Glossary
A
Acquirer (or acquiring bank)
A member of a card association, for example Mastercard or Visa, who maintains merchant relationships and receives card transactions from merchants.
ACH (Automated Clearing House)
A network used for electronic money transfers in the U.S. ACH processes include direct deposits, bill payments, and bank-to-bank transfers. It is typically used for low-cost, high-volume transactions that are processed in batches rather than in real-time.
AEDO (Authenticated Early Debit Order)
A debit order that enables the account holder to mandate contracted future-dated early debit orders through the use of their bank card (e.g. debit card) and PIN.
AISP (Account Information Service Provider)
A service provider that, with customer consent, can access account information from multiple banks and financial institutions to provide aggregated financial data. AISPs are important for personal finance management and open banking services.
AML (Anti-Money Laundering)
A framework of laws and regulations designed to prevent criminals from disguising illicitly gained funds as legitimate income. AML processes involve monitoring transactions and reporting suspicious activities to financial authorities to mitigate money laundering risks.
API (Application Programming Interface)
A set of rules that allows different software systems to communicate with each other. APIs are central to fintech, enabling platforms to connect with banks, payment gateways, and other services.
Authentication
- A security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual’s authorisation to receive specific categories of information or transaction approval (in the case of cards or payment orders).
- A security measure designed to protect a communications system against acceptance of a fraudulent transmission or simulation by establishing the validity of a transmission, message, or originator.
- A cryptographic process, performed during a chip-initiated transaction, that is used to validate the integrity of data provided to identify one or more of the following: issuer, card, chip-reading device and message content.
Authorisation
The first of seven stages in processing a bank card transaction. In this stage, the merchant issues a request to charge the amount to the cardholder’s card. The card issuer or an authorised agent, such as an authorising processor or a stand-in processor, references the cardholder’s account status and credit limit and approves or denies the transaction.
B
BaaS (Banking as a Service)
A model where traditional banks provide banking services to fintech companies via APIs. This allows non-banking businesses to integrate banking products like loans, payment processing, or accounts into their own offerings without becoming fully licensed banks.
C
Card Association
Visa and MasterCard are member-based organisations formed to manage the rules, regulations, and process of interchanging card transactions. Their membership consists of issuers, who are responsible for the management and issuance of debit and credit cards, and acquirers, who are responsible for the procurement and management of merchant relationships for card acceptance.
Cardholder Data
A covering term for the full Primary Account Number (PAN), along with any of the following elements:
- Cardholder name
- Expiry date
- Service code
Sensitive Authentication Data, which must also be protected, includes full magnetic strip data, CAV2, CVC2, CVV2, CID, PINs and PIN blocks.
CBS (Core Banking System)
A centralised system that supports daily banking operations such as account management, transaction processing, and reporting. CBS allows for real-time transaction processing across multiple branches and channels.
CCD (Common Core Definitions)
A minimum common set of card application implementation options, card application behaviours and data element definitions that is sufficient to accomplish an EMV transaction. CCD is not a functional application specification.
CFT (Combating the Financing of Terrorism)
Measures implemented to identify and disrupt the funding networks of terrorist organisations. CFT regulations often overlap with AML policies, as both are aimed at preventing illegal activities through financial channels.
Chargeback
The return of funds to a consumer, forcibly initiated by the consumer’s issuing bank. Specifically, it is the reversal of a prior outbound transfer of funds from a consumer’s bank account, line of credit, or credit card.
Co-branded Cards
Visa or Mastercard credit cards jointly sponsored by a bank and a retail merchant such as a department store. Co-branded cards can be issued at less cost than conventional retail private label cards, and give issuing banks access to new customers. Cardholders may be given incentives, such as discounts on merchandise, rebates, or discounts off purchases. A co-branded card has a tie-in with a specific merchant rather than an association or professional group. It can also be used at other merchants.
CPA (Common Payment Application)
CPA (Common Payment Application) is a functional description of an application that complies with the CCD requirements. CPA implementations must comply with CCD requirements, whereas CCD implementations may not necessarily comply with CPA.
CRS (Common Reporting Standards)
An international standard for the automatic exchange of financial account information between governments. It helps fight tax evasion by requiring financial institutions to report data on non-residents to their home countries’ tax authorities.
Cryptocurrency
A digital or virtual currency secured by cryptography, making it nearly impossible to counterfeit. Cryptocurrencies operate on decentralized networks based on blockchain technology, with Bitcoin and Ethereum being well-known examples.
D
DeFi (Decentralised Finance)
A blockchain-based form of finance that does not rely on traditional intermediaries like banks. DeFi platforms offer financial services (lending, borrowing, trading) through smart contracts.
Digital Wallet
A software-based system that stores users’ payment information and passwords for numerous payment methods and websites. Digital wallets allow users to make transactions quickly without needing physical cards.
E
EFT (Electronic Funds Transfer)
The electronic exchange or transfer of money from one account to another, either within a single financial institution or across multiple institutions, through computer-based systems.
