Payments &
Ecommerce Glossary

An authentication protocol that adds a verification step during online card payments to confirm the cardholder's identity. 3D Secure reduces fraud, shifts liability to the issuing bank, and is required for PSD2 compliance in Europe.

3D Secure 2.0 (3DS2) is an EMVCo authentication protocol that verifies cardholders during online transactions using risk-based analysis and 100+ data points, enabling frictionless checkout while satisfying Strong Customer Authentication requirements.

A/B testing is a controlled experiment that splits live traffic between two versions — a control (A) and a variant (B) — to determine which drives better outcomes. It replaces guesswork with empirical data, letting real user behavior decide what to ship.

Abandoned cart recovery is the process of re-engaging shoppers who added items to their cart but left without completing their purchase. Merchants use automated emails, SMS messages, and retargeting ads to bring these shoppers back to checkout.

Acceptance marks are logos or symbols displayed by merchants to indicate which payment methods, card networks, or digital wallets they accept. They set customer expectations at checkout and are often required by card network rules.

An Access Control Server (ACS) is a system operated by card issuers that authenticates cardholders during 3D Secure transactions. It performs real-time risk assessment, determines whether to approve silently or issue a challenge, then returns an ECI code and cryptographic authentication value to the merchant.

Account takeover (ATO) is a form of fraud where cybercriminals gain unauthorized access to a legitimate user's account using stolen or guessed credentials, then exploit it for financial gain, data theft, or further attacks.

Account-to-account (A2A) payments move funds directly between two bank accounts, bypassing card networks entirely. They combine lower costs, faster settlement, and reduced fraud exposure compared to card-based transactions.

ACH (Automated Clearing House) is a US electronic network that processes batch credit and debit transfers between bank accounts. It underpins payroll, bill payments, and B2B transfers, settling funds in 1–3 business days.

An ACH Credit is a push payment initiated by the payer to deposit funds directly into a recipient's bank account via the ACH network. It is widely used for payroll direct deposits, vendor payments, tax refunds, and government benefit disbursements.

An ACH Debit is a pull payment that moves funds from a payer's bank account to a payee's account through the Automated Clearing House network. Initiated by the receiving party with prior authorization, it underpins recurring billing, subscription payments, and B2B transactions across the US.

An ACH payment is an electronic funds transfer processed through the Automated Clearing House network, the US interbank system operated by Nacha. ACH batches bank-to-bank transactions to move money between accounts for payroll, bill pay, and B2B transfers, typically settling in 1–3 business days.

An ACH Return is a rejected ACH transaction sent back through the ACH network by the receiving bank, accompanied by a standardized NACHA return code explaining the rejection reason. Returns occur when funds are unavailable, account details are incorrect, or authorization is missing.

An acquirer (acquiring bank) is the financial institution that processes card payments on behalf of a merchant, settling funds from the card networks into the merchant's account. It holds the merchant account and bears the financial risk of chargebacks and fraud.

Acquirer processing is the set of operations an acquiring bank or its processor performs to route, validate, and settle card transactions on behalf of a merchant, encompassing authorization, clearing, and settlement through card networks.

An Acquirer Reference Number (ARN) is a unique 23-digit identifier assigned by an acquiring bank to every settled card transaction. It travels through the card network, enabling merchants, acquirers, and issuers to trace payments and resolve disputes.

A fraud prevention tool that verifies whether the billing address provided by a cardholder matches the address on file with the card-issuing bank. Widely used in card-not-present transactions to reduce fraud risk.

An adjustment is a post-authorization correction applied to a merchant's settlement account to reconcile discrepancies in transaction amounts, fees, or disputed payments. Adjustments may be credits or debits issued by a payment processor or acquirer.

Adverse media screening searches news sources, regulatory databases, and public records for negative information about customers or business partners. It surfaces financial crime risks — fraud, money laundering, corruption — before or during a business relationship.

Affiliate marketing is a performance-based channel where merchants pay third-party publishers a commission only when a verified action—typically a sale—occurs. Cost shifts from fixed ad spend to variable, pay-for-results payouts tied directly to revenue.

An aggregator merchant is an entity that pools multiple smaller merchants under a single master merchant account, enabling them to accept card payments without individual merchant accounts. The aggregator assumes liability for its sub-merchants' transactions.

Alipay is a Chinese digital wallet and online payment platform operated by Ant Group. It enables consumers to pay via QR code, app, or web checkout, and is one of the world's largest payment networks by transaction volume.

Alternative payment methods (APMs) are any payment options beyond traditional card networks—including digital wallets, bank transfers, buy now pay later schemes, and local payment instruments. APMs help merchants reach customers who prefer or rely on non-card options.

Annual Recurring Revenue (ARR) is the total value of recurring subscription revenue a business expects to collect over a 12-month period. It excludes one-time fees and variable usage charges, giving a predictable baseline for forecasting.

Anti-money laundering refers to the laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. AML frameworks require financial institutions and payment businesses to detect, report, and block suspicious financial activity.

A series of EU legislative directives requiring financial institutions and payment providers to implement controls against money laundering and terrorist financing, including KYC procedures, transaction monitoring, and suspicious activity reporting.

An API (Application Programming Interface) is a set of rules that enables software systems to communicate. In payments, APIs let merchants connect their platform to processors, gateways, and financial services to accept and manage transactions programmatically.

Apple Pay is a mobile payment and digital wallet service by Apple that lets users pay contactlessly using iPhone, Apple Watch, iPad, or Mac. It tokenizes card data so the real card number is never transmitted to merchants, reducing fraud risk.

Application fraud occurs when criminals use stolen, fabricated, or synthetic identities to fraudulently obtain financial products such as credit cards, loans, or merchant accounts. The fraud begins at the onboarding stage, before the account ever becomes active.

Approval rate is the percentage of payment transactions successfully authorized by issuing banks out of all attempted transactions. It is a core KPI for any business accepting card payments, directly tied to revenue capture and customer experience.

Arbitration is the final stage of the chargeback dispute process, where a card network such as Visa or Mastercard reviews the case and issues a binding ruling after both issuer and acquirer fail to resolve it bilaterally.

An assessment fee is a charge levied by card networks (Visa, Mastercard, Amex, Discover) on every transaction processed over their rails. It is calculated as a small percentage of the transaction volume and is non-negotiable.

Attribution is the process of assigning credit to the marketing touchpoints that influenced a conversion. It tells merchants which channels, ads, and interactions drive revenue — and where to allocate budget for maximum return.

Authentication is the process of verifying that a user, device, or system is who it claims to be. In payments, it confirms cardholder identity before granting access or authorizing a transaction, forming the first line of defense against fraud.

The real-time process where a card network and issuing bank approve or decline a payment transaction. Authorization verifies the card is valid, the account has sufficient funds, and the transaction passes fraud checks.

An authorization hold is a temporary reservation of funds on a cardholder's account, placed by the issuing bank at a merchant's request. Funds remain unavailable to the cardholder until the merchant submits a capture or the hold expires.

