CubeIQ Home | Home  |  Privacy Policy  |  Term of Use




Glossary A - M

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z


AADS (Account Authority Digital Signature): A payment mechanism where smart cards and PIN codes interact to generate a unique digital signature for each transaction. Removes the need for third-party authorization of payments, thereby reducing the risk of payment details being intercepted in transit.

Acquirer or aquiring bank: The institution or organization where a merchant has an account to process transactions and credit payments.

ADVT (Acquirer Device Validation Toolkit): Series of tests developed to enable chip card acquirers and device vendors to validate the configuration of their EMV chip-reading devices. Chip acquirers must use ADVT on each type of EMV chip-reading device if a new hardware or payment-related configuration is introduced or new payment software is installed. For more information see:

ASP (Application Service Provider): A body which licenses, maintains and rents third-party software systems to business clients.

Audit Trail: For recording purposes, messages created as a by-product of data processing runs or mechanized operations.

Authentication: A term describing the process of identification of individuals and businesses through the use of digital certificates.

Authorization: This is the process where permission is granted by the card issuer (the financial institution) allowing the payment transaction to proceed. It is during this process that the issuing bank checks that the available credit on the card is not exceeded.

back to top

Batch: A composite of captures and credits accumulated over a period of time, although generally no more than one day, which are waiting to be settled with the merchant's acquiring financial institution.

Batch Close: The process of sending a batch to the financial institution for settlement.

Biometrics The measurement of a living trait used to control access. Refers to the interpretation of personal traits for access control purposes in place of password or ID verification systems.

BSP (Business Service Provider): An emerging breed of software developer which rents its services to vertical industries such as banking or airlines.

Browser plug-in: Additional software that is installed on your computer, which extends the functionality of your Web browser.

back to top

Capture: A procedure performed on a previously authorized transaction after a merchant has shipped goods or services to the customer. This transaction triggers the movement of funds from the issuer to the acquirer and then to the merchant's account.

Cardholder: An individual or business that has established an account with a credit or debit card issuer. A cardholder is eligible to initiate a payment card transaction.

Card-not-present (CNP): A transaction where the merchant, retailer or other service provider does not have physical access to the payment card. Examples include transactions by telephone, mail order or the Internet.

CDMA (Code-Division Multiple Access): A type of circuit-switched mobile network.

CDPD (Cellular Digital Packet Data): A standard capable of transmitting Web data to PDAs such as Palm Pilots. Whenever a lag occurs in data transmission, CDPD squeezes data into reserved spaces between analog cell channels. Although this data is low priority, carriers charge per packet.

Check 21: The Check Clearing for the 21st Century Act (Check 21) was signed into law on October 28, 2003, and became effective on October 28, 2004 in the U.S. Check 21 is designed to make the payments system more efficient by reducing legal impediments to check truncation. It creates a new negotiable instrument called a substitute check, which permits banks to truncate original checks, to process check information electronically, and to deliver substitute checks to banks that want to continue receiving paper checks. A substitute check is the legal equivalent of the original check and includes all the information contained on the original check.

Chip card: Also known as a smart card or integrated circuit card. A chip card contains a secure computer chip that can store and process information; chip cards usually also have a magnetic stripe.

Chip-and-PIN card: A payment card containing a chip that requires the use of a PIN as the method of cardholder verification at the point-of-sale as well as at ATMs. See the entry for EMV, the global standard for chip-and-PIN cards.

Common Electronic Purse Specification (CEPS):Initially developed by Visa before being handed over to the CEPSCO LLC industry consortium, this is a standard for the global interoperability of smart cards.

Certificate Authority (CA): This is the service provided by a bank or third-party company which digitally signs public keys sent to it by a Web browser or by the merchant's server software. The CA issues and validates users' digital certificates.

Challenge-Response: A common authentication technique for smart cards whereby an individual is prompted (the challenge) to provide some private information (the response). The in-built security system presents a code (the challenge) to the user, which he or she enters into the smart card. This generates a new code (the response) that the user can present to log in.

Credit: A transaction resulting in a credit to a cardholder's account.

Cryptography: The practice of digitally "scrambling" a message using a secret key or keys.

