Glossary A - M
A | B | C | D | E | F
| G | H | I | J | K | L
| M | N | O | P | Q | R
| S | T | U | V | W | X
| Y | Z
AADS (Account Authority Digital Signature): A payment mechanism where smart cards and PIN codes interact to generate a unique digital signature for each transaction. Removes the need for third-party authorization of payments, thereby reducing the risk of payment details being intercepted in transit.
Acquirer or aquiring bank: The institution or organization where a merchant has an account to process transactions and credit payments.
ADVT (Acquirer Device Validation Toolkit): Series of tests developed to enable chip card acquirers and device vendors to validate the configuration of their EMV chip-reading devices. Chip acquirers must use ADVT on each type of EMV chip-reading device if a new hardware or payment-related configuration is introduced or new payment software is installed. For more information see: http://partnernetwork.visa.com/dv/advt/main.jsp
ASP (Application Service Provider): A body which licenses, maintains and rents third-party software systems to business clients.
Audit Trail: For recording purposes, messages created as a by-product of data processing runs or mechanized operations.
Authentication: A term describing the process of identification of individuals and businesses through the use of digital certificates.
Authorization: This is the process where permission is granted by the card issuer (the financial institution) allowing the payment transaction to proceed. It is during this process that the issuing bank checks that the available credit on the card is not exceeded.
back to top
Batch: A composite of captures and credits accumulated over a period of time, although generally no more than one day, which are waiting to be settled with the merchant's acquiring financial institution.
Batch Close: The process of sending a batch to the financial institution for settlement.
Biometrics The measurement of a living trait used to control access. Refers to the interpretation of personal traits for access control purposes in place of password or ID verification systems.
BSP (Business Service Provider): An emerging breed of software developer which rents its services to vertical industries such as banking or airlines.
Browser plug-in: Additional software that is installed on your computer, which extends the functionality of your Web browser.
back to top
Capture: A procedure performed on a previously authorized transaction after a merchant has shipped goods or services to the customer. This transaction triggers the movement of funds from the issuer to the acquirer and then to the merchant's account.
Cardholder: An individual or business that has established an account with a credit or debit card issuer. A cardholder is eligible to initiate a payment card transaction.
Card-not-present (CNP): A transaction where the merchant, retailer or other service provider does not have physical access to the payment card. Examples include transactions by telephone, mail order or the Internet.
CDMA (Code-Division Multiple Access): A type of circuit-switched mobile network.
CDPD (Cellular Digital Packet Data): A standard capable of transmitting Web data to PDAs such as Palm Pilots. Whenever a lag occurs in data transmission, CDPD squeezes data into reserved spaces between analog cell channels. Although this data is low priority, carriers charge per packet.
Check 21: The Check Clearing for the 21st Century Act (Check 21) was signed into law on October 28, 2003, and became effective on October 28, 2004 in the U.S. Check 21 is designed to make the payments system more efficient by reducing legal impediments to check truncation. It creates a new negotiable instrument called a substitute check, which permits banks to truncate original checks,
to process check information electronically, and to deliver substitute checks to banks that want to continue receiving paper checks. A substitute check is the legal equivalent of the original check and includes all the information contained on the original check.
Chip card: Also known as a smart card or integrated circuit card. A chip card contains a secure computer chip that can store and process information; chip cards usually also have a magnetic stripe.
Chip-and-PIN card: A payment card containing a chip that requires the use of a PIN as the method of cardholder verification at the point-of-sale as well as at ATMs. See the entry for EMV, the global standard for chip-and-PIN cards.
Common Electronic Purse Specification (CEPS):Initially developed by Visa before being handed over to the CEPSCO LLC industry consortium, this is a standard for the global interoperability of smart cards.
Certificate Authority (CA): This is the service provided by a bank or third-party company which digitally signs public keys sent to it by a Web browser or by the merchant's server software. The CA issues and validates users' digital certificates.
Challenge-Response: A common authentication technique for smart cards whereby an individual is prompted (the challenge) to provide some private information (the response). The in-built security system presents a code (the challenge) to the user, which he or she enters into the smart card. This generates a new code (the response) that the user can present to log in.
Credit: A transaction resulting in a credit to a cardholder's account.
Cryptography: The practice of digitally "scrambling" a message using a secret key or keys.
