There’s no question about it: Some merchant account/payment processing terminology is downright confusing.
Even those who aren’t entirely new to the payment business can find themselves stymied by indecipherable words and seemingly odd acronyms. Here, we’ve demystified 10 terms that seem to provoke a lot of head-scratching.
ENCRYPTION/P2P ENCRYPTION: Used to automatically scramble data in the point of sale (POS) terminal or computer. Data that have been encrypted, such as a credit card number, is protected from hackers as it is transmitted during the transaction process. In point-to-point, or P2P, encryption, card data is encrypted at the moment it is captured and remains encrypted until it reaches the payment processor.
MEMBER: A financial institution that is a member of VISA USA and/or MasterCard International and, as such, is licensed to issue Visa- and/or MasterCard-branded cards to cardholders, and/or to accept merchant drafts.
NACHA: Formerly the acronym for, and now the formal name of, the National Automated Clearing House Association. NACHA manages the development, administration, and governance of the ACH Network, backbone for electronic movement of money and data in the U.S. The ACH Network serves as a network for direct consumer, business, and government payments, facilitating payments such as direct deposit and direct payment.
MULTI-FACTOR AUTHENTICATION: Use of multiple “factors” to verify that anindividual who is using a form of payment (for example, a credit card) is the “owner”of that form of payment (for example, the individual whose name appears on thecard). These factors can be something the user has (such as the physical creditcard) or knows (like a password, passphrase or PIN). Fingerprints and otherforms of metrics, such as facial recognition, also fall into the “factors”category. Multi-factor authentication is often synonymous with strongauthentication, which is used to verify the identity of a user or device toensure that the system it protects is secure.
PAYMENT APPLICATION: Related to PA DSS (see below). A payment application is a software application that stores, processes, or transmits cardholder data as part of the authorization or settlement of payment transactions.
PAYMENT MIDDLEWARE: Software that connects two or more related or unrelated payment applications. For example, payment middleware may move card data between an application on a payment terminal at the POS and other merchant systems that send card data to a processor.
PAYMENT SYSTEM: All of the components used by merchants to accept card payments in bricks-and-mortar locations (including stores and restaurants) and on e-commerce sites. A payment system may include a POS terminal, electronic cash register, peripherals (like bar code scanners for ringing up sales), and other devices or systems connected to the POS terminal, like Wi-Fi for connectivity or a PC used to track inventory. Other components can include servers with e-commerce elements, such as product pages, and the technology that connects the payment system with the merchant bank.
PCI-DSS (and related terms): Acronym for the PCI Council’s Payment Card Industry Data Security Standard (see details here). PCI DSS-compliant means that all applicable requirements of the current PCI DSS, which change periodically, are being met, and merchant banks, as well as payment brands, may have requirement that mandate merchants to undergo annual validation of their PCI DSS compliance. PCI DSS validated means proof has been provided that all applicable PCI DSS requirements are being met at a single point in time, and a PCI-validated payment application is a software solution that has been validated per the PCI Payment Application Data Security Standard (PA DSS) and is listed on the PCI Council’s website.
TOKENIZATION: A process by which a surrogate value called a token replaces the primary account number, or PAN. Tokens can be used in place of the original PAN to perform functions when a card is not present—for example, voids, refunds, or collecting payments from accounts that are set up for recurring billing. Like encryption, tokenization increases data security; tokens are unusable if stolen and thus have no value to a criminal.
UCOMMERCE: Short for Universal Commerce. UCommerce is unified enablement of payments made online, at kiosks, and in-store. It incorporates social media, such as Facebook payments, and near-field communications (NFC). NFC is a set of communication protocols that let two electronic devices, one of which is usually a smartphone, to establish communication with each other from a distance of 16 inches—for example, a smartphone swiped across a scanner plate to open a mobile wallet. With UCC, the mobile device is the centerpiece of the user experience.
There you have them. We hope this blog has cleared up some confusion for our customers. To learn more about these and other terms, see our glossary.