Authorization rate is the percentage of payment transactions successfully approved by the issuing bank out of all attempted transactions. A higher rate means more completed sales and less revenue lost to unnecessary declines.

Authorized Push Payment fraud occurs when a criminal manipulates a victim into willingly transferring funds to a fraudster-controlled account. Because the victim authorizes the payment, standard protections like chargebacks rarely apply, making recovery difficult.

Average Order Value (AOV) is the mean amount spent by a customer per transaction. It is calculated by dividing total revenue by the number of orders over a given period.

Average Revenue Per User (ARPU) measures total revenue divided by active users over a set period. It quantifies monetization efficiency, guides pricing decisions, and benchmarks performance across product tiers and competitors.

BACS (Bankers' Automated Clearing Services) is a UK payment scheme that processes electronic transfers between bank accounts, including Direct Debits and Direct Credits, with a standard three-day settlement cycle.

Bank account verification confirms that a bank account exists, is active, and is owned by the person claiming it before initiating ACH payments, payouts, or direct deposits.

A Bank Identification Number (BIN) is the first 6–8 digits of a payment card number that identify the issuing institution, card network, card type, and country of origin. It enables merchants and processors to route transactions correctly and perform real-time risk checks before authorization.

A bank payout is the transfer of funds from a payment platform or marketplace to a recipient's bank account. It is the final step in the payment cycle, converting settled transaction revenue into accessible funds for merchants, sellers, or service providers.

The Bank Secrecy Act (BSA) is a U.S. federal law requiring financial institutions to assist government agencies in detecting and preventing money laundering, tax evasion, and other financial crimes through recordkeeping and reporting obligations.

Banking as a Service (BaaS) is a model in which licensed banks expose their core infrastructure—accounts, payments, lending, and compliance—via APIs, enabling non-bank companies to embed regulated financial products into their own platforms.

A basis point equals one-hundredth of one percent (0.01%). In payments, fees and rate changes are quoted in basis points to eliminate ambiguity between percentage and absolute values.

A batch fee is a fixed charge assessed by payment processors each time a merchant closes and submits a batch of transactions for settlement. Typically $0.10–$0.30 per event, it covers the cost of grouping and transmitting payment data to the acquiring bank.

Batch processing is the practice of grouping multiple payment transactions together and submitting them for authorization, clearing, or settlement in a single bulk operation rather than one at a time.

Behavioral analytics examines how users interact with digital touchpoints — mouse movements, typing speed, navigation patterns — to detect anomalies that signal fraud. Unlike static rules, it builds dynamic risk profiles that adapt continuously to evolving attacker tactics.

Beneficial ownership identifies the natural persons who ultimately own or control a legal entity, even when obscured by corporate layers or nominees. Regulators require payment platforms and financial institutions to collect and verify this information during onboarding.

A BIC (Bank Identifier Code) is an 8- or 11-character alphanumeric code that uniquely identifies a financial institution in international transactions. Standardized by ISO 9362, it directs funds to the correct bank during cross-border wire transfers.

A billing descriptor is the text that appears on a customer's bank or credit card statement identifying a charge. It typically includes the merchant name, a short description, and sometimes a phone number or URL.

A BIN attack is a fraud technique where criminals systematically test large numbers of card number combinations based on a known Bank Identification Number to find valid, active card credentials they can exploit for unauthorized purchases.

Biometric authentication verifies a user's identity using unique physical or behavioral traits — such as fingerprints, facial geometry, or voice patterns. It replaces or supplements passwords to reduce fraud and streamline checkout.

Biometric payment authenticates a transaction using a person's unique physical traits—fingerprint, face scan, or iris—instead of a PIN or password, enabling faster, more secure checkout with near-zero fraud exposure from stolen credentials.

Bitcoin is a decentralized digital currency that operates on a peer-to-peer network without a central authority, using cryptographic proof to secure transactions recorded on a public blockchain.

A blended rate is a single, averaged percentage that a payment processor charges merchants for all card transactions, regardless of card type, network, or interchange category. It combines interchange fees, assessments, and processor margins into one flat figure.

A blockchain is a distributed, tamper-resistant ledger that records transactions in cryptographically linked blocks across a decentralized network. No single party controls the data, making it highly secure and transparent.

Brand building is the process of creating a distinct identity, reputation, and emotional connection between a business and its customers. It encompasses visual identity, messaging, and consistent experiences designed to drive long-term loyalty and competitive differentiation.

Business Email Compromise (BEC) is a targeted fraud scheme where attackers impersonate executives, vendors, or trusted contacts via email to trick employees into transferring funds or sensitive data. BEC attacks exploit trust rather than technical vulnerabilities, making them among the costliest cyber-enabled financial crimes.

Buy Now Pay Later (BNPL) is a short-term financing option that lets consumers split a purchase into installments—often interest-free—paid over weeks or months, with approval decided at checkout in seconds.

Capture is the step that transfers reserved funds from a cardholder's account to the merchant's account after authorization. It finalizes the payment and triggers settlement.

Capture rate is the percentage of authorized transactions that are subsequently captured and settled. It measures how reliably a merchant collects revenue that has already been approved by the issuing bank.

Card Account Updater is a card network service that automatically refreshes stored card credentials—account numbers and expiry dates—when cards are replaced or reissued, keeping recurring payments and subscriptions active without customer intervention.

Card acquiring is the process by which a financial institution enables merchants to accept and process card payments. The acquiring bank routes authorization requests through card networks and settles transaction funds into the merchant's account.

Card issuing is the process by which a licensed financial institution or program manager creates, distributes, and manages payment cards for cardholders. The issuer controls credit limits, fraud monitoring, and settlement with card networks.

A card network is the payment infrastructure connecting issuing banks, acquiring banks, and merchants to authorize and settle card transactions. Networks like Visa, Mastercard, and UnionPay set the technical standards, rules, and fee structures that govern every swipe, tap, or click.

Card on File (CoF) is a payment method where a merchant securely stores a customer's card details—or a token representing them—to enable future transactions without re-entry. It powers subscriptions, one-click checkout, and merchant-initiated charges.

Card skimming is a form of payment fraud where criminals use a hidden device to illegally capture card data from the magnetic stripe during a legitimate transaction, enabling them to clone the card or make unauthorized purchases.

Card testing is a fraud technique where criminals make small or micro-transactions on a merchant's checkout to verify whether stolen card details are valid before using them for larger purchases.

A Card-Not-Present (CNP) transaction occurs when a payment is processed without the physical card being present at the point of sale—typically in ecommerce, phone, or mail-order purchases. Because the merchant cannot verify the card physically, CNP transactions carry higher fraud risk and different liability rules than in-person payments.

A card-present transaction occurs when the physical payment card is used at the point of sale, allowing the terminal to read card data directly via magnetic stripe, EMV chip, or NFC tap.

