involved) and assume additional risk because they cover network fees, gateway fees and Interchange fees while waiting to recoup expenses for these fees at the end of the statement period.
NOTE: Some processors may withdraw fees daily. Processors also provide customer service, terminal support, software support and/or gateway support. Processors usually get new business by contracting with ISOs (Independent Sales Organizations).
- Purchasing Card
- (also P-Card) A business to business or business to government card usually used for small purchases which would normally require a Purchase Order, Invoices or Checks, thus saving unneeded paperwork and making companies more efficient. Advantages include:
- Streamline efficiency, reduce paperwork.
- Easy tracking and daily accounting where large companies can easily link purchases made to different vendors, to the proper departments within the company.
- Cards can be issued to specific departments or employees with spending limits to help fight overspending and stay within budget. Limits can be set according to time periods, such as a week or a month, or per transaction.
For the best rates to merchants who receive Purchasing or Corporate cards, always enter the Sales Tax amount and/or Purchase Order number if prompted. The values entered are actually ignored, but if left blank or “0,” this may result in a downgraded transaction because Associations may presume it is higher risk. If your terminal or software does not prompt for these fields but you are sure you are receiving Corporate or Purchasing Cards, ask your Processor to include these prompts so you may enjoy lower rates on those transactions.
- PVV
- Abbreviation for “PIN verification value.” Discretionary value encoded in magnetic stripe of payment card.
- Quick Payment Service (QPS)
- Program designed to facilitate new penetration of card acceptance by targeting cash and convenience-oriented merchants. For example: fast food chains, movie theaters, and parking lots. Program offers lower rates for low ticket purchases, especially with debit or basic credit cards.
- QSA, Qualified Security Assessor
- company approved by the PCI SSC to conduct PCI DSS on-site assessments. For a list of QSAs, see www.pcisecuritystandards.org/pdfs/pci_qsa_list.pdf
- RDC, Remote Deposit Capture
- Remote deposit refers to the ability to deposit a check into a bank account from a remote location, such as an office or home, without having to physically deliver the check to the bank. This is typically accomplished by scanning a digital image of a check into a computer, then transmitting that image to the bank, a practice that became legal in the United States in 2004 when the Check Clearing for the 21st Century Act (or Check 21 Act) took effect. This service is typically used by businesses, though a remote deposit application for consumers has been developed[1] and has begun to be implemented by a handful of banks.[2] It should not be confused with:
- Direct deposit, which refers to the practice of posting an employee's weekly earnings directly to his or her bank account.
- Online deposit, which refers to a retail banking service allowing an authorized customer to record a check via a web application and have it posted, then mail in the physical check, giving the customer access to the funds before the check clears in the usual way. While this type of service does not involve a scanner nor take advantage of the Check 21 Act, it is also sometimes called remote deposit.
- Rebates
- A portion of the debit rate reimbursed to processors when customers pay merchants with a debit card, because debit cards carry very little risk (since the funds are immediately charged to customer’s bank account). The processor may or may not pass this rebate on to the merchant. Often, banks and processors keep this rebate as an extra profit for themselves. The rebate is typically 0.27% to 0.51%. This rebate exists thanks to a successful lawsuit in Walmart v. Visa U.S.A. & MasterCard International [2005]
For an informative article, see Debit Rebates
. - ROC, Report on Compliance
- Also referred to as “ROC.” Report containing details documenting an entity’s compliance status with the PCI DSS.
- Report on Validation
- Also referred to as “ROV.” Report containing details documenting a payment application’s compliance with the PCI PA-DSS.
- Response Code
- A number provided by a card issuing bank to a merchant explaining why a particular transaction was declined, or verifying the transactions acceptance. Also see Approval Code.
- Retrieval Request
- A retrieval request constitutes an issuer’s request for a transaction receipt, which could include the original, a paper copy or facsimile, or an electronic version of a transaction.
- Risk Analysis / Risk Assessment
- Process that identifies valuable system resources and threats; quantifies loss exposures (that is, loss potential) based on estimated frequencies and costs of occurrence; and (optionally) recommends how to allocate resources to countermeasures so as to minimize total exposure.
- Router
- Hardware or software that connects two or more networks. Functions as sorter and interpreter by looking at addresses and passing bits of information to proper destinations. Software routers are sometimes referred to as gateways.
- RSA
- Algorithm for public-key encryption described in 1977 by Ron Rivest, Adi Shamir, and Len Adleman at Massachusetts Institute of Technology (MIT); letters RSA are the initials of their surnames.
- Security Policy
- Set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information.