CSP (Commerce Service Provider): Enterprises resembling utilities firms in functioning as server farms to host ASPs and eCommerce ventures.

back to top

Digital Cash: Two main mechanisms in that "digital coins" can be downloaded to the user's PC from a participating bank, or a digital money account can be set up with a bank. Both (encrypted) forms of cash can be sent to merchants for payment.

Digital Certificate: Online identification that authenticates a consumer, merchant and a financial institution. Digital certificates are used to encrypt information exchanged in e-commerce transactions. A certificate is a public key that has been digitally signed by a trusted authority (the financial institution) to identify the user of the public key.

Digital Money: The same as digital cash but can also involve the use of software-based secure credit card transactions.

Digital Receipt Infrastructure: (DRI) Utilizing this infrastructure enables consumers and organizations to prove that electronic transactions and events actually took place. In legal terms, these serve as a digital trail, as opposed to a paper trail.

Digital Signatures: An electronic signature, which cannot be forged. Instead it is generated from a computed digest of the text that is encrypted and sent with the text message. The recipient decrypts the signature and retrieves the digest from the received text. If the digests match, the message is authenticated and proved to be from the sender.

Digital Wallet: Software that provides the equivalent of a wallet for electronic commerce. A digital wallet, or e-wallet, holds digital money that you purchase similar to travelers' checks. A wallet may also hold your credit card information along with a digital certificate that identifies you as the authorized cardholder.

Disintermediation: The practice of cutting out the middleman to achieve convenience, savings and fast turn-around time for consumers. Refers to the bypassing of traditional retail channels for direct selling by Web-based companies.

back to top

ECML (Electronic Commerce Modeling Language): A standard developed by a consortium of industry players including American Express, Compaq, Dell, IBM, Microsoft, VeriFone and Visa USA. Consequently, one-click purchasing at all compatible Web sites is facilitated. See the ECML site for more details.

ECC (Elliptic Curve Cryptography): Cryptographic solution requiring less bandwidth to offer increased security for online transactions. Twice as much power is needed to crack a 97-bit ECC key than a 512-bit RSA key.

EDGE (Enhanced Data rate for Global Evolution): Enhancement for GSM and TDMA networks, taking packet delivery to speeds of 384Kbits/s. Based on 2G standards but often classified as a 3G protocol.

Electronic Bill Presentment and Payment (EBPP): Comprising two components of Internet billing, this term refers to online electronic bill presentment and payment. Bill presentment involves the online delivery of bills to customers, with electronic payment instead of through paper check.

Electronic Checks:Electronic checking systems take money from users' checking accounts to pay utility and phone bills.

Electronic Commerce (e-commerce): A term given to all types of transactions that are conducted using digitally-transmitted data methods.

Electronic Document Interchange (EDI): The electronic communication of business transactions, such as orders, confirmations and invoices

Electronic Wallet: Software, residing as a plug-in in the Web browser, that enables a cardholder to conduct online transactions, manage payment receipts and store digital certificates. Like your real wallet, your digital wallet stores your credit card number and shipping details.

EMV: Acronym for "Europay, MasterCard, Visa." EMV is a set of specifications covering chip-based debit/credit cards and associated point-of-sale terminals, ATMs and applications. The global EMV standard supports applications enabling issuers, retailers and consumers to start using chip cards and terminals with added security. The term 'EMV compatible' is used when referring to terminals or chip cards which meet the EMV specifications. The EMV specifications are divided into three parts: card specification, terminal specification, and application specification. The latest version of EMV is known as EMV2000, Integrated Circuit Card Specification for Payment Systems, Version 4.0, December 2000.

EMVCo: The legal structure created by Europay International S.A., MasterCard International Incorporated, and Visa International Service Association for smart card interoperability specifications and associated type approval procedures.

EMV Level 2 Certification: Certification that shows a payment software kernel can support EMV chip-based transactions. Ensures that the applications on the card and the device will have the same understanding of what particular words or commands mean. See EMVCo web site for further details.