A security mechanism used during a payment transaction to confirm the person presenting a card is its legitimate holder, using methods such as PIN entry, signature, or biometrics.

Cart abandonment occurs when a shopper adds items to an online shopping cart but leaves without completing the purchase. It is one of the most widespread conversion problems in ecommerce, with an industry-average abandonment rate of 70.19% according to Baymard Institute.

Cascading payments is a retry strategy that automatically routes a failed transaction to an alternative payment processor or acquirer in real time, maximizing approval rates without requiring customer action.

A cash advance is a short-term liquidity product that provides immediate access to funds against a credit line or future card receivables. Repayment carries higher fees or a fixed factor rate rather than a conventional interest rate.

CAVV (Cardholder Authentication Verification Value) is a cryptographic code generated by an issuer's Access Control Server during 3D Secure authentication, proving to card networks and issuers that a cardholder was genuinely verified for a specific transaction.

A Central Bank Digital Currency (CBDC) is a sovereign-issued digital form of a national currency, fully controlled and backed by the central bank. It carries no credit or liquidity risk and constitutes legal tender by law.

CESOP (Central Electronic System of Payment information) is an EU-mandated database requiring payment service providers to report cross-border transaction data quarterly to national tax authorities, enabling coordinated VAT fraud detection across member states.

A charge card is a payment card that requires the cardholder to pay the full outstanding balance each billing cycle, with no option to carry revolving debt and no preset spending limit enforced against a fixed credit line.

A forced reversal of a payment transaction initiated by the cardholder's bank. Chargebacks can result from fraud, customer disputes, or processing errors. High chargeback rates (above 1%) can lead to account termination and placement on the MATCH list.

A chargeback fee is a penalty charged by an acquiring bank to a merchant each time a customer successfully disputes a transaction. It is separate from the disputed transaction amount itself and typically ranges from $15 to $100 per incident.

Chargeback Monitoring Programs are card network initiatives—run by Visa and Mastercard—that track merchants whose chargeback rates exceed defined thresholds, imposing fines and requiring remediation plans to avoid termination.

Chargeback rate is the ratio of chargebacks received to total transactions processed in a given month, expressed as a percentage. Card networks use it to identify merchants posing financial risk to the payment ecosystem.

A chargeback reason code is a numeric or alphanumeric code assigned by a card network to classify the specific justification a cardholder or issuing bank provides when disputing a transaction. Each code maps to defined rules, evidence requirements, and response deadlines.

Chargeback representment is the process by which a merchant disputes a chargeback by resubmitting the transaction to the issuing bank with compelling evidence proving the charge was legitimate.

A chargeback reversal occurs when a card network or issuing bank overturns a previously filed chargeback, restoring the disputed funds to the merchant. It is achieved through representment, compelling evidence submission, or arbitration.

A chargeback threshold is the maximum ratio of chargebacks to total transactions a merchant may reach in a calendar month before card networks enroll them in a monitoring program, impose fines, or terminate processing privileges.

Chargeback win rate is the percentage of disputed transactions a merchant successfully overturns through representment. It measures how effectively a business recovers revenue lost to chargebacks by submitting compelling evidence to the issuing bank.

Checkout is the final stage of an online purchase where a customer reviews their order, enters payment and shipping details, and confirms the transaction. It is the critical conversion point between cart and completed sale.

Checkout optimization is the process of improving the payment and purchase completion flow to reduce friction, minimize cart abandonment, and increase the percentage of shoppers who successfully complete a transaction.

Chip and PIN is an EMV-based card payment method where a microchip embedded in the payment card generates a unique transaction cryptogram, confirmed by the cardholder entering a personal identification number at the terminal.

A chip card is a payment card embedded with an integrated circuit (EMV chip) that generates a unique transaction code for each purchase, making it significantly harder to counterfeit than magnetic-stripe cards.

CHIPS (Clearing House Interbank Payments System) is the largest private-sector USD clearing network in the US. Operated by The Clearing House, it settles approximately $1.8 trillion in large-value dollar transactions daily via multilateral netting and Fedwire final settlement.

Churn rate is the percentage of subscribers or customers who cancel or fail to renew their subscriptions within a given period. It is a critical metric for any recurring-revenue business, directly impacting growth, forecasting, and lifetime value.

Clearing is the process by which a card network reconciles and transmits transaction data between an acquiring bank and an issuing bank after authorization, determining the exact amounts owed before funds are moved.

A clearing house is a financial intermediary that validates, nets, and reconciles payment obligations between member institutions before final settlement occurs. By acting as a central counterparty or operator, it eliminates bilateral risk and sharply reduces the gross liquidity required to move funds across the financial system.

Click and collect is a retail fulfillment model where customers purchase products online and pick them up at a physical store or designated collection point. It removes shipping costs and wait times while driving incremental in-store purchases at pickup.

A closed loop payment system restricts card or account usage to a single merchant, brand, or network. The issuer and acceptor are the same entity, eliminating third-party card networks like Visa or Mastercard.

Combating the Financing of Terrorism (CFT) is the regulatory framework of laws, controls, and procedures designed to prevent terrorists from raising, moving, or accessing funds. It operates alongside AML as a core pillar of global financial compliance.

A commercial card is a payment card issued to a business entity for managing corporate spend—covering procurement, travel, and accounts payable. Unlike personal credit cards, commercial cards carry enhanced data fields, configurable spend controls, and access to lower interchange tiers when Level 2/3 data is submitted.

Compelling Evidence 3.0 (CE 3.0) is Visa's updated representment framework enabling merchants to counter Card Not Present fraud chargebacks by submitting two prior undisputed transactions with matching customer identifiers, shifting liability back to the issuer.

Compliance automation uses software to continuously monitor, enforce, and document regulatory requirements without manual intervention. It replaces repetitive tasks—such as AML screening, KYC checks, and audit logging—with rule-based or AI-driven workflows, reducing cost and human error.

Concentration risk is the financial and operational exposure that arises when a merchant or acquirer routes too much payment volume through a single processor, payment method, or market — creating a single point of failure that can halt revenue if that channel fails or exits.

Consumer protection encompasses the laws, regulations, and mechanisms that safeguard buyers from unfair practices, billing errors, and fraud in financial and commercial transactions.

Contactless payment is a method of completing transactions by tapping a card, phone, or wearable near a reader instead of inserting or swiping. It uses short-range wireless technology—typically NFC—to transmit payment data securely in under a second.

A Content Management System (CMS) is software that allows users to create, manage, and publish digital content without writing code. In ecommerce, a CMS controls product pages, landing pages, and checkout flows from a central interface.

Conversion rate is the percentage of visitors who complete a desired action — such as making a purchase — out of the total number of visitors. It is a core metric for measuring the effectiveness of an ecommerce funnel.

Conversion Rate Optimization (CRO) is the systematic process of increasing the percentage of website visitors who complete a desired action — such as making a purchase, submitting a form, or completing checkout — through data-driven testing and UX improvements.