- Security Protocols
- Network communications protocols designed to secure the transmission of data. Examples of security protocols include, but are not limited to SSL / TLS, IPSEC, SSH, etc.
- SAQ, Self-Assessment Questionnaire
- Tool used by any entity to validate its own compliance with the PCI DSS.
- Settlement
- All transactions are not final for processing or payment until settlement, which occurs when all credit card transactions in the current Batch have been closed. Usually, a batch begins with the first transaction of the business day, and ends with the last transaction of the day before the Batch is closed (settled). During settlement, a report is electronically submitted to the processor finalizing the day’s sales as complete. Funds are deposited in the merchant’s account usually 48 business hours after the batch settlement. Voids can not be issued after settlement. Instead, a Credit must be issued within 90 days to refund the cardholder. (see also batch header fee).
- Settlement Network Access Fee
- Currently 0.3¢ — Applies to all U.S.-based settlement transactions. If your business is based in the U.S., the settlement network access fee will apply to all Visa settlement transactions.
- Standard Industrial Classification (SIC)
- Developed by the US Department of Commerce in 1937, a four-digit code established to classify each industry type. SIC is now being supplanted by the six-digit North American Industry Classification System (NAICS code), which was released in 1997. Some branches of government, including the Securities and Exchange Commission (SEC), still use SIC codes.
To find your business SIC code, visit the Melissa Database here: www.melissadata.com/lookups/sic.asp. - Smart Card
- Also referred to as “chip card” or “IC card (integrated circuit card).” A type of payment card that has integrated circuits embedded within. The circuits, also referred to as the “chip,” contain payment card data including but not limited to data equivalent to the magnetic-stripe data.
- SQL
- Acronym for “Structured Query Language.” Computer language used to create, modify, and retrieve data from relational database management systems.
- SSH, Secure Shell
- Protocol suite providing encryption for network services like remote login or remote file transfer.
- SSL, Secure Sockets Layer
- Established industry standard that encrypts the channel between a web browser and web server to ensure the privacy and reliability of data transmitted over this channel. Replaced by TLS.
- Standard
- A higher transaction rate penalized for verification failure or missed data entry.
- Straight Pass Through
- Pricing/billing style like Gross billing or Interchange Plus Pricing where all Interchange rates are “Passed Through” at actual cost to the Merchant, so that the Processor charges only fixed rate, without inflating Surcharges or withholding Rebates from the Merchant. (see article here on explanation
- Strong Cryptography
- Cryptography based on industry-tested and accepted algorithms, along with strong key lengths and proper key-management practices. Cryptography is a method to protect data and includes both encryption (which is reversible) and hashing (which is not reversible, or “one way”). Examples of industry-tested and accepted standards and algorithms for encryption include AES (128 bits and higher), TDES (minimum double-length keys), RSA (1024 bits and higher), ECC (160 bits and higher), and ElGamal (1024 bits and higher). See NIST Special Publication 800-57 (www.csrc.nist.gov/publications/) for more information.
- Surcharges
- on a gross statement refers to the difference between a basic consumer card at its lowest rate (commonly called vanilla or plain card) and the rate of the actual card used. Example: a Visa Reward card is 0.11% above a basic Visa. Therefore the Visa Rewards ’surcharge’ is 0.11% or 0.0011.
NOTE: Surcharges only apply to Gross billing statements because Interchange Plus lists all card types separately, without reference to other cards.
- Terminated Merchant List (TMF)
- Also called Match List. When you apply for a merchant account, the processor will check to see if you are on the Terminated Merchant File (TMF). If you’re on it, this means that another processor has terminated a merchant account with you, and sends up a red flag to processors and banks that you’re a credit risk.
The chances are slim to none of getting a merchant account once your name hits the Match List. Getting on the TMF list is the equivalent of getting blacklisted. It is nearly impossible to be removed from this list and it lasts forever. Always, always pay your bills on time to your Processor. Here are some reasons a Merchant may be put on the Match List:
- Credit card fraud — If your fraud detection controls aren’t strong enough you could end up with too many chargebacks.
- Friendly fraud — This is when a consumer disputes a legitimate charge such as from an adult website.
- Factoring — Factoring is when a merchant deposits transactions for sales generated by another business.
- Excessive chargebacks — When chargeback rate is >1% of total sales, calculated monthly and cumulatively.
- Fraud — Types of fraud include not delivering products or misrepresenting products or services.
- Violating the merchant agreement.
- Owing money to a Processor.
- TID, Terminal ID
- A unique identification number assigned to a specific point of sale (POS) device by the Acquirer.