EMV Scripting: After an EMV card is issued, chip technology enables changes to the card risk parameters to be made through the means of scripts, for example, changing credit limits. When an EMV card is inserted in a chip-and-PIN card reader, a new, updated script is written to the card's chip. [Source: Aconite]

ETSI (European Telecommunications Standards Institute): A non-profit organization whose mission is to determine and produce the telecommunications standards that will be used for decades to come.

European Payments Council: The EPC is the industry body formed to implement a Single Euro Payment Area (SEPA) for Europe. See SEPA.

Extranet: An extension of a company's intranet. Extranets connect the internal network of one company with the intranets of its customers and suppliers. A combination of Intranets, extranets and the Internet makes it possible to create applications covering all aspects of a business relationship, from ordering to payment.

back to top

F No entries yet. Would you like to submit one?

back to top

Gateway: An electronic application that accepts transactions from online merchant storefronts and routes them to a financial institution's processing system.

GlobalPlatform: An international association which establishes and maintains interoperable specifications for single- and multi-application smart cards, acceptance devices and systems infrastructure.

GPRS (General Packet Radio Services): An extension of the GSM standard allowing the transmission of packet data to wireless devices at speeds of up to 150 kbps.

back to top

HDML (Handheld Device Markup Language): A markup language adapting Web content for display on mobile handheld devices such as cell phones, pagers or PDAs.

HSCSD (High Speed Circuit Switched Data): A software upgrade for the GSM standard which provides enhanced, cost-effective high speed data services across existing networks.

back to top

Identrus: A global banking consortium established to "trust-enable" every stage of a transaction through to actual payment. Promotes the use of PKI systems within the financial industry. See Public Key Infrastructure.

Interchange: The interchange fee is the amount that an acquirer (i.e. the merchant's bank) pays to the issuer (i.e. the cardholder's bank) for a card transaction. Visa and MasterCard receive no portion of the interchange fee. The level of interchange is determined by many different factors according to the way the transaction occurred and the type of card used. Issuing banks receive the interchange to compensate for investments they make and costs they incur in card innovation, exception handling, fraud measures, payment guarantee, preparing and issuing cardholder statements.

Internet Keyed Payment (IKP): Created by IBM, a group of secure payment protocols to enable customers purchase goods and services securely over the Web see

Intranet: An internal company network based on Internet protocol. Intended for speedy and convenient distribution of corporate information.

IMT-2000 (International Mobile Telecommunications-2000): An ITU-approved standard, employing 3 wideband-CDMA (W-CDMA) specifications. The single carrier portion is intended as a 3G bridge for current GSM networks.

Issuer: A financial institution that issues payment cards, such as credit or debit cards.

back to top

J No entries yet. Would you like to submit one?

K No entries yet. Would you like to submit one?

L No entries yet. Would you like to submit one?

back to top

MAOSCO: The open industry consortium behind the MULTOS smart card operating system. A full member of the European Telecommunications Standards Institute (ETSI).

MasterCard Cardholder Authentication Protocol (CAP): A two-factor authentication technology involving the use of a chip-and-PIN card such as a credit card or debit card and a chip card reader for cardholder-not-present transactions such as online shopping. The cardholder enters their card in the reader along with a PIN, and the reader calculates a one-time code which the cardholder then enters on the e-commerce Website. The code is then transmitted to the issuer for transaction authentication. See cardholder-not-present and two-factor authentication.

MasterCard SecureCode: A program supporting cardholder authentication and guaranteed payments over the Internet for MasterCard credit card and Maestro debit card transactions. It involves the use of a private code known only to the cardholder and their bank. Similar to Verified by Visa in that no hardware is involved. See Verified by Visa.

MEPS: Malaysian Electronic Payment System, a joint venture payment gateway established by 18 banks in Malaysia. (see

Merchant: Collective term applied to Web-based eTailers who may have online storefronts.

Message digest The basis for Digital Signatures in providing a digest of the random message being transmitted. As a result, they are difficult to reverse.

Micro payments: Low-cost transactions of between 25c and $10. Payments are typically made prior to downloading graphics, games, and information.

MULTOS: Abbreviation for Multiple Operating System, comprises a platform for smart card development. Favored by MasterCard, Mondex and Discover card brands.