Core banking is the centralized software system that processes a bank's fundamental operations—deposits, withdrawals, loans, and payments—in real time across all branches and channels.

Cost Per Acquisition (CPA) measures the total spend required to acquire one paying customer through a specific marketing channel or campaign. Calculated as total spend divided by number of acquisitions, it is a core metric for evaluating marketing and funnel efficiency.

Cost Per Click (CPC) is the amount an advertiser pays each time a user clicks on their paid ad. Calculated as total ad spend divided by total clicks, CPC determines how efficiently a campaign converts budget into website traffic.

A counterfeit card is a fraudulent payment card created by copying legitimate cardholder data onto a blank card. Criminals use stolen magnetic stripe data to produce working fakes, enabling unauthorized transactions.

A credit card is a payment card that allows cardholders to borrow funds from an issuing bank to pay for purchases, up to a preset credit limit. The balance can be repaid in full or carried over with interest. Credit cards are accepted globally across millions of merchants online and in store.

Cross-border payments are financial transactions where the payer and recipient are located in different countries, requiring currency conversion, international routing, and compliance with multiple regulatory frameworks.

Cross-selling is a sales technique where merchants recommend complementary or related products to customers based on their current selection or purchase history. It increases basket size and revenue without requiring new customer acquisition.

A cryptocurrency is a digital currency secured by cryptography and recorded on a decentralized blockchain, enabling peer-to-peer transactions without reliance on banks or governments.

A mandatory filing U.S. financial institutions must submit to FinCEN for any cash transaction exceeding $10,000 in a single business day, serving as a core tool for detecting money laundering and other financial crimes.

Customer Acquisition Cost (CAC) is the total spend required to win one new paying customer, calculated by dividing total sales and marketing costs by the number of new customers acquired in a given period.

Customer Due Diligence (CDD) is the process of verifying a customer's identity, assessing their risk profile, and monitoring their transactions to prevent money laundering, fraud, and financial crime.

A Customer Identification Program (CIP) is a mandatory compliance framework requiring financial institutions and certain businesses to verify the identity of customers before opening accounts or processing transactions, as mandated by the USA PATRIOT Act.

The customer journey is the complete sequence of interactions a shopper has with a brand—from first awareness through purchase and post-sale retention. Mapping these touchpoints helps merchants reduce friction, improve conversions, and build lasting loyalty.

Customer Lifetime Value (CLV) is the total net revenue a business expects to earn from a customer over the entire duration of their relationship. It guides decisions on acquisition spend, retention investment, and pricing strategy.

Customer retention is a business's ability to keep existing customers making repeat purchases over time. High retention signals strong product-market fit and healthy unit economics; low retention accelerates revenue decay regardless of acquisition spend.

Customer satisfaction measures how well a product or service meets customer expectations. Tracked via CSAT scores, surveys, and reviews, it is a leading indicator of retention, loyalty, and long-term revenue growth.

A Customer-Initiated Transaction (CIT) is any payment where the cardholder is actively present and directly authorizes the transaction in real time. CITs require Strong Customer Authentication (SCA) under PSD2 and are subject to 3DS challenge flows when triggered.

CVV (Card Verification Value) is a 3- or 4-digit security code printed on payment cards. It proves the buyer has physical possession of the card during card-not-present transactions, reducing fraud without storing sensitive data.

A data breach is an incident where unauthorized individuals access, steal, or expose sensitive information — such as cardholder data, personal records, or credentials — without permission. In payments, breaches can trigger regulatory penalties, chargebacks, and loss of card acceptance rights.

Data privacy is the practice of controlling how personal information is collected, stored, shared, and used. For merchants, it governs customer payment and identity data under regulations like GDPR and CCPA, ensuring individuals retain rights over their own information.

A debit card is a payment card that draws funds directly from the cardholder's linked bank account at the moment of purchase. Unlike credit cards, no credit is extended — the transaction is declined if the account holds insufficient funds.

Decentralized Finance (DeFi) is a suite of financial services—lending, trading, and payments—built on public blockchains and governed by smart contracts, eliminating intermediaries and enabling permissionless access to capital markets globally.

A decline code is a numeric or alphanumeric code returned by a card network or issuing bank when a payment authorization fails, indicating the reason the transaction was rejected.

Deferred revenue is a balance sheet liability representing cash received for goods or services not yet delivered. It converts to recognized revenue only as performance obligations are fulfilled, per ASC 606 and IFRS 15.

Deposit insurance is a government-backed guarantee that reimburses depositors up to a statutory limit if a licensed bank fails. It prevents bank runs, underpins confidence in the financial system, and is a baseline consideration for any platform holding customer funds.

A device fingerprint is a unique identifier constructed from hardware, software, and browser attributes collected during a user session, used to recognize devices without cookies or login credentials.

Digital banking delivers financial services — accounts, payments, loans, and more — entirely through online and mobile platforms, eliminating the need for physical branches and providing 24/7 access via apps and APIs.

A digital wallet is a software application that stores payment credentials, loyalty cards, and IDs on a device, letting users pay online or in-store without carrying physical cards or cash.

Direct Debit is a payment method that allows a business to pull funds directly from a customer's bank account, with the customer's prior authorization. It is widely used for recurring billing, subscriptions, and utility payments.

Direct-to-consumer (DTC) is a retail model in which brands manufacture, market, and sell products directly to end customers, bypassing wholesalers, distributors, and third-party retailers. Brands own the full customer relationship, pricing, and data.

A disbursement is the act of paying out funds from a central account to one or more recipients. In payments, it refers to the programmatic distribution of money to merchants, workers, or end users via bank transfer, card, or wallet.

A dispute is a formal challenge raised by a cardholder against a transaction, triggering a review process between the issuing bank, merchant, and card network. Disputes can result in chargebacks if the merchant cannot provide sufficient evidence.

Dispute management is the end-to-end process of tracking, responding to, and resolving payment disputes and chargebacks. It covers prevention strategies, evidence collection, representment filings, and post-dispute analytics to protect merchant revenue.

The Dodd-Frank Wall Street Reform and Consumer Protection Act is a 2010 U.S. federal law that overhauled financial regulation after the 2008 crisis, created the CFPB, and capped debit interchange fees through the Durbin Amendment.

A Doing Business As (DBA) name is a trade name a business uses publicly that differs from its registered legal name. Payment processors require a merchant's DBA during onboarding, as it directly determines what customers see on bank statements.

Double-entry bookkeeping is an accounting method where every financial transaction is recorded as both a debit in one account and a credit in another, keeping the books perpetually balanced. It underpins every reliable financial statement and audit trail in modern business.

Downselling is a sales tactic where a merchant offers a lower-priced or simplified alternative after a customer declines the primary offer. It turns potential lost sales into completed transactions by meeting buyers at their actual budget or intent.

