Glossary

0-9

3-D Secure

A protocol for authenticating payers, originally developed by Visa but now also adopted by Mastercard, JCB, and American Express. Uses a Directory Server to determine whether the payer is enrolled for 3DS, then redirects the payer to an Access Control Server (ACS) to authenticate. See Visa Secure, SecureCode, J-Secure, SafeKey.

3DS

See 3-D Secure.

A

AVS

See Address Verification Service.

Access Control Server

A component that operates in the issuer domain, verifies whether authentication is available for a card number and device type, and authenticates specific transactions.

Acquirer

A bank (usually) or another payment processor which acquires transactions from merchants. The merchant has a business relationship with the acquirer, and usually has a bank account with the acquirer into which funds are paid from the proceeds of transactions. Mastercard Gateway can send transactions to a host or switch run by an acquirer. See also Acquirer Link.

Acquirer Domain

Contains the systems and functions of the acquirer and its customers, such as merchants.

Acquirer Link

Also known as merchant acquirer link or merchant acquirer relationship. It is the configuration that allows a merchant to process transactions against a specified acquirer. Each merchant has at least one acquirer link, while some have more than one link - in this case, the card brand and currency is used to determine which acquirer link should handle each transaction. Each link has one or more terminals assigned to it.

Address Verification Service

A service where some or all of the payer's address is included with a transaction message, and the service will provide a score based on how much of it matched the billing address for the credit card. Detects fraud by comparing the address entered with the address information on file with payer's issuing bank.

Authorization

A message sent via an acquirer to a card issuer, asking that funds be reserved in the payer's account for later capture. If the authorization is successful, an authorization ID or code is returned as a receipt. The hold on the funds is generally only valid for a limited period, for example 7 days.

Authorization Code

A code generated by the issuing bank in response to a proposal to transfer funds. This is returned in the authorization response.

Authorize

See Authorization.

Authorize/Capture

A mode where the merchant first does an authorization to reserve the funds, then (typically after shipping the goods) does a capture. Card scheme rules prevent charging the payer until goods are shipped, so this mode is frequently used by mail-order companies.

B

B2B

See Business to Business.

B2C

See Business to Consumer.

Bill

See Capture.

Business to Business

E-commerce model in which business sells to another business.

Business to Consumer

E-commerce model in which business sells to individual shoppers.

C

CAIC

See Card Acceptor Identification Code.

CNP

See Card Not Present.

Capture

The process of transferring funds from the payer's account to the merchant's account. Captures are always batched somewhere in the system, either by Mastercard Gateway or by the acquirer's host, so the funds aren't really transferred until the batch is closed and settlement occurs. The capture must always be preceded by an authorize, and the authorization ID sent with the capture.

Card Acceptor Identification Code

The Card Acceptor Identification Code is an identifier allocated to a merchant by their acquiring bank.

Card Brand

The brand name on a credit card, for example, Mastercard, Visa, Visa Debit. In most cases, the name of the brand is the same as the name of the Card Scheme (see Card Scheme), although this is not true for cards like Maestro (scheme being Mastercard), or private label cards.

Card Not Present

A transaction where the payer and/or the payment instrument are not physically present at the merchant's location. The payment instrument details are provided by the payer over the internet or phone or via mail.

Card Scheme

Identifies the underlying type of a credit card, for example, Mastercard, Visa, Amex.

Card Security Code

Card Security Code (also known as CSC, CVV2, CVC2, 4DBC, CID). This is the card scheme's name for the 3- or 4-digit non-embossed code on a credit card, which is used to verify that the card is in the payer's possession.

Card Track 1

The format - %....maximum length 76 characters between sentinels....?A. % and ? are sentinels and A is the LRC.

Card Track 2

The format - ;....maximum length 37 characters between sentinels....?A. ; and ? are sentinels and A is the LRC.

Card Type

See Card Brand.

Cardholder

The cardholder has a payment instrument (typically a credit card) issued by the issuer, and uses it to buy goods or services from the merchant. See Payer.

Certificate Set

The subject name or a list of subject names of the validated certificate(s).

Complete

See Capture.

Conditional Field

A conditional field in an request is one which may change from being optional to compulsory as a result of the contents of other request fields, e.g. the card number field becomes compulsory if the source of funds is set to 'card'. In a response, the presence of a conditional field depends on the type of data returned in the response.