MVNO (Mobile Virtual Network Operator): A MVNO buys airtime from a real operator. Under this model, banks can become a mobile operator and leverage mobile payments and top-up accounts to their profit.

back to top


Glossary N - Z

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z


Near Field Communications (NFC): A short-range, wireless connectivity technology that allows consumers to perform safe, contactless transactions, access digital content, and connect electronic devices with a single touch. Consumers with NFC-enabled mobile phones may, for example, leave their wallets at home and use their phones to enact contactless financial transactions, or to gain electronic access to public transportation.

Non-repudiation: Process by which a customer cannot deny having paid for an order after it is conducted.

back to top

Online Storefront: A Web site containing e-commerce software, which offers goods and services for sale. An online storefront is the equivalent of a store or place of business that a customer would visit to purchase goods and services.

Open Financial Exchange (OFX): A financial data markup language to facilitate online data exchanges between businesses, consumers and financial institutions. Holds implications for online banking in its support of real-time online transactions on Web sites and in financial software. (See:

Open Trading Protocol (OTP): Protocol to align various electronic payment mechanisms and render them interoperable. Mainly used for transactions in the financial services sector.

back to top

Point of Sale: In the physical world, this is the point at which a product is paid for and delivered. On the Internet, this is the software that enables the merchant to accept transactions on their online storefronts, and conduct follow-on transactions with their financial institution.

Payment Card Industry Data Security Standard (PCI DSS): A set of requirements established by the Payment Card Industry Security Standards Council to protect cardholder data including PINs and Card Verification Code(CVC2) and Card Verification Value (CVV2), the three-digit security codes printed respectively on the back of MasterCard and Visa cards. These requirements apply to all members, merchants, and service providers that store, process, or transmit cardholder data. The founders of the PCI Security Standards Council are American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International.

Payment Card Industry (PCI) certification: Ensures that a cardholder PIN is handled securely regardless of whether it is from POS, ATM or unattended devices. PCI certification overs all aspects of PIN security from PIN encryption during online PIN validation through to making sure the keypad electronics cannot be tampered with. Get more details at Visa's Payment Card Industry (PCI) Web site.

PED: acronym for Personal Identification Number (PIN) entry device used in point-of-sale and ATM transactions.

Prepaid card: Prepaid cards are reloadable cards that are preloaded with an amount paid for in advance. They are intended as a replacement for paper vouchers. Examples of prepaid cards include mobile phone airtime or landline long-distance cards. Prepaid cards issued by banks, retailers or other financial institutions can also be used for purchases in stores.

Public key encryption: An encryption system using two keys, namely a public key for encrypting messages and a private key for decrypting messages, to enable users to verify each other's messages without exchanging secret keys.

Public key infrastructure: (PKI) An interoperable security solution incorporating the use of digital signatures to ensure the integrity of transmitted information. Also supports user authentication and non-repudiation.

back to top

Q No entries yet. Would you like to submit one?

R No entries yet. Would you like to submit one?

back to top

SCSUG (Smart Card Security Users Group): Established by the major card organizations to establish recommendations for chips and operating systems within smart cards. Is defining a protection profile for both credit and debit applications, based on recommendations for chip card security.

Secure HyperText Transfer Protocol (S-HTTP):A secure version of HTTP, providing general transaction security services over the Web.

Secure Sockets Layer (SSL): A public security protocol developed by Netscape, creating a secure link between a Web server and its communicating browser. In an SSL session, all data sent is encrypted. SSL does not authenticate either the sender or the receiver.

SEPA: The Single Euro Payments Area (SEPA) is a public policy initiative to create a single integrated payments environment for the Euro zone. Under SEPA, European consumers, companies and other economic players will be able to make and receive payments in Euros (whether cross-border or within national boundaries) under the same terms and conditions, regardless of their location. The fee for SEPA domestic bank transfers, for example, will be the same as cross-border Euro zone transfers. The SEPA program is being led by the European Payments Council, which brings together the European banking community and is supported by the European Commission (EC) and the European Central Bank (ECB).