- TLS
- Abbreviation for “Transport Layer Security.” Designed with goal of providing data secrecy and data integrity between two communicating applications. TLS is successor of SSL.
- TPA - Third Party Agent (or Agency)
- an entity, not registered with Visa or MasterCard that provides payment related services, directly or indirectly, to the Visa or MasterCard client and stores, processes or transmits account numbers. TPAs perform multiple fnctions on the issuing and acquiring side of a Visa/MC client's business.
This term is inclusive and replaces the old terminology of ISO, TPS, ESO, and Merchant Services (MS).
A TPA can perform any or all of the functations of an ISO, TPS, ESO, and MS. Each funcation performed by the TPA ust be registered by each Visa client that is utilizing those services. TPA funcations that require registration include but are not limited to:
- TPS - Third Party Servicer
- see TPA, Third Party Agent
- Travel & Entertainment (T & E) Card
- A rewards card issued with incentives for making purchases where cash back or extra points are rewarded to the Cardholder when used at certain businesses including restaurants, airlines, hotels, car rental or tourism merchants. These merchants will pay a slightly higher interchange rate for these transactions. May be called “Perk” or “Perquisite” cards and some examples include Visa Rewards, Visa Signature Preferred, MasterCard World, Diners Club, Carte Blanche, American Express, etc.
- Truncation
- Method of rendering the full PAN unreadable by permanently removing a segment of PAN data. Truncation relates to protection of PAN when stored in files, databases, etc. See Index Token for protection of PAN when displayed on screens, paper receipts, etc.
- VAR Sheet
- A sheet used by Value Added Resellers to assist in setting up the account.
- Virtual Terminal
- See also POS. A credit card terminal run from the computer screen, iPhone or other smartphone or handheld device which runs in a window via web browser or other software application, rather than using dedicated hardware like a physcial credit card terminal. Examples include Transaction Central, SkipJack and Authorize.Net.
- Voice Authorization
- A Preapproval Authorization performed over the phone by a Merchant to verify funds on a card holder’s credit card or the validity of a customer credit card prior to charging the transaction.
This is often done when a credit card terminal is not working or the phone or network connection is down, preventing an electronic approval. Note that this guarantees funds to merchant for up to 30 days and places a hold on the customer’s funds for 10-21 days unless the authorization is Voided. This is NOT the same as processing the transaction and will not result in a sale until this is followed by a Forced Authorization and Settlement of the Batch.
To do a Voice Authorization, you will require the Voice Auth phone number from your Processor, your Merchant ID number (MID#), the credit card number, expiration date and the purchase amount. Once approved, you should save the Approval Code as you will need this to complete the sale later on your terminal, POS, software, online or directly with your Processor. The call may or may not be with a live operator, as it could be an automated service requiring touch tone prompts or utilizing voice recognition.
- Void
- A void transaction describes a credit card transaction that has been deleted before settlement (close of batch). The transaction amount has only been authorized to the card holder’s account, therefore the cardholder should see that no funds were removed and card holder’s balance will clear the authorization amount within 24-48 hours. This is much faster than issuing a Credit, which may take 48-72 hours or more for funds to be reversed back to the cardholder’s account.
- Visa Signature Preferred (VSP)
- A Rewards card from Visa offering cash back or points incentives. These cards are a higher rate to merchants. See Travel & Entertainment Cards.
- WEP
- Acronym for “Wired Equivalent Privacy.” Weak algorithm used to encrypt wireless networks. Several serious weaknesses have been identified by industry experts such that a WEP connection can be cracked with readily available software within minutes. See WPA.
- World Card
- One of MasterCard's Rewards cards. See Travel & Entertainment Cards.
- WPA/WPA2
- Abbreviation for “WiFi Protected Access.” Security protocol created to secure wireless networks. WPA is the successor to WEP. WPA2 was also released as the next generation of WPA.
- Zero Floor Limit Fee
- Currently 20¢ — Visa's Zero Floor Limit applies to cleared transactions that can’t be matched to a previously approved or partially-approved authorization. In short, it applies to settlement transactions submitted without a proper authorization. Introduced October 2009.
From Visa: A merchant settles a transaction without a valid approval code (or makes up an approval code).