EMV (EuroPay, Mastercard and Visa)
A global standard for interoperation of integrated circuit cards (also called IC cards or chip cards) and IC-card-capable point of sale (POS) terminals and automated teller machines (ATMs), for the purpose of authenticating credit and debit card transactions.
Encryption
The process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing a key to the cipher.
EVD (Electronic Value Distribution)
The system of distributing and managing electronic currencies, vouchers, or stored value such as prepaid airtime or e-money. EVD platforms allow businesses and consumers to exchange electronic value seamlessly across various applications.
F
FCA (Financial Conduct Authority)
A UK regulatory body responsible for overseeing the financial markets and protecting consumers. The FCA ensures that financial products and services are fair, transparent, and operate in a competitive environment.
Firewall
A device or set of devices designed to permit or deny network transmissions based upon a set of rules. Firewalls are frequently used to protect networks from unauthorised access while permitting legitimate communications to pass. Many personal computer operating systems include software-based firewalls to protect against threats from the public internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions.
I
Interchange
The fee that a merchant’s bank pays a customer’s bank when merchants accept card payments using card networks.
Issuer (or issuing bank)
A bank that offers card association branded payment cards directly to consumers.
K
KYC (Know Your Customer)
A regulatory requirement that financial institutions verify the identity of their customers to prevent fraud, money laundering, and other illegal activities. It typically involves collecting personal information, proof of identity, and sometimes proof of address.
M
Merchant
Any entity that accepts payment cards, not limited to those bearing the logos of any of the five members of PCI SSC (American Express, Discover, JCB, Mastercard and Visa) as payment for goods or services. Note that a merchant who accepts payment cards as payment for goods or services can also be a service provider, if the services sold result in storing, processing or transmitting cardholder data on behalf of other merchants or service providers. For example, an ISP is a merchant that accepts payment cards for monthly billing, but also is a service provider if it hosts merchants as customers.
Merchant Account
A merchant account is set up with a financial institution to allow merchants to accept credit card payments directly from their clients. Unlike most third-party services, money collected through the merchant account is deposited directly into the merchant’s checking account within 2 to 3 business days. Merchants need a merchant account if they want to take credit card payments from their clients using their own business name and have the money deposited directly into their business checking account.
Merchant Fee
When a business owner sets up a merchant account to enable their customers to pay for products or services using credit cards or debit cards with a Visa or Mastercard logo, they have to pay some fees associated with the credit card transactions. The specific fee amounts depend on the merchant account provider that provides the credit card processing service. However, there is a list of typical fees that the majority of providers charge business owners in exchange for the ability to accept credit cards as payment.
MICR (Magnetic Ink Character Recognition)
A character recognition technology used primarily by the banking industry to facilitate the processing of cheques. The technology allows computers to read information (such as account numbers) off printed documents. Unlike barcodes or similar technologies, however, MICR codes can be easily read by humans.
MNO (Mobile Network Operator)
A provider of wireless communication services that owns and operates infrastructure for mobile networks, including telecommunications towers and services like SMS, mobile data, and voice calling.
M/S (Merchant Services)
A suite of financial services designed to help businesses accept and process payments from customers, primarily involving credit and debit card transactions. Merchant services can also include payment gateways, point-of-sale systems, and fraud prevention.
N
Neobank
A digital-only bank that operates without physical branches. Neobanks provide a variety of financial services such as savings accounts, payments, and loans, typically through mobile apps.
‘Not on us’ Transactions
Transactions in which the bank that issued the card is not the same as the one that owns the ATM or POS terminal on which the transaction is made.
O
‘On us’ Transactions
Transactions in which the bank that issued the card is the same as the one that owns the ATM or POS terminal on which the transaction is made.
P
PaaS (Platform as a Service)
A cloud computing model that provides businesses with a platform to develop, run, and manage applications without worrying about underlying infrastructure. PaaS includes infrastructure such as servers, storage, and networking resources.
Payment Service Provider
Payment Service Providers, also known as Payment Gateways, connect a merchant to the bank or processor that is acting as the front-end connection to the card issuing association. They are called gateways because they take many inputs from a variety of different applications and route those inputs to the appropriate bank or processor. Gateways communicate with the bank or processor using dial-up connections, web-based connections or privately-held leased lines. They operate in accordance with security compliance, as set out by the Card Associations, ACH and industry regulators such as PCI and EMVCo.
Payment Token
A payment token is a reversible token generated at the payment issuer level. This means that the token can be securely mapped back to its original account number by the provider of the payment token and authorised entities only. It is used as part of the payment chain and, when submitted in a transaction to the payment system, causes a payment to occur.
The tokenisation process happens in a manner that is typically invisible to the consumer. Such tokens could be used by merchants or digital wallet operators, and can be stored in EMV chip cards and NFC devices. The payment tokens are restricted to specific domains. For example, a token may be usable only within the e-commerce acceptance channel at a specific merchant. An additional capability of payment tokens is that they can be unlinked from the original card account number in case the token is either no longer needed or a mobile device or card has been lost or stolen. Payment tokens are of particular value in card-not-present transactions, as well as with mobile devices and similar form factors.