Dropshipping is a retail fulfillment model where merchants sell products without holding inventory. When a customer orders, the merchant forwards the order to a supplier, who ships directly to the buyer.

A Dual Message System (DMS) separates payment authorization and settlement into two distinct network messages sent at different times. Merchants first reserve funds via an authorization hold, then submit a separate capture request to trigger fund movement, enabling amount adjustments before settlement.

Dual pricing and surcharging are merchant pricing strategies that display or apply different prices based on payment method — passing credit card acceptance costs to card-paying customers while preserving a lower cash price.

Dunning is the automated process of retrying failed subscription payments and notifying customers to update their billing information. Effective dunning recovers 20-40% of failed charges before they become involuntary churn.

The Durbin Amendment is a 2010 Dodd-Frank provision that caps debit card interchange fees for U.S. banks with over $10 billion in assets and mandates dual-network routing on all debit cards.

Dynamic Currency Conversion (DCC) lets cardholders pay in their home currency at the point of sale abroad. The merchant's terminal converts the transaction amount in real time, displaying the home-currency total before the cardholder approves.

Dynamic linking cryptographically binds an authentication code to a specific transaction amount and payee, ensuring the code cannot be reused or redirected. Required under PSD2's Strong Customer Authentication rules for remote electronic payments in Europe.

Dynamic pricing adjusts product prices in real time based on demand, inventory levels, competitor rates, and customer behavior. Unlike fixed pricing, it lets merchants capture more revenue when demand peaks and stay competitive when it dips.

E-commerce (electronic commerce) is the buying and selling of goods or services over the internet, encompassing transactions between businesses, consumers, and governments. It includes online storefronts, marketplaces, and digital payment processing.

E-money is a digital representation of fiat currency issued by a regulated institution in exchange for funds, stored on a server or device and redeemable at par value. It enables instant electronic payments without requiring a traditional bank account and is governed by frameworks such as the EU E-Money Directive and PSD2.

An E-Money Institution (EMI) is a regulated entity licensed to issue electronic money and provide payment services. EMIs safeguard customer funds separately from their own capital, enabling digital wallets, prepaid cards, and stored-value products without a full banking licence.

An early termination fee (ETF) is a penalty charged by a payment processor or acquirer when a merchant cancels their processing contract before the agreed end date. ETFs typically range from $200 to $595 as a flat fee, though some contracts calculate them as a multiple of remaining monthly revenue.

An eCheck is a digital version of a paper check that moves funds through the ACH network by debiting the payer's bank account and crediting the payee's. Transactions typically settle in 3–5 business days at a fraction of credit card processing costs.

The Electronic Commerce Indicator is a two-digit code produced by the 3-D Secure authentication process that communicates the authentication outcome to acquirers and card networks. It determines whether liability for fraud-related chargebacks shifts from the merchant to the card issuer.

An ecommerce platform is software that enables businesses to build, manage, and operate online stores — handling product listings, inventory, payments, and order fulfillment in one system.

The effective rate is the true all-in percentage a merchant pays for payment processing, calculated as total fees divided by total card volume. Unlike headline rates, it captures interchange, assessments, processor markups, and monthly fees in a single comparable figure.

Electronic Benefits Transfer (EBT) is a government-administered payment system that loads welfare entitlements — including SNAP food assistance and TANF cash aid — onto a reusable plastic card, allowing recipients to pay at authorized retailers via standard POS terminals.

Electronic Funds Transfer (EFT) is the digital movement of money between bank accounts through computer-based systems, without the need for physical cash or paper checks. It covers a broad range of payment methods including ACH, wire transfers, direct debit, and SEPA.

Email automation uses trigger-based rules to send targeted messages to customers at the right moment—without manual effort. It powers revenue-critical flows like cart recovery, onboarding, and payment reminders.

Embedded finance is the integration of financial services—such as payments, lending, insurance, and banking—directly into non-financial platforms and applications, enabling businesses to offer these services without becoming regulated financial institutions.

Embedded payments integrate payment processing directly into a non-financial software platform, enabling users to transact without leaving the application. This eliminates redirects to third-party checkout pages and creates a seamless, native payment experience within any product.

EMV is a global payment standard developed by Europay, Mastercard, and Visa that uses embedded chips in payment cards to authenticate transactions securely. Unlike magnetic stripes, EMV chips generate a unique cryptogram for each transaction, making stolen card data nearly useless for fraud.

Encryption converts readable data into an unreadable format using a cryptographic algorithm and key, so only authorized parties can decrypt and access the original information. It is the foundational security layer protecting payment data in transit and at rest.

End-to-end encryption (E2EE) is a security method that encrypts data at its origin and keeps it encrypted until it reaches the intended recipient, ensuring no intermediary can read or tamper with it in transit.

Enhanced Due Diligence (EDD) is a rigorous identity verification and risk assessment process applied to high-risk customers, transactions, or business relationships that exceed standard KYC/CDD requirements.

A charge levied by a payment processor or acquirer for the hardware or software required to accept card payments — such as POS terminals, card readers, or virtual terminals. It may be structured as a one-time purchase price, a monthly rental, or a multi-year lease.

Ethoca Alerts is a Mastercard service that notifies merchants in real time when a cardholder disputes a transaction with their bank, giving merchants a window to issue a refund before a formal chargeback is filed.

European payment regulation is the body of EU law governing how electronic payments are initiated, processed, and secured across member states. It spans directives on consumer protection, data privacy, anti-fraud, and open access to payment infrastructure.

An Excessive Chargeback Program is a card network enforcement mechanism that flags and penalizes merchants whose monthly chargeback ratio surpasses defined thresholds, subjecting them to escalating fines, mandatory remediation plans, and potential merchant account termination.

Expansion revenue is the incremental revenue generated from existing customers through upsells, cross-sells, seat additions, or usage increases. It grows MRR without acquiring new customers, making it the most capital-efficient growth lever in subscription and SaaS businesses.

Failover is the automatic rerouting of a failed payment transaction to an alternative processor, acquirer, or payment method in real time, ensuring the transaction completes without requiring the customer to retry manually.

The Fair Credit Billing Act (FCBA) is a U.S. federal law enacted in 1974 that protects consumers from unfair billing practices on open-end credit accounts, establishing formal dispute rights and merchant obligations for billing errors.

A false positive occurs when a fraud detection system incorrectly flags a legitimate transaction as fraudulent, triggering an unnecessary decline. It reduces authorization rates, damages customer experience, and causes revenue loss without preventing real fraud.

Faster Payments is the UK's real-time bank transfer scheme enabling near-instant account-to-account payments that typically settle within seconds, 24/7/365. It supports single payments, standing orders, and forward-dated transfers up to £1 million.

FedNow is a real-time interbank payment and settlement service operated by the U.S. Federal Reserve, launched in July 2023. It enables financial institutions to send and receive payments instantly, 24/7/365, with immediate fund availability for end users.