D

Directory Server

A server hardware/software entity operated in the interoperability domain; it maintains lists of card ranges for which authentication may be available and coordinates communication between merchant server plug-ins and Access Control Servers, to determine whether authentication is available for a particular card number and device type.

E

EMV

Europay Mastercard Visa. A smart card standard for financial chip cards. EMV cards are a type of smart card which offers a more secure payment through an embedded microchip. The card details can be obtained using a chip reader, magnetic stripe reader or manually entering the card details into the POS system.

EMV Data

The extra data fields to be sent through in the message to the acquirer for EMV card transactions.

H

Host Capture

A settlement model where the acquirer or processor host is responsible for collecting transactions that need to be settled, and then settling them when the batch is closed. Mastercard Gateway sends capture and refund transactions (and maybe voids) to the host, which accumulates them. At some later time, either Mastercard Gateway or the host closes the batch, and the transactions are settled.

I

Idempotent Operation

An operation is idempotent if it can be invoked repeatedly while producing the same result. This means that it is always safe to repeat an idempotent operation. If you do not receive a response, you should re-send the request. If the gateway has already received your request, it will return the original response; otherwise it will process the request and return the response.

Interoperability Domain

Facilitates the transfer of information between the Issuer Domain and Acquirer Domain systems.

Issuer

Issues payment instruments (typically credit cards) to payers. Is responsible for transferring money to/from the payer's account.

Issuer Domain

Contains the systems and functions of the issuer and its customers (payers).

J

J-Secure

JCB's brand name for its 3D-Secure implementation.

JCB

Japanese Credit Card.

JSON

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.

L

Level I

This is the traditional credit card transaction, usually including the most basic level of data such as the value of the purchase and the payment date. Data required for settlement processing of cards typically include: card number, expiry date, amount, merchant name, merchant ID, MCC, CVV2/CSC/CID, etc

Level II

This includes basic data (Level I) plus some additional information, such as customer reference number, invoice data, tax data, general description of goods. Information about Level II transactions is reported back to the business that made the original purchase. This data can be used by the business to sort, reconcile and report transactions. Data about the settlement transaction can provide enhanced reporting for the card holder. Level II data requirements vary by the merchant's industry and card type. In some regions, interchange costs may be affected by the enhanced data provided.

Level III

This includes Level II data plus line item details where item by item descriptions of each component of the purchase, including full tax details are provided. The business originating the transaction receives a monthly report of all captured information from their card issuer. This forms a consolidated tax report containing all the information contained in a tax receipt. For all transactions, irrespective of value, it eliminates the need for purchasers to collect and submit conventional tax invoices for tax reclamation. The data can also be used to sort, reconcile and report transactions. The monthly consolidated tax report is also available in electronic format, making it possible for order reconciliation, tax reclamation and accounting to be automated.

M

MAC

Mastercard Gateway Merchant Advise Codes (MACs) are a set of codes that Mastercard supports to enable issuers to communicate additional information about a transaction response to acquirers and merchants. Issuers use these codes to provide further insight to the merchant about the reason for a decline, allowing merchants to take any required action.

MOTO

See Mail Order Telephone Order.

Mail Order Telephone Order

Stands for Mail Order/Telephone Order, and is a common term for traditional card-not-present orders that the merchant acquires by mail or phone. MOTO is also the traditional name for initial transactions (authorization or pay) performed using Merchant Administration.

Mastercard Gateway

Mastercard Gateway services is an endto-end technology provider that enables merchants to accept digital payments across multiple channels, brands, and markets. +All communications between the payer, your application, the Mastercard Gateway and the acquirer is encrypted, making the whole procedure not only simple and quick, but also secure.

Mastercard SecureCode

A program designed to provide online retailers the added security of having issuing banks authenticate their Mastercard SecureCode™ payers, and qualify their online transactions for protection against 'payer unauthorized' chargebacks.

Merchant Administration

Merchant Administration is a web-based interface that allows merchants to easily view and manage their orders. The merchants can search and view their order/transaction details, download CSV reports, check 3-D Secure results, set up risk controls, create orders manually, manage refunds, and much more. Refer to the Merchant Administration User Guide for more details.

mada secure

The 3DS authentication scheme for processing payer authentications of mada cards (co-branded cards with Mastercard and Visa or single-badged) transactions through the mada Directory Server.