CSP (Commerce Service Provider): Enterprises resembling utilities firms in functioning as server farms to host ASPs and eCommerce ventures.
back to top
Digital Cash: Two main mechanisms in that "digital coins" can be downloaded to the user's PC from a participating bank, or a digital money account can be set up with a bank. Both (encrypted) forms of cash can be sent to merchants for payment.
Digital Certificate: Online identification that authenticates a consumer, merchant and a financial institution. Digital certificates are used to encrypt information exchanged in e-commerce transactions. A certificate is a public key that has been digitally signed by a trusted authority (the financial institution) to identify the user of the public key.
Digital Money: The same as digital cash but can also involve the use of software-based secure credit card transactions.
Digital Receipt Infrastructure: (DRI) Utilizing this infrastructure enables consumers and organizations to prove that electronic transactions and events actually took place. In legal terms, these serve as a digital trail, as opposed to a paper trail.
Digital Signatures: An electronic signature, which cannot be forged. Instead it is generated from a computed digest of the text that is encrypted and sent with the text message. The recipient decrypts the signature and retrieves the digest from the received text. If the digests match, the message is authenticated and proved to be from the sender.
Digital Wallet: Software that provides the equivalent of a wallet for electronic commerce. A digital wallet, or e-wallet, holds digital money that you purchase similar to travelers' checks. A wallet may also hold your credit card information along with a digital certificate that identifies you as the authorized cardholder.
Disintermediation: The practice of cutting out the middleman to achieve convenience, savings and fast turn-around time for consumers. Refers to the bypassing of traditional retail channels for direct selling by Web-based companies.
back to top
ECML (Electronic Commerce Modeling Language): A standard developed by a consortium of industry players including American Express, Compaq, Dell, IBM, Microsoft, VeriFone and Visa USA. Consequently, one-click purchasing at all compatible Web sites is facilitated. See the ECML site for more details.
ECC (Elliptic Curve Cryptography): Cryptographic solution requiring less bandwidth to offer increased security for online transactions. Twice as much power is needed to crack a 97-bit ECC key than a 512-bit RSA key.
EDGE (Enhanced Data rate for Global Evolution): Enhancement for GSM and TDMA networks, taking packet delivery to speeds of 384Kbits/s. Based on 2G standards but often classified as a 3G protocol.
Electronic Bill Presentment and Payment (EBPP): Comprising two components of Internet billing, this term refers to online electronic bill presentment and payment. Bill presentment involves the online delivery of bills to customers, with electronic payment instead of through paper check.
Electronic Checks:Electronic checking systems take money from users' checking accounts to pay utility and phone bills.
Electronic Commerce (e-commerce): A term given to all types of transactions that are conducted using digitally-transmitted data methods.
Electronic Document Interchange (EDI): The electronic communication of business transactions, such as orders, confirmations and invoices
Electronic Wallet: Software, residing as a plug-in in the Web browser, that enables a cardholder to conduct online transactions, manage payment receipts and store digital certificates. Like your real wallet, your digital wallet stores your credit card number and shipping details.
EMV: Acronym for "Europay, MasterCard, Visa." EMV is a set of specifications covering chip-based debit/credit cards and associated point-of-sale terminals, ATMs and applications. The global EMV standard supports applications enabling issuers, retailers and consumers to start using chip cards and terminals with added security. The term 'EMV compatible' is used when referring to terminals or chip cards which meet the EMV specifications. The EMV specifications are divided into three parts: card specification, terminal specification, and application specification. The latest version of EMV is known
as EMV2000, Integrated Circuit Card Specification for Payment Systems, Version 4.0, December 2000.
EMVCo: The legal structure created by Europay International S.A., MasterCard International Incorporated, and Visa International Service Association for smart card interoperability specifications and associated type approval procedures.
EMV Level 2 Certification: Certification that shows a payment software kernel can support EMV chip-based transactions. Ensures that the applications on the card and the device will have the same understanding of what particular words or commands mean. See EMVCo web site for further details.
EMV Scripting: After an EMV card is issued, chip technology enables changes to the card risk parameters to be made through the means of scripts, for example, changing credit limits. When an EMV card is inserted in a chip-and-PIN card reader, a new, updated script is written to the card's chip. [Source: Aconite]
ETSI (European Telecommunications Standards Institute): A non-profit organization whose mission is to determine and produce the telecommunications standards that will be used for decades to come.
