DS/ 3D Secure

3DS is an XML-based protocol designed to be an additional security layer for online credit and debit card transactions. It was labelled as Verified by VISA, MasterCard SecureCode, American Express SafeKey, J/Secure by the major ICOs.

Acquirer (Bank)

The acquiring bank sends a card transaction to the Issuer bank so that the Issuer bank Accept or Reject the transaction. The communication between the Acquirer bank and the Issuer bank is established via the International Card Organisations.

AML

Anti-Money Laundering laundering refers to a set of Laws, Regulations and Guidance designed to prevent the process by which the proceeds of crime are converted into assets which appear to have a legitimate origin, so that they can be retained permanently, or recycled to fund further crime.

Authorisation Code

Authorisation Code The unique 6-digits code that the Issuer Bank generates when the card transaction is approved. In case the transaction is declined the Issuer Bank does not provide an authorisation code.

AVS

Address Verification Service:  In the UK cardholders are asked to enter their address when they purchase goods or services so that it is verified by the Issuer during transaction authorisation. It is similar to the CVV/CVC code verification.

BIN

Bank Identification Number The first 6 digits of the credit/debit card number. The number lets the Card Organisation (e.g. VISA, MasterCard) identify the Issuer of the card and route the transaction.

CAS

Central Acquiring Service A service currently provided by Access PaySuite solely in the public sector for schools and housing associations. Provides basic functionality for the billing and remittance of merchants using the service.

CIT

A Cardholder Initiated Transaction (CIT) is where the cardholder actively selects the card to use, and completes the transaction using previously stored details. Cardholder Initiated Transactions are limited to sale, pre-authorisation, and account verifications.

CNP Transaction

Card Not Present Transaction A card transaction where the card was not physically shown to the merchant e.g. purchase on the internet.

CSC

Card Security Code The 3 digits on the back of the card.

CVC

Card Verification Code Abbreviation used by MasterCard to refer to the 3 digits on the back of the card.

CVV

Card Verification Value Abbreviation used by VISA to refer to the 3 digits on the back of the card. In a transaction the code check may have the following statuses: MATCHED, NOT_MATCHED,  or NOT_CHECKED.

DEK

Data Encryption Key A cryptographic key used to encrypt data

DKIM

DomainKeys Identified Mail Similar to SPF, DKIM is a standard that prevents scammers from impersonating the original sender of an email.

DoB

Date of Birth

EC

eCommerce Transaction Category

EPS

The Evolve Payment Service Provides access to payment processing for a number of different payment methods which could be provided by a number of different providers.

FCA

The Financial Conduct Authority is the conduct regulator for 59,000 financial services firms and financial markets in the UK and the prudential supervisor for 49,000 firms, setting specific standards for 19,000 firms. Access PaySuite is an Authorised Payment Institution. Access PaySuite has been given permission to provide payment services

FIM

File Integrity Monitoring The act of monitoring and auditing the changes made to files within a system for the purposes of allowing detection of unintended or malicious activity within a system

ISO

Independent Sales Organisation An organisation that, rather than developing its own solutions, sells solutions provided by another organisation.

ICO

International Card Organisations e.g. VISA, MasterCard and Diners. Both the Acquirer and Issuer banks have to be members of the International Card Organisations so that they can issue or acquire cards.

Issuer (Bank)

The Issuer Bank is the financial institution that issues cards to consumers on behalf of the card networks (e.g. Visa and MasterCard).

JML

Joiners, Movers & Leavers A commonly used name for the processes which must be invoked when an employee of an organisation joins, moves roles or leaves.

KEK

Key Encryption Key A cryptographic key used to encrypt other keys

KYC

Know Your Customer The process of a business verifying the identity of its clients and assessing potential risks of illegal intentions for the business relationship.

LA

Local Authority

MCC

Merchant Category Code Each merchant is categorised by a code that shows its industry e.g. Hotels.

MFA

Multi Factor Authentication An authentication process which uses two different means to authenticate the identity of a principle in a specific authentication context.

MOTO

Mail Order / Telephone Order Transaction Category A card not present transaction is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant's visual examination at the time that an order is given and payment effected. It is most commonly used for payments made over Internet, but also mail-order transactions by mail or fax, or over the telephone.

PaaS

Platform as a Service A term used to describe the provision by cloud services providers of a technology as a service - i.e. a database system or an identify management system.

PCI DSS

Payment Card Industry Data Security Standard An information security standard for organisations that handle branded credit cards from the International Card Organisations.

PEP

Politically Exposed Person (PEP) Politically exposed persons (PEP) are individuals whose prominent position in public life may make them vulnerable to corruption. The definition extends to immediate family members and known close associates. “PEP” means an individual who is entrusted with prominent public functions, other than as a middle-ranking or more junior official; “family member” of a politically exposed person includes— a spouse or civil partner of the PEP; children of the PEP and the spouses or civil partners of the PEP’s children; parents of the PEP; “known close associate” of a PEP means— an individual known to have joint beneficial ownership of a legal entity or a legal arrangement or any other close business relations with a PEP or an individual who has sole beneficial ownership of a legal entity or a legal arrangement which is known to have been set up for the benefit of a PEP.

PF

Payment Facilitator An organisation which has been recognised and licensed by the FCA to process payments for merchants and collect the funds due for those transactions for distribution to the merchants.

POS

Point of Sale Terminal

QA

Quality Assurance The activities involved in enforcing and advancing the continuous improvement in the quality of a business output.

SCA

Strong Customer Authentication ) is a form of two-factor authentication, whereby extra steps are put in place for online card transactions to reduce card-not-present fraud.

SBS

Secure Bureau Service An alternative payment gateway used by Access PaySuite for primarily public sector customers with support for customer present chip and pin transactions.

SCP

Secure Card Portal is where we process card payments from merchants to ISVs

SIMS Pay

A marketplace for schools purchase management. The marketplace connects the schools with the services and good providers. The system is previously known as Agora. It is used in England.

UAT

User Acceptance Testing Testing performed by the intended users of the system.