SEPA Cards Framework: On March 8, 2006, the European Payments Council (EPC) approved the SEPA Cards Framework (SCF), setting out the requirements for schemes and national banking communities to deliver on SEPA for card payments. The current SCF applies to the 12 countries of the Euro Zone, as well as to all Euro payments in the European Union. The SCF applies to "general-purpose" cards - defined as all guaranteed payments (credit, charge and debit card) and cash withdrawals. The primary focus is on debit cards, as most major credit card schemes are largely SEPA-compliant already. National-use only electronic purse and private-label and bank-proprietary cards are outside the scope of the SCF.

Settlement: The step in the clearing process when the acquirer credits the merchant account with the amount of a credit card purchase, and the bankcard association (such as Visa and MasterCard) credits the acquirer and debits the card issuer for the transaction.

Shopping Basket: As you shop online, you add items to your 'virtual' shopping basket. The basket is simply a list of the items you have selected to buy, together with the necessary details (number selected, price of each item etc). You can review what's in your basket at any time as you shop.

Smart card: See chip card.

back to top

Transaction: This is any action between a cardholder and a merchant that results in activity on the account, such as an authorization and settlement. Merchants and financial institutions also conduct follow-on transactions that affect the cardholders' account, such as a capture and credit.

TCPA (Trusted Computing Platform Alliance): Initiative by several PC vendors to collectively establish a security standard for B2B transactions. Participants are to develop hardware and software security specifications for release by the second half of 2000 prior to licensing to the PC industry.

Time Division Multiple Access (TDMA): Circuit-switching mobile data network transferring data between a mobile device and a base station.

Transaction Layer Security (TLS): A revision of SSL to offer increased security mechanisms within the protocol.

Two-factor authentication: The use of a hardware device, or additional software, as an extra layer of security on top of the standard password and user name. MasterCard Cardholder Authentication Protocol is an example of a two-factor authentication system.

back to top

UMTS: Stands for Universal Mobile Telecommunications System, part of the International Telecommunications Union’s vision of a global family of ’third-generation’ (3G) mobile communications systems. A key role is expected in the future mass market for high-quality wireless multimedia communications that will approach 2 billion users worldwide by the year 2010

UCAF (Universal Card Authentication Field): A 32-character hidden field that is embedded at Web storefronts to collect authentication data generated by issuers and cardholders, and create a unique cardholder authentication for each transaction, which is then forwarded to the issuer, with the authorization request.

back to top

Verified by Visa: An online security tool providing an extra layer of fraud protection for participating merchants and consumers. Using Verified by Visa, consumers register their existing Visa cards and then use their chosen personal identification number (PIN) to confirm their identity when shopping online in the same way that a PIN authenticates cardholder identity at an ATM. See also MasterCard SecureCode.

Virtual Sales Slip: Detailed information on a financial transaction, which is generated by the merchant's online store and downloaded to your digital wallet. Typical items contained in the virtual sales slip are confirmation of your order, shipping details, and total amount of sale.

Visa 3-Domain Secure (3-D Secure): - The 3-D Secure protocol was developed by Visa to improve the security of Internet payments. It is designed to allow authentication of cardholders by their issuers at participating merchants, reducing the likelihood of fraudulent usage of Visa cards and improving overall transaction performance. Visa has licensed the 3-D Secure protocol to other major payment brands and the vendor community. For more information see Visa 3-Domain Secure.

back to top

WAP (Wireless Application Protocol): A protocol whereby Web-coded information is adapted for use in mobile access devices such as cell phones or pagers.

W-CDMA (Wideband Code Division Multiple Access): A standard facilitating the delivery of high-speed data to compatible mobile phone handsets.

WML (Wireless Markup Language: A markup language providing a 'light' version of a Web site for viewing on handheld devices.

Web Browser: A client program that runs on an end-user's computer, linking it to the World Wide Web.

back to top

X No entries yet. Would you like to submit one?

Y No entries yet. Would you like to submit one?

Z No entries yet. Would you like to submit one?

back to top


Enquiries to:

We would like to thank MasterCard, Visa, AMEX and JCB for their assistance with this glossary.

If you have any questions or comments, please contact:


Contact  |  Privacy Policy  |  Term of Use  |