Fedwire is the Federal Reserve's real-time gross settlement (RTGS) system for large-value U.S. dollar interbank transfers. Each transaction settles individually and irrevocably within minutes, making it the primary rail for high-value same-day domestic payments.

Fiat currency is government-issued money not backed by a physical commodity such as gold. Its value derives from government decree and public trust in the issuing authority, typically a central bank.

The Financial Action Task Force (FATF) is an intergovernmental body that sets global standards for combating money laundering, terrorist financing, and proliferation financing. Its 40 Recommendations form the basis of AML/CFT compliance frameworks in over 200 jurisdictions.

The Financial Conduct Authority (FCA) is the UK's independent conduct regulator for around 45,000 financial firms. It authorises payment institutions, sets consumer-protection rules, and enforces compliance across banking, payments, and capital markets.

Financial inclusion ensures individuals and businesses—especially underserved populations—have access to affordable financial products such as payments, savings, credit, and insurance delivered through responsible, sustainable channels.

FinCEN (Financial Crimes Enforcement Network) is a bureau of the U.S. Treasury Department that collects and analyzes financial data to combat money laundering, terrorist financing, and other financial crimes. It administers the Bank Secrecy Act and issues compliance rules for financial institutions.

First-party fraud occurs when a legitimate account holder deliberately misrepresents information or abuses financial products for personal gain—such as falsely claiming non-delivery to keep goods and their money.

Flat rate pricing is a payment processing model where merchants pay a single fixed percentage (and sometimes a fixed per-transaction fee) on every transaction, regardless of card type, network, or issuer.

A floor limit is the maximum transaction value a merchant can process without online issuer authorization. Amounts at or below the limit are approved offline; amounts above require real-time network authorization.

Force capture is a transaction method that lets merchants submit a capture request without a prior authorization code, using a manually obtained approval code—often from a voice authorization or offline approval—to settle the payment directly.

A foreign exchange (FX) rate is the price at which one currency is exchanged for another. It determines the cost of converting funds across borders and directly affects merchant revenues and operating margins on international sales.

Fraud is any intentional deception carried out to gain an unfair or unlawful financial advantage, typically at the expense of a merchant, consumer, or financial institution. In payments, fraud encompasses unauthorized transactions, identity theft, and account takeovers.

The process of identifying fraudulent payment transactions in real time using rules, machine learning models, and behavioral signals. Effective fraud detection balances blocking bad actors against minimizing false positives that reject legitimate customers.

Fraud monitoring is the continuous, real-time surveillance of payment transactions and user activity to detect, flag, and prevent fraudulent behavior before it causes financial loss.

Fraud prevention encompasses the strategies, tools, and processes merchants use to stop unauthorized or deceptive transactions before they occur, protecting revenue and customer trust.

Fraud scoring is a real-time risk assessment process that assigns a numerical score to each transaction, indicating the likelihood it is fraudulent. Scores are generated by machine learning models weighing hundreds of signals—device, behavior, velocity, and history—enabling automated accept, review, or decline decisions.

A free trial gives new users temporary access to a paid product or service at no charge. Merchants typically collect payment details upfront and charge automatically when the trial period ends. It is one of the most effective acquisition tools in subscription commerce.

Frictionless checkout is a payment experience that minimizes the steps, fields, and interruptions a customer faces when completing a purchase, reducing cart abandonment and increasing conversion rates.

Friendly fraud occurs when a legitimate cardholder makes a purchase, receives the goods or services, then disputes the charge with their bank to obtain a refund while keeping the item. Unlike external fraud, the perpetrator is the actual account holder.

A front company is a legally registered business used to conceal illicit activities, true ownership, or the criminal origin of funds. It processes real or simulated transactions to blend dirty money with legitimate revenue, making financial crimes significantly harder to detect.

Fulfillment is the end-to-end process of receiving inventory, processing customer orders, picking and packing items, and shipping them to buyers. It also encompasses returns handling and directly determines delivery speed, accuracy, and overall customer satisfaction.

A gateway fee is a charge levied by a payment gateway provider for routing and processing each transaction or for maintaining access to its payment infrastructure. It covers the cost of secure data transmission, fraud screening, and connectivity between merchants and payment networks.

The General Data Protection Regulation is an EU law that governs how organizations collect, store, and process personal data of EU residents. It imposes strict obligations on businesses worldwide and carries fines up to €20 million or 4% of global annual turnover.

A gift card is a prepaid payment instrument loaded with a fixed monetary value, redeemable for purchases at one or more merchants. Issued in physical or digital form, gift cards are either closed-loop (single merchant) or open-loop (network-branded).

Global payments refers to the infrastructure enabling businesses to accept, process, and settle transactions across countries, currencies, and payment methods, connecting international buyers and sellers through coordinated financial rails.

Google Pay is a digital wallet and contactless payment service by Google that lets users store cards and pay in apps, online, and at physical terminals via NFC. It replaced Android Pay and Google Wallet in 2018 and is available on Android devices and the web.

Gross funding is a settlement model in which a processor transfers the full transaction amount to a merchant before deducting fees, which are billed separately. It contrasts with net settlement, where fees are subtracted prior to disbursement.

Gross Merchandise Value (GMV) is the total dollar value of all merchandise sold through a platform over a given period, before deducting fees, returns, or discounts. It measures transaction volume, not net revenue.

Gross Payment Volume (GPV) is the total monetary value of all payment transactions processed through a platform over a given period, before deducting refunds, chargebacks, or processing fees. It is the top-line volume metric used by payment processors and merchants to measure scale.

A hard decline is a permanent payment rejection issued by the card issuer, indicating the transaction cannot be retried. Unlike soft declines, hard declines signal a fundamental problem with the card or account that retrying will not resolve.

Headless checkout decouples the payment UI from backend processing, letting merchants build fully custom experiences via API while reusing proven payment logic. Any frontend—web, mobile app, or IoT device—can trigger the same underlying payment flow.

Headless commerce decouples the frontend presentation layer from the backend ecommerce engine, connecting them via APIs. This lets teams build custom storefronts on any technology while keeping order, inventory, and payment logic separate.

A high-risk merchant is a business classified by acquirers and payment processors as having an elevated likelihood of chargebacks, fraud, or regulatory scrutiny. This classification affects which processors will work with the merchant, the fees charged, and the reserve requirements imposed.

A high-risk merchant account is a payment processing account issued to businesses that acquiring banks classify as elevated-risk due to high chargeback rates, regulated industries, or large transaction volumes. These accounts carry higher processing fees, mandatory reserves, and stricter contractual terms than standard accounts.

A holdback is a percentage of a merchant's credit card sales withheld by the payment processor to cover potential chargebacks and refunds. Funds sit in a reserve account and are released to the merchant after a defined risk period, typically 90–180 days.

The Honor All Cards Rule is a card network policy requiring merchants that accept any card bearing a network's brand mark to accept all valid cards issued under that brand—regardless of card type, issuer, or product tier.

