See how we’ve helped a range of different businesses achieve their goals
more
What you need to do to ensure your cardholder data is secure
more
Require additional information or interested in accepting card payments? Don't hesitate, call our sales team.
see more
| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |
Acquirer – A financial institution that provides facilities for businesses to accept payments by cards and receive these funds. Also known as 'card acquirer'.
Address Verification Service (AVS) – Fraud-prevention service that verifies a customer address against a card.
Approved Scan Vendor (ASV) – A provider approved by the PCI Security Standard Council to carry out a Vulnerability Scan of your systems. Should be contacted as part of the PCI DSS compliance process if external vulnerability scans are required.
A list is available from https://www.pcisecuritystandards.org/.
Find out more in Payment and Information Security.
Authorisation – A process whereby a transaction for a specified amount is approved or declined by a card issuer or an acquirer on behalf of a card issuer.
This approval confirms that the card number is valid, that the card has not been reported lost or stolen and that funds were available in the account at the time of the transaction. It does not confirm the authenticity of the card presenter or the card, or guarantee settlement of the transaction.
The authorisation request may be generated by a merchant terminal and processed electronically or may include voice contact between the merchant and the acquirer. Find out more about Authorisation.
Authorisation Call – A telephone call made from a point of sale to obtain authorisation for a transaction.
Authorisation Code – A code (which must not be all zeros) generated by a card issuer or by an acquirer on behalf of a card issuer when an authorisation request is approved. Find out more about Authorisation.
Banking Summary Vouchers – Only needed if you are using paper vouchers. Find out more in If Your Terminal Fails.
Batch – A collection of transactions held at a single terminal or outlet. A batch may contain any number of shifts' or days' data.
Batch Totals – Find out about these in Reconciling Your Invoice.
Card Acquirer – A financial institution that provides facilities for businesses to accept payments by cards and receive these funds. Also known as 'acquirer'.
Card Issuer – The organisation that issues a payment card to the cardholder.
Card Not Present Transactions – Card payments processed when the card and cardholder are not present with a merchant during a transaction.
Card Number – The long number across the front of a card.
Card Present Transactions – Card payments processed when the card and cardholder are present with a merchant during a transaction.
Card Processing Facility – The Contract between Streamline and a merchant.
Card Schemes – Visa, MasterCard, American Express, Diners Club, JCB (Japan Credit Bureau)
These independent organisations have set up systems for issuing and accepting card payments worldwide, some using local financial institutions as agents.
Card Security Code (CSC) – This is a three-digit code at the end of the signature strip or in a separate white box next to the signature strip on a card. American Express cards have a four-digit CSC on the front of the card. Never record the CSC – it must only be used for one transaction.
Card Testing – When a fraudster places an order over the phone or online to check if the card details they have will be authorised. Find out more in Reducing Fraud.
Card Verification Value (CVV2) code – Find out more in Reducing Fraud.
Cardholder – The customer to whom a card is issued, or an individual authorised to use the card.
Cardholder Authentication – Streamline Cardholder Authentication is a security tool designed to help you authenticate cardholder details in the online eCommerce environment. It brings together MasterCard SecureCode (SecureCode) and Verified by Visa (VbV) and is also referred to as '3D Secure'.
Cardholder Data – The data obtained as part of a paying transaction, including:
Chargeback – The term used where a card issuer can charge part or all of the value of a transaction back to a merchant via their acquirer, for example, when a transaction is disputed because it is proven to be fraudulent or because the merchant has not followed the correct procedures. Find out more in Chargebacks.
Charges – Find out about different types of charges in Reconciling Your Invoice.
Chip and PIN – Chip and PIN is a programme aimed at reducing fraud for those transactions where the cardholder and card are present at the time of the transaction.
The chip (silver or gold coloured square on the front left side of the card) is embedded into a card to provide highly secure memory and processing capabilities. In addition to holding the same personal data as the magnetic stripe, the chip provides additional security features to safeguard against counterfeiting.
The PIN is a four-digit number that the cardholder enters into the PIN pad instead of signing a card receipt. From January 2005, liability for counterfeit card transactions and lost and stolen card fraud passed to the party in any transaction who is not chip and PIN compliant. Where all parties are compliant, counterfeit transactions are reduced significantly and there will be no recourse by the cardholder saying they did not authorise the transaction.