PCI-DSS (Payment Card Industry Data Security Standard)
A set of specific security standards developed by the PCI payment brands to help promote the adoption of consistent data security measures that are needed to protect sensitive payment card information. The standard applies to all organisations who hold, process or exchange cardholder information from any card branded with the logo of the payment brand companies.
PCI: The Payment Card Industry Data Security Standard is a set of security protocols designed to protect sensitive account data during and after transactions. It is vital for any organization that handles card payments.
PA-DSS: This standard applies specifically to software applications that store, process, or transmit cardholder data as part of payment processing. Compliance ensures that the software does not introduce vulnerabilities in payment security.
PCH/ACH (Payment Clearing House/Automated Clearing House)
An electronic network for financial transactions, processing large volumes of credit and debit transactions in batches. In South Africa, a network established by bilateral, legally binding arrangement by two or more settlement system participants (excluding the designated system operator) that governs the clearing of payment instructions to be settled by the South African Reserve Bank’s settlement participants.
PIN (Personal Identification Number)
A secret numeric password shared between a user and a system that can be used to authenticate the user to the system. PINs are most often used for automated teller machines (ATMs), but are increasingly used at the point of sale for debit cards and credit cards. Throughout Europe and Canada the traditional in-store credit card signing process has increasingly been replaced with a system where the customer is asked to enter their PIN instead of signing. In the UK and Ireland, this system is called chip and PIN, since PINs were introduced at the same time as EMV chips on the cards. In other parts of the world, PINs have been used before the introduction of EMV chips. Apart from financial uses, GSM mobile phones usually allow the user to enter a PIN of between 4 and 8 digits. The PIN is recorded in the SIM card.
PISP (Payment Initiation Service Provider)
A service provider under PSD2 that initiates payments on behalf of customers, directly from their bank account. PISP services allow users to make payments without needing to rely on card networks or other traditional payment mechanisms.
POS (Point of Sale)
A hardware payment device used to swipe debit and credit cards for payment. This device enables payments to be authorised through the acquiring bank.
PSD2 (Revised Payment Services Directive)
A European Union regulation designed to increase competition and innovation in the payments industry. PSD2 allows for secure and transparent online payments while opening the door for new players like fintechs to access customer data (with consent) to offer financial services.
R
Real-Time Payments
Payment systems that enable the immediate transfer of funds between bank accounts, providing instant confirmation to both payer and payee. Real-time payments are increasingly used for P2P, B2B, and consumer transactions.
RegTech (Regulatory Technology)
Technologies developed to help companies comply with regulatory requirements more efficiently and cost-effectively. RegTech solutions use automation, machine learning, and blockchain to manage compliance processes.
RTC (Real-time Clearing)
An online service that enables customers to move single credit payments to beneficiaries, such as account payments, in real time. In this context, real time means within 60 seconds, 24 hours a day, 7 days a week, 365 days a year. The system is integrated with the Central Bank settlement service, supports multiple settlement windows and includes the ability to force settlement when a participating bank’s daily exposure limit is reached. Access to a web-based transaction look-up facility, management information and intra-day exposure (IDE) values are part of the offering.
RTGS (Real-time Gross Settlement)
A high-value payment system where transactions are processed individually and immediately, rather than in batches. RTGS systems are used for large-value, time-sensitive payments such as interbank transfers and settlements.
S
SaaS (Software as a Service)
A cloud computing model where software is provided as a service over the internet. Customers can access applications via a web browser without the need for installations or managing infrastructure. Examples include CRM systems, collaboration tools, and payment gateways.
Sandbox
A testing environment used by fintech companies and regulators to experiment with new technologies and financial services in a controlled setting without risking the financial system’s security or stability.
SCF (Supply Chain Finance)
A set of financial tools that help optimize cash flow for businesses in a supply chain. SCF allows suppliers to receive payments early at a discount while buyers can extend their payment terms, improving working capital for both parties.
Stablecoin
A type of cryptocurrency that is pegged to a stable asset, like fiat currency (USD, EUR) or commodities (gold), to reduce volatility. Stablecoins are widely used in trading, payments, and as a store of value.
T
Third-party Processor (TPP)
Any company that stores, processes, or transmits cardholder data on behalf of another entity. A third-party processor may be mandated to act as a front-end processor on behalf of an acquiring bank, or it may be contracted by a bank or payment service provider to conduct some part of the transaction processing process. In internet credit card processing, the Secure Payment Gateway Provider is another type of third-party processor.
Transaction
Any event that causes a change in an organisation’s financial position or net worth, resulting from normal activity. Examples include advance of funds, purchase of goods at a retailer, or when a borrower activates a revolving line of credit, as well as any activities affecting a deposit account that are carried out at the request of the account owner. One example of a transaction is the process that takes place when a cardholder makes a purchase with a credit card.
Transaction Data
Transaction data includes data related to electronic payment card transactions, token transactions or EFT transactions.
W
White Label Solution
A product or service created by one company but rebranded and sold by another company as its own. In fintech, white-label solutions are common for digital wallets, payment gateways, and banking software.