A hosted payment page is a secure, third-party checkout page where customers enter payment details, removing the merchant from direct contact with sensitive card data and simplifying PCI compliance.

HTTPS (HyperText Transfer Protocol Secure) is the encrypted version of HTTP that secures data exchanged between a browser and web server using TLS. It authenticates the server identity and encrypts all transmitted data to prevent interception and tampering.

An International Bank Account Number (IBAN) is a standardized alphanumeric code that uniquely identifies a bank account across borders. It combines a country code, check digits, and domestic account details to enable accurate, error-checked international payments.

Idempotency ensures that executing the same API request multiple times produces the same result without unintended side effects. In payments, it prevents duplicate charges when network failures force clients to retry.

Identity fraud occurs when a criminal uses stolen or fabricated personal information to impersonate a victim and commit unauthorized financial transactions. It spans tactics from new-account fraud to payment card abuse, often causing severe financial and reputational damage.

In-app payments are transactions completed directly inside a mobile application, without redirecting the user to an external website or browser. They enable purchases of digital goods, subscriptions, or physical products entirely within the app experience.

An Independent Sales Organization (ISO) is a third-party company authorized by a card network or acquiring bank to resell payment processing services to merchants. ISOs act as intermediaries, recruiting merchants and managing relationships on behalf of their acquiring partners.

Instant Account Verification (IAV) is a real-time process that confirms bank account ownership and validity in seconds using open banking APIs or credential-based login—eliminating the multi-day wait of traditional microdeposit verification.

Integrated payments embed payment processing natively into a software application, allowing merchants to accept transactions without leaving their workflow. The payment experience becomes a core feature of the platform, not a separate third-party step.

An Integrated Software Vendor (ISV) is a company that builds software applications and embeds payment acceptance directly into its product, enabling merchants to process transactions without switching to a separate payments platform.

Interac is Canada's national debit and payment network, enabling real-time fund transfers, point-of-sale debit purchases, and online payments between Canadian bank accounts. It is the dominant domestic payment rail used by virtually every Canadian financial institution.

An interchange fee is a per-transaction fee paid by a merchant's bank (acquirer) to the cardholder's bank (issuer) every time a card payment is processed. It is the largest component of card acceptance costs, typically ranging from 0.2% to 2%+ of transaction value.

Interchange optimization is the systematic practice of structuring transactions to qualify for the lowest available interchange rate categories set by card networks. It combines enhanced data submission, routing strategy, and operational discipline to reduce the largest component of merchant processing costs.

Interchange-plus pricing is a payment processing fee model where merchants pay the card network's actual interchange fee plus a fixed markup charged by the processor. It separates the true cost of acceptance from the processor's profit margin, giving merchants full transparency.

Inventory management is the process of tracking, ordering, storing, and controlling a company's stock of goods to ensure the right products are available at the right time, minimizing both stockouts and overstock situations.

Invisible payments are transactions that complete automatically in the background, requiring no manual checkout action from the customer. Payment credentials are stored once, then silently charged at a predefined trigger event — such as ride completion, order delivery, or subscription renewal.

Involuntary churn occurs when a subscription is cancelled not because the customer chose to leave, but because a payment failed—due to an expired card, insufficient funds, or issuer decline. Unlike voluntary churn, it is recoverable with the right retry and recovery tooling.

The IRS 1099-K is a tax information return that payment processors and third-party settlement organizations must issue to merchants whose card payments or third-party network transactions exceed IRS-set annual thresholds.

ISO 20022 is a global standard for electronic financial messaging that defines a common data model for payments and trade finance. It replaces legacy formats like SWIFT MT with structured XML messages carrying richer data to improve processing, compliance, and interoperability.

ISO 27001 is the international standard for information security management systems (ISMS), specifying requirements to establish, implement, maintain, and continually improve an organization's information security posture.

An issuer is a financial institution—typically a bank or credit union—that provides payment cards to consumers and is responsible for approving or declining transactions on their behalf.

An issuer processor is a technology provider that handles real-time authorization, clearing, and settlement on behalf of card-issuing banks. It connects the issuing bank to the card network, enabling debit, credit, and prepaid card programs without building core processing infrastructure in-house.

Know Your Business (KYB) is the process by which payment providers and financial institutions verify the identity, ownership, and legitimacy of a business before granting access to payment services.

Know Your Customer (KYC) is a regulatory compliance process requiring businesses to verify the identity of their customers before establishing a relationship. It prevents money laundering, fraud, and terrorist financing by ensuring merchants know who they are transacting with.

Know Your Employee (KYE) is a compliance process that screens, verifies, and continuously monitors employees who handle sensitive financial data or payment systems. It helps organizations detect insider threats, prevent internal fraud, and meet regulatory obligations.

A knuckle-buster is a mechanical card imprinting device that transfers embossed card details onto multi-part carbon sales slips using a rolling pressure plate, enabling card-present transactions without electricity or a network connection.

Last-mile delivery is the final stage of the logistics chain, moving a parcel from a regional distribution hub to the customer's door. It is the costliest and most complex leg of shipping, accounting for over half of total delivery expenses.

A ledger is a structured record of all financial transactions across accounts, tracking debits, credits, and running balances. It is the primary accounting book in any payment system, enabling accurate reconciliation, auditability, and financial reporting.

Level 2 and Level 3 processing are enhanced data standards that allow merchants to pass additional transaction details—such as tax amounts and line-item information—alongside card payments to qualify for lower interchange rates on commercial card transactions.

Liability shift transfers fraud-related chargeback responsibility from the merchant to the card issuer when specific authentication or technology requirements are met, reducing the merchant's financial exposure to fraudulent transactions.

A pre-agreed monetary sum specified in a contract that becomes payable upon breach, calculated in advance as a genuine estimate of the non-breaching party's losses rather than a punitive penalty.

A liveness check is a biometric security technique that confirms a real, live person is present during identity verification, preventing spoofing attacks that exploit static photos, pre-recorded videos, or synthetic deepfake media to impersonate legitimate users.

Local acquiring routes card transactions through an acquirer domiciled in the same country as the merchant, processing them as domestic rather than cross-border payments. This reduces declines, lowers interchange fees, and improves the cardholder experience.

Local payment methods are payment instruments that are dominant in a specific country or region, such as iDEAL in the Netherlands, PIX in Brazil, or Alipay in China. They differ from global card networks by catering to local banking infrastructure, consumer habits, and regulatory frameworks.

A loyalty program rewards customers for repeat purchases or engagement through points, discounts, or exclusive perks. It drives retention, increases purchase frequency, and grows customer lifetime value.

The Luhn Algorithm is a mod-10 checksum formula that validates credit card numbers and similar identifiers. It detects single-digit transcription errors and fabricated numbers before they reach the payment network, reducing unnecessary authorization attempts.

A magnetic stripe is a band of iron-based magnetic particles on the back of a payment card that stores static cardholder data, including the PAN, expiry date, and service code, read by swiping through a card reader.