- Zero Interchange Program
- MasterCard has defined a Zero Interchange Program under MasterCard's Business Service Arrangement. They will anticipate the need to use the zero interchange logic in the event of an exceptional circumstance that would warrant an immediate adjustment to merchant level fees, such as a natural disaster. To support this program, we will be adding a Zero Interchange Program Flag and will house a Zero Interchange Start Date and a Zero Interchange End Date. These dates will define the period of time for which interchange fees would not be applied to the eligible merchant. Introduced April 2007
# | Status | Message |
00 | APPROVED | APPROVED AND COMPLETED |
01 | CALL | REFER TO ISSUER |
02 | CALL | REFER TO ISSUER-SPECIAL CONDITION |
03 | TERM ID ERROR | INVALID MERCHANT ID |
04 | CALL/PICK UP CARD! | PICK UP CARD (NO FRAUD) |
05 | DECLINE | DO NOT HONOR |
06 | ERROR XXXX | GENERAL ERROR |
07 | CALL/PICK UP CARD! | PICK UP CARD, SPECIAL CONDITION (FRAUD ACCOUNT) |
12 | INVALID TRANS | INVALID TRANSACTION |
13 | AMOUNT ERROR | INVALID AMOUNT |
14 | CARD NO. ERROR | INVALID CARD NUMBER |
15 | NO SUCH ISSUER | NO SUCH ISSUER |
19 | RE-ENTER | RE-ENTER TRANSACTION TRANSACTION |
21 | NO ACTION TAKEN | UNABLE TO BACK OUT |
28 | NO REPLY | FILE IS TEMPORARIY UNAVAILABLE |
39 | NO CREDIT ACCT | NO CREDIT ACCOUNT |
41 | CALL/PICK UP CARD! | LOST CARD, PICK UP (FRAUD ACCOUNT) |
43 | CALL/PICK UP CARD! | STOLEN CARD, PICK UP (FRAUD ACCOUNT) |
51 | DECLINE | INSUFFICIENT FUNDS |
52 | No Check Account | NO CHECKING ACCOUNT |
53 | NO SAVE ACCOUNT | NO SAVINGS ACCOUNT |
54 | EXPIRED CARD | EXPIRED CARD |
55 | WRONG PIN | INCORRECT PIN |
57 | SERV NOT ALLOWED | TRANSACTION NOT PERMITTED-CARD |
58 | SERV NOT ALLOWED | TRANSACTION NOT PERMITTED-TERMINAL |
61 | DECLINE | EXCEEDS WITHDRAWAL LIMIT |
62 | DECLINE | INVALID SERVICE CODE, RESTRICTED |
63 | SEC VIOLATION | SECURITY VIOLATION |
65 | DECLINE | ACTIVITY LIMIT EXCEEDED |
75 | PIN EXCEEDED | PIN TRIES EXCEEDED |
76 | UNSOLIC REVERSAL | UNABLE TO LOCATE, NO MATCH |
77 | NO ACTION TAKEN | INCONSISTENT DATA, REV., OR REPEAT |
78 | NO ACCOUNT | NO ACCOUNT |
79 | ALREADY REVERSED | ALREADY REVERSED AT SWITCH |
80 | DATE ERROR | INVALID DATE |
81 | ENCRYPTION ERROR | CRYPTOGRAPHIC ERROR |
82 | CASHBACK NOT APP | CASH BACK LIMIT EXCEEDED |
83 | CAN'T VERIFY PIN | CANNOT VERIFY PIN |
85 | CARD OK | NO REASON TO DECLINE |
86 | CAN'T VERIFY PIN | CANNOT VERIFY PIN |
91 | NO REPLY | ISSUER OR SWITCH IS UNAVAILABLE |
92 | INVALID ROUTING | DESTINATION NOT FOUND |
93 | DECLINE | VIOLATION, CANNOT COMPLETE |
94 | DUPLICATE TRANS | UNABLE TO LOCATE, NO MATCH |
96 | SYSTEM ERROR | SYSTEM MALFUNCTION |
B1 | SURCHARGE NOT ALLOWED | SURCHARGE AMOUNT NOT PERMITTED ON VISA CARDS OR EBT FOOD STAMPS |
B2 | SURCHARGE NOT ALLOWED | SURCHARGE AMOUNT NOT SUPPORTED BY DEBIT NETWORK ISSUER |
CV | FAILURE CV | CARD TYPE VERIFICATION ERROR |
EA | ACCT LENGTH ERR | VERIFICATION ERROR |
EB | CHECK DIGIT ERR | VERIFICATION ERROR |
EC | CID FORMAT ERROR | VERIFICATION ERROR |
HV | FAILURE HV HIERARCHY | VERIFICATION ERROR |
N3 | CASHBACK NOT AVL | CASH BACK SERVICE NOT AVAILABLE |
N4 | DECLINE | EXCEEDS ISSUER WITHDRAWAL LIMIT |
N7 | CVV2 MISMATCH | CVV2 VALUE SUPPLIED IS INVALID |
R0 | STOP RECURRING | CUSTOMER REQUESTED STOP OFSPECIFIC RECURRING PAYMENT |
R1 | STOP RECURRING | CUSTOMER REQUESTED STOP O FALL RECURRING PAYMENTS FROM SPECIFIC MERCHANT |
For terms not listed here, visit the Glossary at FDIC.gov here.