European Payments Council: The EPC is the industry body formed to implement a Single Euro Payment Area (SEPA) for Europe. See SEPA.
Extranet: An extension of a company's intranet. Extranets connect the internal network of one company with the intranets of its customers and suppliers. A combination of Intranets, extranets and the Internet makes it possible to create applications covering all aspects of a business relationship, from ordering to payment.
back to top
F No entries yet. Would you like to submit one?
back to top
Gateway: An electronic application that accepts transactions from online merchant storefronts and routes them to a financial institution's processing system.
GlobalPlatform: An international association which establishes and maintains interoperable specifications for single- and multi-application smart cards, acceptance devices and systems infrastructure.
GPRS (General Packet Radio Services): An extension of the GSM standard allowing the transmission of packet data to wireless devices at speeds of up to 150 kbps.
back to top
HDML (Handheld Device Markup Language): A markup language adapting Web content for display on mobile handheld devices such as cell phones, pagers or PDAs.
HSCSD (High Speed Circuit Switched Data): A software upgrade for the GSM standard which provides enhanced, cost-effective high speed data services across existing networks.
back to top
Identrus: A global banking consortium established to "trust-enable" every stage of a transaction through to actual payment. Promotes the use of PKI systems within the financial industry. See Public Key Infrastructure.
Interchange: The interchange fee is the amount that an acquirer (i.e. the merchant's bank) pays to the issuer (i.e. the cardholder's bank) for a card transaction. Visa and MasterCard receive no portion of the interchange fee.
The level of interchange is determined by many different factors according to the way the transaction occurred and the type of card used.
Issuing banks receive the interchange to compensate for investments they make and costs they incur in card innovation, exception handling, fraud measures, payment guarantee, preparing and issuing cardholder statements.
Internet Keyed Payment (IKP): Created by IBM, a group of secure payment protocols to enable customers purchase goods and services securely over the Web see http://www.zurich.ibm.com/security/past-projects/ecommerce/iKP.html).
Intranet: An internal company network based on Internet protocol. Intended for speedy and convenient distribution of corporate information.
IMT-2000 (International Mobile Telecommunications-2000): An ITU-approved standard, employing 3 wideband-CDMA (W-CDMA) specifications. The single carrier portion is intended as a 3G bridge for current GSM networks.
Issuer: A financial institution that issues payment cards, such as credit or debit cards.
back to top
J No entries yet. Would you like to submit one?
K No entries yet. Would you like to submit one?
L No entries yet. Would you like to submit one?
back to top
MAOSCO: The open industry consortium behind the MULTOS smart card operating system. A full member of the European Telecommunications Standards Institute (ETSI).
MasterCard Cardholder Authentication Protocol (CAP): A two-factor authentication technology involving the use of a chip-and-PIN card such as a credit card or debit card and a chip card reader for cardholder-not-present transactions such as online shopping.
The cardholder enters their card in the reader along with a PIN, and the reader calculates a one-time code which the cardholder then enters on the e-commerce Website. The code is then transmitted to the issuer for transaction authentication. See cardholder-not-present and two-factor authentication.
MasterCard SecureCode: A program supporting cardholder authentication and guaranteed payments over the Internet for MasterCard credit card and Maestro debit card transactions. It involves the use of a private code known only to the cardholder and their bank. Similar to Verified by Visa in that no hardware is involved. See Verified by Visa.
MEPS: Malaysian Electronic Payment System, a joint venture payment gateway established by 18 banks in Malaysia. (see http://www.meps.com.my/).
Merchant: Collective term applied to Web-based eTailers who may have online storefronts.
Message digest The basis for Digital Signatures in providing a digest of the random message being transmitted. As a result, they are difficult to reverse.
Micro payments: Low-cost transactions of between 25c and $10. Payments are typically made prior to downloading graphics, games, and information.
MULTOS: Abbreviation for Multiple Operating System, comprises a platform for smart card development. Favored by MasterCard, Mondex and Discover card brands.
MVNO (Mobile Virtual Network Operator): A MVNO buys airtime from a real operator. Under this model, banks can become a mobile operator and leverage mobile payments and top-up accounts to their profit.
back to top