Chip and PIN is the standard way for customers to pay with a card during card present transactions. The process involves the customer inserting their card and entering their four-digit PIN into your electronic terminal. Find out more in Reducing Fraud.
'Code 10' Call – A call you make to the Authorisation Centre if you are suspicious about a card or cardholder during a card present transaction. Find out more about Authorisation.
Compromise – Intrusion into computer systems where unauthorised disclosure, modification or destruction of cardholder data is suspected.
Contract – Your formal agreement with Streamline.
Credit Card – A payment card linked to an account which may be settled in full by a set date or repaid over a period of time, subject to minimum monthly repayments being made. Interest will normally be charged on any outstanding balance. Examples of credit cards include MasterCard and Visa.
Data Controller - The ICO website defines this role as:
Debit card – A card that enables a customer to transfer money from a current account or other similar account to make a payment. Examples of debit cards include UK-issued Maestro, non-UK-issued Maestro, Debit MasterCard and Visa Debit.
Default Passwords – Passwords set by manufacturer. These are freely available, so all passwords should be reset and changed often to prevent compromise.
eCommerce Transaction – A sale made over the Internet. You need a special agreement with us to handle these transactions.
Encryption – A way of converting information into an unintelligible format that allows storage or transmission without compromise.
Express Checkout – A service available to hotel businesses. Find out more in Hotel Services.
Firewall – Hardware, software, or both that protects data on one network or computer from intruders from other networks. Typically, an enterprise with an intranet that permits workers access to the wider Internet must have a firewall to prevent outsiders from accessing internal private data resources.
Floor Limit – An amount agreed between an acquirer and a merchant for a single transaction over which authorisation and approval must be obtained by the merchant before seeking payment, subject to compliance with certain conditions. Floor limits above zero are only available for face-to-face chip card transactions.
Any transactions over the agreed floor limit will require authorisation to be obtained.
Forensic Investigation – Investigation carried out under scientific procedures, with or without police involvement. This can involve removal of computer equipment and data storage from your premises.
Fraud Screening – Aimed at Mail Order Telephone Order (MOTO) and eCommerce merchants, this is an additional service and forms part of the transactions authorisation flow process, prior to authorisation, to reduce fraud and prevent chargebacks.
Guaranteed Reservation – A service available to hotel businesses. Find out more in Hotel Services.
Magnetic Stripe Data ('Track Data') – Data encoded in the magnetic stripe used for authorisation during transactions when the card is presented. For chip and PIN transactions, the terminal uses equivalent data to authorise – this data should not be retained by the merchant. (See also 'Track Data'.)
Mail Order Telephone Order (MOTO) – Where a merchant takes an order and card details over the telephone or by post. Find out more in Mail Order Telephone Order Transactions.
Management Information (MI) – Reports and analysis for monitoring your transaction processing and charges. Find out more in Reconciling Your Invoice.
Merchant – A business that accepts cards and provides goods and/or services and possibly other facilities to cardholders.
Merchant Number – The unique number you are given when you sign a contract with us which identifies your business on our systems. This is also known as the Merchant Identification Number (MID) or Merchant ID.
Merchant Operating Instructions – The instructions in this guide.
Monthly Invoicing Transaction Detail Report – Find out more in Reconciling Your Invoice.
Network – A network exists if two or more computers are connected.
Paper Vouchers – For manual payment processing. Only to be used in emergencies - please see If Your Terminal Fails.
Password – A mixture of characters that can be used to authenticate a user, allowing them access to a system, computer or network.
Payment Card – A generic term for any plastic card – credit, debit, charge and so on – which may be used on its own to pay for goods and services, or to withdraw cash.
Payment Card Industry Data Security Standard (PCI DSS) – A compliance requirement that aims to ensure that cardholder information is always stored, processed and transmitted securely.
Payment Card Industry Security Standards Council (PCI SSC) An organisation founded by five global payment brands -American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
Payment Gateway – This is your 'virtual cash till’ for eCommerce transactions.
Payment Service Provider (PSP) – For eCommerce transactions, these organisations (which include banks and specialist software companies) offer merchants online services for accepting electronic payments by a variety of payment methods including cards.
Personal Identification Number (PIN) – A set of digits – usually four – used to authenticate chip card transactions at the point of sale, or cash withdrawals and instructions initiated by a payment card through a customer-activated terminal, such as an ATM.
