Glossary of Payment Terms

3-D Secure

The 3-D Secure protocol was developed by Visa to improve the security of Internet payments by enabling an e-commerce merchant to go online to a card issuer in order to authenticate a cardholder. Services based on the protocol are offered by the major card issuers. Card issuers license providers of a Merchant plug-in (MPI) which is a software module designed to facilitate 3-D Secure for merchants.

Acquirer

An acquirer is a bank or financial institution that enables a merchant to accept card payments for products or services. The term acquirer indicates that the bank accepts or "acquires" card transactions from the card-issuing banks within an association for example Visa and MasterCard.

Application Cryptogram

(EMV v4.1 Tag 9F26) The Application Cryptogram is generated by the card in response to the terminal's decision about how to process the transaction.

Application Identifier

(EMV v4.1 Tag 4F) The Application Identifier (AID) uniquely identifies the application in accordance with ISO/IEC 7816-5.

Application Interchange Profile

(EMV v4.1 Tag 4F) The Application Identifier (AID) uniquely identifies the application in accordance with ISO/IEC 7816-5.

Application Label

(EMV v4.1 Tag 50) The Application Label is used to display the name of an application.

Application Preferred Name

(EMV v4.1 Tag 9F12)) The Application Preferred Name is used to display the name of an application.

Application Primary Account Number (PAN) Sequence Number

(EMV v4.1 Tag 5F34) The Application Primary Account Number (PAN) Sequence Number identifies and differentiates cards with the same PAN.

Application Transaction Counter

(EMV v4.1 Tag 9F36) The Application Transaction Counter is a counter maintained by the card application.

Application Usage Control

(EMV v4.1 Tag 9F07) The Application Usage Control specifies any restrictions that may prevent the card being used for specific types of transactions, domestically or internationally, or at specific types of terminals.

Application Version Number

(EMV v4.1 Tag 9F08) The Application Verson Number is a version number assigned by the payment system to the application.

Authorization

Authorization is carried out by a merchant to check that a card is not reported as lost or stolen and the availability of funds in the cardholder's account.

Authorization Code

An authorization code is a code assigned to an approved transaction by a card issuer.

Authorization Response Code

(EMV v4.1 Tag 8A) The Authorization Response Code (ARC) is returned from the card issuer during online processing, or is generated by the terminal during Terminal Action Analysis. The value of the Authorization Response Code indicates whether the transaction was authorized or declined. The card may override the result during Card Action Analysis.

Authorization Response Cryptogram

(EMV) The Authorization Response Cryptogram (ARPC) is generated by the card issuer and used by the card to verify that the response came from the card issuer.

AVS

AVS is an abbreviation for Address Verification System which is used to verify the address of a person claiming to be the cardholder. The address given is checked against the address held on file by a card issuer. AVS is a security measure for a "card not present" transaction.

Card Association

A card association is a network of issuing banks and acquiring banks that process payment cards of a specific brand. Some well-known payment card association brands are Visa, MasterCard, American Express, Discover, Diners Club, and JCB.

Card Issuer

A card issuer is a financial institution, usually a bank or building society, that issues a payment card to a cardholder and administers their account. A card issuer usually manufactures and issues a card that belongs to a card association which is an organization owned by its member financial institutions. The main card schemes are Visa and MasterCard. American Express and Diners Club are card schemes that issue cards directly.

Card Not Present

The card is not physically present at the time of the transaction. MOTO and Internet are "card not present" transactions. Additional data (CSC, AVS, 3-D Secure) is captured as a security measure.

Card Present

The card is physically presented to a merchant at the time of the transaction. Swiped, keyed and ICC are "card present" transactions.

Card Security Code

The Card Security Code (CSC) comprises two codes: CVV1 and CVV2 (Cardholder Verification Value). CVV1 is encoded on a card's magnetic stripe. CVV2 is a three or four digit value printed on the card or signature strip and used therefore to verify that a cardholder has the card in their physical possession. The term CSC is commonly used to refer to CVV2.

Cardholder

A cardholder is a person to whom a payment card has been issued by a card issuer.

Cardholder Verification Method (CVM) Results

The Cardholder Verification Method (CVM) Results indicates the results of the last CVM performed.

