Terms to Know

Acquirer

Also referred to as “acquiring bank,” “acquiring financial institution,” or “merchant acquirer.”  An acquirer is an organization licensed as a member of Visa/MasterCard that is in the business of processing credit card transactions for businesses (acceptors) and is always acquiring new merchants for the acceptance of payment cards.

Interestingly enough, many merchants don’t recognize their acquiring bank as the primary provider of their merchant account.  Acquiring banks are playing an increasingly hands-off role as the bankcard system evolves.  Acquiring banks often enlist the help of third-party independent sales organizations (ISO) and membership service providers (MSP) to conduct and monitor the day-to-day activities of their merchant accounts.

Affinity Card

A credit card offered in conjunction with two organizations, one a card issuer and the other a non-financial group with which consumers have an affinity.  Universities, sports franchises and non-profit organizations are examples of affinity groups that often offer special discounts or deals for using their credit cards issued in partnership with a major bank.

American Express

American Express Company, also known as AmEx, is an American multinational financial services corporation headquartered in Three World Financial Center, Manhattan, New York City, New York, United States. Founded in 1850, it is one of the 30 components of the Dow Jones Industrial Average. The company is best known for its credit card, charge card, and traveler's cheque businesses. Amex cards account for approximately 24% of the total dollar volume of credit card transactions in the U.S.

Approval Code

See Authorization Code.

Approval Response

An authorization response that is received when a transaction is approved.

Authentication

Process of verifying identity of an individual, device, or process.  Authentication typically occurs through the use of one or more authentication factors such as:

  • Something you know, such as a password or passphrase
  • Something you have, such as a token device or smart card
  • Something you are, such as a biometric

Fraud-protection tools in card-processing equipment, including address verification (AVS) and card code verification (CCV) systems, aid in the authentication process, which is essential in Internet, phone and mail orders where the card is not present.  Checking signatures and asking for other forms of ID also aid in authenticating card-present transactions.

Authorization

Granting of access or other rights to a user, program, or process.  For a network, authorization defines what an individual or program can do after successful authentication.  For the purposes of a payment card transaction, authorization occurs when a merchant receives transaction approval after the acquirer validates the transaction with the issuer/processor.

Authorization Code

Also called, “Approval Code.”  A code that an issuer or its authorizing processor provides to indicate approval for an authorization request.

Authorization Only

A transaction that is created to reserve an amount against a credit card’s available limit for intended purchases; the actual settlement may occur within three to five days, depending on the card type.

Bank Identification Number (BIN)

The first six digits of a credit or debit account number.  This number is used to identify the card-issuing institution.

Batch Settlement

The closing (settlement) of all credit-card transactions (batch) for a business day, or other designated time period.  Merchants may perform this closeout manually, or the merchant account will be set up to automatically settle a batch of transactions before funds are cleared.  See Clearing also.

Card Association

Visa and MasterCard are not banks and do not issue credit cards or merchant accounts; instead, they act as a custodian and clearing house for their respective card brand.  They also function as the governing body of a community of financial institutions, ISOs and MSPs that work together in association to support credit card processing and electronic payments — hence the name, “card associations.”  Card Associations govern the members of their associations, including interchange fees and qualification guidelines, act as the arbiter between issuing and acquiring banks, maintain and improve the card network and their brand, and generate profit.  Visa uses their VisaNet network to transmit data between association members, and MasterCard uses their Banknet network. 

Note that American Express is not a card association; American Express issues credit lines and physical cards on its own without an association of other financial institutions, ISOs and MSPs.

Card Issuer

Any association member financial institution, bank, credit union, or company that issues, or causes to be issued, plastic cards to cardholders.

Card Member

An individual to whom a card is issued, or who is authorized to use an issued card.

Card Reader

A device that is capable of reading the encoding on plastic cards.

Card Verification Code or Value

Also known as Card Validation Code or Value, or Card Security Code.  Refers to either: (1) magnetic-stripe data, or (2) printed security features.

  1. Data element on a card's magnetic stripe that uses secure cryptographic processes to protect data integrity on the stripe, and reveals any alteration or counterfeiting. Referred to as CAV, CVC, CVV, or CSC depending on payment card brand.  The following list provides the terms for each card brand:
    • CAV - Card Authentication Value (JCB payment cards)
    • CVC - Card Validation Code (MasterCard payment cards)
    • CVV - Card Verification Value (Visa and Discover payment cards)
    • CSC - Card Security Code (American Express)
  2. For Discover, JCB, MasterCard, and Visa payment cards, the second type of card verification value or code is the rightmost three-digit value printed in the signature panel area on the back of the card.  For American Express payment cards, the code is a four-digit non-embossed number printed above the embossed primary account number on the face of the payment cards.  The code is uniquely associated with each individual piece of plastic and ties the primary account number to the plastic.

Charge Card

A payment card that requires a full payment of the charge each billing cycle by the statement due date. Unlike credit cards, which give borrowers a revolving line of credit that can be accessed and paid down over time, charge cards do not allow balances to be carried forward and do not charge an interest rate. American Express began as a charge card and continues to offer these types of products (like the Green, Gold and Platinum American Express cards) in addition to general use credit cards.

Chargeback

A transaction returned through interchange by an issuer to an acquirer.  A transaction may be returned because it was non-compliant with the association rules and regulations or because a cardholder disputed the transaction.

Clearing

The process by which the acquirer sends purchase information to the card network which in turn sends it to the issuing institution. The issuer then prepares the information for the card member’s statement.

Compensating Controls

Compensating controls may be considered when an organization cannot meet a PCI DSS requirement explicitly as stated, due to legitimate technical or documented business constraints, but has sufficiently mitigated the risk associated with the requirement through implementation of other controls. 

Compensating controls must: (1) Meet the intent and rigor of the original PCI DSS requirement; (2) Provide a similar level of defense as the original PCI DSS requirement; (3) Be “above and beyond” other PCI DSS requirements (not simply in compliance with other PCI DSS requirements); and (4) Be commensurate with the additional risk imposed by not adhering to the PCI DSS requirement. 

Pages