- 2, 3 or 4 Tier Billing
- AAA
- ABA
- Access Control
- Account Number
- ACH
- Acquirer
- Acquiring Bank
- Acquirer Processing Fee (APF)
- Acquirer Program Support Fee
- AES
- AFD
- Aggregate Fee Percentage
- Approval Code
- Approved Scanning Vendor
- ASV
- Assessment
- Association
- Authentication
- Authentication Credentials
- Authorization
- Authorization Approval Code
- Authorization Response Code
- AVS
- AVS Response Code
- Basis Point
- Batch
- Batch Header Fees
- Bank Identification Number/BIN
- Blind Credit
- Chargebacks
- CERT
- Check Conversion
- Check Guarantee
- Check Reader
- Check Verification
- CIS
- Compensating Controls
- Corporate Purchasing Card
- CPS
- Credits
- Cross Border Assessment Fee
- Cryptoperiod
- CVV / CVV2
- Data Usage Fee
- DDA Demand Deposit Account
- Degaussing
- Discount Rate
- DSS
- EBT
- EDC
- EDI
- EIRF
- Effective Rate
- Electronic Draft Capture (EDC)
- Elite Card
- Enhanced Card
- ESN
- ESO
- ETF
- Factoring
- Firewall
- Flat Rate Billing
- Fleet Cards
- Floor Limit
- Forced Sale/Auth
- Front Rate
- Gateway
- Government Card
- Ghost Authorization
- Gross Billing
- GSA
- Hashing
- IIN / I.I.N.
- Independent Sales Organization
- Index Token
- Interchange
- Interchange Compliance
- Interchange Plus
- Interchange Reimbursement Fee
- International Acquirer Fee
- International Service Assessment Fee
- International Processing Fee
- International Service Fee
- Internet Protocol
- IP
- IP Address
- IP Spoofing
- ISO
- Issuer Identification Number
- Issuer Response Code
- Issuing Bank
- Large Ticket
- Level 1
- Level 2
- Level 3
- Loyalty Card
- Match List
- Merit Cards
- Major Industry Identifier (MII)
- Merchant Category Code (MCC)
- MCC / M.C.C.
- MICR
- Middleware
- Mid Qualified Rate
- Misuse of Authorization Fee
- NABU / N.A.B.U.
- NEC / N.E.C.
- Network
- Network Access and Brand Usage Fee
- Network Security Scan
- No Signature Required (NSR)
- Non Qualified Rate
- NSR
- Offline Debit
- Offline Sale
- Online Debit
- PA-QSA
- Payment Application
- PAN
- Payment Cards
- PCI Compliance
- PCI SSC
- PED
- PII
- PIN / P.I.N.
- POI
- POS / P.O.S.
- Post Authorization
- Preapproval Authorization
- Prior Authorized Sale
- Processing Integrity Fee
- Processor
- Purchasing Cards
- PVV
- Qualified Security Assessor
- QSA
- Quick Payment System (QPS)
- RDC
- Rebates
- Remote Deposit Capture
- Report on Compliance, ROC
- Report on Validation, ROV
- Response Code
- Retrieval Request
- Risk Analysis, Risk Assessment
- Router
- RSA
- SAQ
- Security Policy
- Security Protocols
- Self Assessment Questionnaire
- Settlement
- Settlement Network Access Fee
- SIC / S.I.C.
- Smart Card
- SQL
- SSC
- SSH
- SSL
- Standard Industry Code (SIC)
- Standard
- Straight Pass Through
- Strong Cryptography
- Surcharges
- Terminal ID
- Terminated Merchant List (TMF)
- TID
- Tier Billing
- TLS
- TPA
- TPS
- Truncation
- Travel & Entertainment (T&E) Card
- VAR sheet
- Virtual Terminal
- Visa Signature Preferred (VSP)
- Voice Authorization
- Void
- WEP
- World Cards
- WPA / WPA2
- Zero Floor Limit Fee
- Zero Interchange Program
Call Merchant Service Group at
(800) 545 1995
or click to send us an email.