Byte 1 - CVM Performed
The last CVM of the card's CVM List actually performed by the terminal.

bit 8 bit 7 bit 6 bit 5 bit 4 bit 3 bit 2 bit 1 Meaning Value
0 RFU N/A
0 Fail cardholder verification if this CVM is unsuccessful N/A
1 Apply succeeding CV rule if this CVM is unsuccessful N/A
0 0 0 0 0 0 Fail CVM processing 00 or 40
0 0 0 0 0 1 PIN verification performed by ICC 01 or 41
0 0 0 0 1 0 Enciphered PIN verified online 02 or 42
0 0 0 0 1 1 Plaintext PIN verification by ICC and signature (paper) 03 or 43
0 0 0 1 0 0 Enciphered PIN verification by ICC 04 or 44
0 0 0 1 0 1 Enciphered PIN verification by ICC and signature (paper) 05 or 45
0 x x x x x Values in range 0000110 - 011101 reserved for future use 06-1D / 16-5D
0 1 1 1 1 0 Signature (paper) 1E or 5E
0 1 1 1 1 1 No CVM required 1F or 5F
1 0 x x x x Values in range 100000 - 101111 resevred for future use 20-2F / 60-6F
1 1 x x x x Values in range 110000 - 111110 resevred for future use 30-3E / 70-7E
1 1 1 1 1 1 Not available 3F or 7F

Byte 2 - CVM Condition
The CVM condition.

Value Description
00 Always
03 If terminal supports CVM

Byte 3 - CVM Result
The result of the last CVM performed as known by the terminal.

Value Description
00 Unknown
01 Unsuccessful
02 Successful

Cryptogram Information Data

(EMV v4.1 Tag 9F27) The Cryptogram Information Data contains the type of Application Cryptogram generated by the card.

Cryptogram Transaction Type

(EMV v4.1 Tag 9C) The Cryptogram Transaction Type Indicates the type of financial transaction represented by the first two digits of the Processing Code data element in ISO 8583:1987.

DCC

DCC is an abbreviation for Dynamic Currency Conversion.

Declined

A card issuer has refused to approve a request to authorize a transaction.

EMV

EMV is a global standard for the processing of card payments using an integrated circuit card (ICC) based payment application and ICC capable Point of Sale (POS) terminals and ATMs. The EMV standard takes its name from the card schemes Europay, MasterCard, and Visa that developed it.

Floor Limit

The floor limit is a monetary amount above which a transaction must be authorized online.

Integrated Circuit Card (ICC)

An Integrated Circuit Card is a card that has an integrated circuit embedded in it that can store and process data securely. It is also known as a Chip Card or Smart Card.

Internet Transaction

Card data is captured by keying in to a web browser form. An e-commerce transaction is an example of an Internet transaction.

Issue Number

The issue number is a supplementary number to the PAN of certain debit cards, primarily United Kingdom ones such as Switch and Maestro. Because most of the PAN is determined by the bank account number, the PAN cannot be changed if the card is lost or stolen (without changing the underlying bank account number), and instead the issue number is changed.

Issuer Action Codes

(EMV) Issuer Action Codes are supplied by the card and used to determine how to process a transaction.

Issuer Action Codes - Default

(EMV v4.1 Tag 9F0D) The Issuer Action Code - Default specifies the card issuer’s conditions that cause a transaction to be rejected if it might have been approved online, but the terminal is unable to process the transaction online.

Issuer Action Codes - Denial

(EMV v4.1 Tag 9F0E) The Issuer Action Code - Denial specifies the card issuer’s conditions that cause the denial of a transaction without attempting to go online.

Issuer Action Codes - Online

(EMV v4.1 Tag 9F10) The Issuer Application Data is payment system defined application data for transmission to the card issuer in an online transaction.

Issuer Application Data

(EMV v4.1 Tag 9F10) The Issuer Application Data is payment system defined application data for transmission to the card issuer in an online transaction.

Keyed Transaction

Card data is captured by keying into a PIN Entry Device.

Mail Order/Telephone Order Transaction

In a Mail Order/Telephone Order (MOTO) business environment an order is taken over the phone or received via mail. In a MOTO environment, a merchant does not have direct access to a cardholder's card ("card not present") so, to combat the increased risk of fraud, several security measures have been developed: CSC and AVS.