O

Order

Typically represents the sale of goods or services by a merchant to a cardholder, for an agreed amount. An order has one or more transactions attached to it.

Order ID

The unique identifier of an order for a merchant.

P

PAN

Primary Account Number. Also known as the card number.

PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is defined as a widely accepted set of policies and procedures intended to optimize the security of credit, debit, and cash card transactions. Additionally, these standards also protect cardholders against misuse of their personal information.

Pay

aka 'sale' or 'purchase'. A transaction that combines an auth and a capture into one message. Pay is a single transaction that immediately debits the funds from a payer's credit card account. Used when the merchant is allowed to bill the payer's account immediately, for example when providing services or goods on the spot.

Payer

The payer has a payment instrument (credit card, mobile device) issued by the issuer, and uses it to buy goods or services from the merchant.

Payment Authentication

A process whereby the payer authenticates their identity with the issuing bank during the online transaction process. This is made possible by a Mastercard SecureCode™ or Verified by Visa™ and other Card Scheme's Payment Authentication used for authenticating the payer.

Payment Session

A payment session, or simply session, is a temporary container for any request fields and values of operations that reference a session. This allows you to use a session in an operation to reference the request fields and values rather than providing them directly in the operation request.

Payment service provider

The payment service provider, also known as MSO (Merchant Services Organization), is an entity on the payment gateway that has a relationship with merchants and boards the merchants on to the gateway.Your Payment Service Provider may be your acquiring bank or a third party technology services provider.

R

Refund

A return of funds to the payer from the merchant. Mastercard Gateway requires the refund to be performed against an order (as a security feature) though the card schemes may not have this requirement.

Revised Payment Services Directive (PSD2)

PSD2 is a legislation effective in the European Economic Area (EEA). PSD2 aims at driving market efficiency and integration, increasing consumer protection, creating competition, and improving security.

S

SSL

Secure Socket Layer (SSL) is a security technology that is used to secure transactions between the payment gateway and the web browser. SSL protects data submitted over the Internet from being intercepted and viewed by unintended recipients.

SafeKey

American Express's brand name for its 3D-Secure implementation.

SecureCode

Mastercard's brand name for its 3D-Secure implementation.

Settlement Batch

A settlement batch refers to the grouping of transactions by acquirers/processors into payment groups. Some processors stop each days processing batch at a set time, opening a new batch for the next day's transactions. It should be noted that the cut-over time of the batch may not be in line with the merchant's business hours.

Site

A running instance of the application that caters to merchants through MSOs (Merchant Service Organizations).

Strong Customer Authentication (SCA)

SCA requires the payer to provide two out of the following three factors during the authentication process: something only they know, something only they have, something they are. For example, the payer may be asked to provide a one-time token that the issuer has sent to their mobile phone (something the payer has), and a password (something the payer knows)

T

Terminal

Represents a virtual version of a POS terminal. Mastercard Gateway almost always represents transactions as having come from a terminal when it sends them to the acquirer.

Terminal Capture

A settlement model where the terminal is responsible for holding on to capture and refund transactions that need to be settled, and then sending them all to the host as a settlement batch when the batch is closed. Most acquirers in the United States use Terminal Capture, so Mastercard Gateway becomes responsible for accumulating transactions on behalf of merchants, then settling them with the hosts sometime after the batch is closed. See also Settlement Batch.

Token

The identifier for the stored card details that may be used later to refer to the card details to perform a payment or authorization.

Transaction

Represents a request by a merchant to transfer money (or to prepare for the transfer) between a payer's account and the merchant's account (or vice versa).

Transaction ID

A unique identifier for a transaction within an order.

Transaction Request

A request from the API to Mastercard Gateway to provide transaction information.

Transaction Response

A response from Mastercard Gateway to the API to indicate the outcome of the transaction.

U

UnionPay 3-D Secure

China Union Pay's brand name for its 3-D Secure implementation.

V

Visa Secure

Visa's brand name for its 3D-Secure implementation.

Void

A cancellation of the payment portion of the transaction, so that no funds are transferred between the payer and the merchant. The transaction is cancelled and is not recorded on the payer's statement. Voids can only be performed on transactions that have not yet been sent to the bank for processing at the end of day (see Settlement Batch). Once a transaction has been sent by Mastercard Gateway to the merchant's bank for processing, the merchant must perform a refund instead of a void.