PIN Block – When a cardholder enters their PIN, the information is first encoded into a plain-text ‘PIN block’, derived from the PIN length, the PIN digits and a portion of the primary account number (PAN). The plain text ‘PIN block’ is then encrypted using a standard algorithm. This is used to verify the card.
Primary Account Number (PAN) – The cardholder number of up to 19 digits, which is encoded on the card’s magnetic stripe and usually, although not always, embossed on the front of the card.
Prioritised Approach – Now a mandatory risk-based process that should be followed by all PCI Level 1-3 merchants. The Prioritised Approach provides guidance on how to focus PCI DSS compliance work in a way that ensures prioritising the highest security risks.
Purchase With CashBack (PWCB) – An optional transaction type where a merchant may, with the approval of its acquirer, allow a cardholder to draw cash up to a limit agreed with the acquirer as part of a standard sale transaction. This is also known as 'cash back'. Find out more about Purchase with CashBack.
Qualified Security Assessor (QSA) – These organisations are trained on PCI DSS by the PCI Security Standards Council and can confirm a merchant’s compliance status or simply offer support in reaching compliance.
QSA – Qualified Security Assessor – The PCI Security Standards Council maintains a list of all persons qualified to assess your systems and processes.
For a list, see https://www.pcisecuritystandards.org/.
Reconciliation – The method by which a merchant compares the business undertaken at their terminal with that recorded by the acquirer and credited to their bank account.
Recurring Transactions – A convenient way for you to collect regular payments, such as subscriptions or instalments, from customers’ cards.
Referral – When your terminal prompts you to make a manual authorisation call.
Request for Information (RFI) – A request by either the card issuer or the cardholder wishing to obtain further information about a particular transaction.
Secondary Identification (ID) – Additional identification that the cardholder may need to produce to prove their identity. This is usually a current government document with a photograph and address. Find out more in Reducing Fraud.
SecureCode (or MasterCard SecureCode) – A method introduced by MasterCard and the banks to provide an additional, secure cardholder verification process prior to an eCommerce transaction proceeding over the Internet.
Self Assessment Questionnaire (SAQ) – Part of the Payment Card Industry Data Security Standard (PCI DSS) compliance process. Validation tool intended to assist merchants and service providers in self-evaluating their compliance with the PCI DSS. You can download the appropriate version from the SSC website.
Sensitive Authentication Data (SAD) – This is defined as full magnetic stripe data, CAV2/CVC2/CVV2/CID and PINs/PIN blocks – this data should not be retained by the merchant.
Service Code – Messages contained within a card’s magnetic stripe or chip that tells a terminal which process to follow for a transaction.
Service Provider – Business entity that is not a payment card brand member or a merchant directly involved in the processing, storage, transmission and switching of transaction data, cardholder data or both.
Settlement – A transfer of funds to complete one or more transactions. Find out more in Reconciling Your Invoice.
Split Sale/Transaction – When the customer pays part in cash and part by card. Never allow a customer to split the cost between two cards or two amounts on the same card in order to avoid authorisation for the full amount. You can split transactions between a card payment and cash but, if the total amount exceeds the floor limit, you will need to telephone for authorisation. This is the case even if the card payment amount is under the agreed floor limit.
Terminal Receipt – The paper receipt that is printed out when a transaction is completed.
Terminal User Guide – The instructions that came with your terminal. It is important to read these carefully together with these Merchant Operating Instructions.
Top-up Authorisation – You will need top-up authorisation on pre-authorised transactions where the amount of the final transaction is more than 15% higher than the original pre-authorised amount.
'Track Data' – Information about the card and cardholder that is kept in the card's magnetic stripe or chip. (See also 'Magnetic Stripe Data'.)
Transaction – A card payment in exchange for goods or services.
Transaction Amount – The full amount the customer pays for the goods or services, including any VAT.
Transaction Data – Information that identifies the purchases a cardholder makes with their card.
Verified by Visa (VbV) – A method introduced by Visa and the banks to provide an additional, secure cardholder verification process prior to an eCommerce transaction proceeding.
Vulnerability Scan – Externally-facing scans of your Internet-facing IP addresses that check for unknown vulnerabilities in your network.
Written Authority Form – The form your customer needs to complete to authorise you to take recurring transactions from their card. Find out more in Recurring Transactions.