Merchant

A merchant is a business (for example a shop, online store, restaurant, hotel, airline) that accepts a payment card as a method pf paying for goods or services. A merchant sends the details of a card transaction to their acquirer(s).

MID

A Merchant Identification Number (MID) is a unique number assigned to a merchant by an acquirer to identify it for the purpose of processing transactions.

Offline Authorization

The transaction is not sent to the card issuer for authorization.

Online Authorization

The transaction is sent to the card issuer for authorization.

Payment Service Provider

A payment service provider (PSP) enables merchants to process payment card transactions; it is an interface between a merchant and its acquirer(s). PXP is a PSP.

PAT

PAT is an abbreviated reference for Pay At Table. This solution allows for a payment to be initiated and completed wirelessly at a "table" without having to complete any further operations at the till.

PED

PED is an abbreviated reference for PIN Entry Device.

PIN Entry Device

A PIN Entry Device (or PIN pad) is an electronic device used for an IC Card transaction to input and encrypt a cardholder's PIN.

POS Entry Mode

(EMV v4.1 Tag 9F39) The POS Entry Mode indicates the method by which the PAN was entered, according to the first two digits of ISO 8583:1987.

Primary Account Number

The Primary Account Number (PAN) is a number that can be 12 to 19 characters in length embossed on the payment card. The PAN identifies the card that is associated with a specific cardholder and account. The PAN is also know as the card number or bank card number.

Referral Transaction

A referral transaction causes a transaction to be authroized with an authorization code obtained by contacting the card issuer (voice authorization).

Referred

A merchant may receive a message indicating that an authorization request has been referred (voice referral). In the event of a referral, the merchant should call the authorization center because more information is needed regarding the cardholder.

Refund Transaction

The transaction amount is credited to the cardholder's account.

Reversal Transaction

A reversal causes the cancellation of a transaction during or after processing but before settlement.

Sale Transaction

The transaction amount is debited from the cardholder's account. Also known as a purchase transaction.

Settlement

After authorization, settlement is the process of transferring funds between a cardholder and a merchant.

Swiped Transaction

Card data is captured by a magnetic stripe reader.

Terminal Action Code

(EMV) Terminal Action Codes are a set of action codes stored by the terminal and used to determine how to process a transaction.

Terminal Capabilities

(EMV v4.1 Tag 9F33) The Terminal Capabilities indicates the card data input, CVM, and security capabilities of the terminal.

Terminal Country Code

(EMV v4.1 Tag 9F1A) The Terminal Country Code is a code for the country of the terminal in accordance with ISO 3166.

Terminal ID

A Terminal Identification Number (TID) is a unique number assigned to a merchant's transaction device by an acquirer to identify it for the purpose of processing transactions.

Terminal Type

(EMV v4.1 Tag 9F35) The Terminal Type Indicates the environment of the terminal, its communications capability, and its operational control.

Terminal Verification Results

(EMV v4.1 Tag 95) The Terminal Verification Results (TVR) are a collection of indicators set by the terminal to show the incidents that have occurred while processing the current transaction, for example cardholder verification has failed. The TVR are used during Terminal Action Analysis.

Token

A unique transaction identifier generated by PXP.

Track 2

Track 2 data is stored on the magnetic stripe of a card; Track 2 contains card data, such as start date, expiry date and issue number.

Track 2 Equivalent Data

(EMV v4.1 Tag 57) The Track 2 Equivalent Data contains the data elements of Track 2 in accordance with ISO/IEC 7813.

Transaction Sequence Counter

(EMV v4.1 Tag 9F41) The Transaction Sequence Counter is a counter maintained by the terminal that is incremented by one for each transaction.

Transaction Status Information

(EMV v4.1 Tag 9B) The Transaction Status Information is a collection of indicators set by the terminal to show what processing steps have been performed.

Unpredictable Number

(EMV v4.1 Tag 9F37) The Unpredictable Number is a value to provide variability and uniqueness to the generation of a cryptogram.

Voice Authorization

Voice authorization is the authorization of a transaction with an authorizatiob code obtained by contacting the card issuer following a referral response to an authorization request.