MOTO (Mail Order / Telephone Order) refers to card-not-present transactions where a customer provides payment details via mail or phone rather than in person. These transactions carry higher fraud risk and distinct processing rules compared to in-person payments.

Manual keyed entry is the process of manually typing a customer's card details—number, expiry, CVV, and billing address—into a payment terminal or virtual terminal rather than swiping, dipping, or tapping the card.

A marketplace is a platform that connects multiple third-party sellers or service providers with buyers, managing transactions and distributing funds. Unlike a direct retailer, the marketplace earns fees or commissions rather than taking ownership of goods.

A master merchant is an entity registered directly with payment networks that sponsors sub-merchants to accept card payments under its umbrella account, assuming compliance, underwriting, and chargeback liability on their behalf.

The MATCH (Member Alert to Control High-risk) List is Mastercard's blacklist of merchants and their principals whose accounts were terminated for cause. Being listed can prevent a business from obtaining a new merchant account for up to five years.

A merchant account is a type of bank account that allows businesses to accept and process electronic card payments. Funds from card transactions are held in this account before being settled to the business's primary bank account.

A merchant agreement is a contract between a merchant and an acquiring bank or payment processor that governs the terms under which the merchant may accept card payments, including fees, liabilities, and compliance obligations.

A Merchant Category Code (MCC) is a four-digit number assigned by card networks to classify a business by the goods or services it sells. It determines interchange rates, reward eligibility, and underwriting risk.

The Merchant Discount Rate (MDR) is the total fee a merchant pays to accept card payments, expressed as a percentage of each transaction. It bundles interchange fees, scheme fees, and the acquirer's margin into a single blended rate.

A Merchant Identification Number (MID) is a unique numeric code assigned by an acquirer to identify a merchant's account during payment card processing. It routes transactions to the correct merchant account and appears in settlement and chargeback records.

A Merchant of Record is the legal entity that sells goods or services to the end customer, accepts payment liability, and is responsible for tax collection, chargebacks, and regulatory compliance on behalf of the actual seller.

Merchant onboarding is the process by which a payment processor, payment facilitator, or acquiring bank verifies, approves, and activates a business to accept card payments. It covers identity checks, risk assessment, compliance screening, and account configuration.

A Merchant-Initiated Transaction (MIT) is a payment charged to a stored card without the cardholder being present or actively approving the transaction at that moment. MITs are pre-authorized by the customer and used for subscriptions, installments, and usage-based billing.

Metered billing charges customers based on actual resource consumption — such as API calls, messages sent, or gigabytes stored — measured over a billing period. Unlike flat-rate subscriptions, customers pay only for what they use.

A microdeposit is a small bank transfer—typically $0.01–$0.10—sent to a user's bank account to verify ownership. The account holder confirms the exact deposit amounts, proving account access before ACH payments or payouts are activated.

A mobile point of sale (mPOS) is a smartphone, tablet, or dedicated wireless device that functions as a payment terminal. It accepts card, contactless, and digital wallet payments anywhere with a cellular or Wi-Fi connection, replacing traditional fixed cash registers.

A mobile wallet is a digital application on a smartphone that stores payment credentials, loyalty cards, and IDs, enabling contactless payments in-store and online without a physical card.

Modular banking is an architecture that decomposes banking capabilities — accounts, payments, KYC, lending — into independent, API-exposed components. Businesses compose only the services they need, enabling faster product iteration without monolithic vendor lock-in.

Money laundering is the process of disguising illegally obtained funds as legitimate income by cycling them through financial systems to obscure their criminal origin. It unfolds across three stages: placement, layering, and integration.

A money mule is a person who transfers illegally obtained funds on behalf of criminals, knowingly or unknowingly, typically keeping a commission. They act as a buffer between fraudsters and the banking system to obscure the origin of stolen money.

A Money Transmitter License (MTL) is a state-issued authorization to transfer funds on behalf of third parties in the US. Businesses that move money between customers — including payment platforms, wallets, and marketplaces — must hold an MTL in each state where they operate.

A monthly fee is a fixed recurring charge billed by payment processors, gateways, or acquiring banks each month to maintain a merchant account, regardless of transaction volume. It represents the predictable fixed component of your total payment processing cost.

Monthly Recurring Revenue (MRR) is the predictable revenue a subscription business earns each month from active paying customers. It normalizes all subscription plans into a single monthly figure, making it the core metric for tracking subscription business health.

Multi-currency support enables merchants to accept, process, and settle payments in multiple currencies. Shoppers pay in their local currency while merchants retain control over which currencies they receive funds in, reducing friction and improving global conversion rates.

Multi-Factor Authentication (MFA) is a security method that requires users to verify their identity using two or more independent factors — such as a password, a one-time code, or a biometric — before accessing an account or completing a transaction.

NACHA is the nonprofit organization that governs the U.S. ACH payment network, setting binding rules and standards for electronic funds transfers between financial institutions. Every ACH participant — banks, processors, and merchants — must comply with NACHA's Operating Rules.

Name screening is a compliance process that checks individuals, entities, and businesses against sanctions lists, watchlists, and other risk databases to identify prohibited or high-risk parties. It runs at onboarding and throughout the customer lifecycle to prevent financial crime.

Net settlement is a process where payment obligations between parties are consolidated over a period, and only the net difference is transferred rather than each individual transaction. This reduces transaction volume, liquidity requirements, and processing costs across the payment ecosystem.

A network token is a surrogate payment credential issued by a card network—Visa, Mastercard, or Amex—that replaces a cardholder's Primary Account Number for digital and card-on-file transactions. Tokens are domain-locked, cryptographically bound, and automatically refreshed when cards are reissued or replaced.

Near Field Communication (NFC) is a short-range wireless technology operating at 13.56 MHz that enables secure data exchange within ~4 cm. It powers tap-to-pay transactions at point-of-sale terminals via smartphones, payment cards, and wearables.

OFAC (Office of Foreign Assets Control) is a U.S. Treasury Department agency that enforces economic and trade sanctions against countries, entities, and individuals deemed threats to national security. Businesses must screen transactions against OFAC lists or face severe civil and criminal penalties.

Omnichannel payments is a strategy that unifies payment acceptance across all sales channels — in-store, online, mobile, and social — into a single, consistent customer experience backed by shared data and infrastructure.

One-click payments let returning customers complete a purchase with a single tap or click, using stored payment credentials — no re-entering card details required. They reduce checkout friction and dramatically increase conversion rates for repeat buyers.

Open banking lets regulated third-party providers access consumer bank account data and initiate payments via standardised APIs — with the account holder's consent. It underpins account-to-account payments, variable recurring payments, and a new generation of financial products.

An open loop payment card operates on a major card network (Visa, Mastercard, Amex, or UnionPay) and is accepted wherever that network is supported — at any merchant, ATM, or online checkout worldwide.

Partial capture is when a merchant settles a transaction for an amount less than the original authorization hold. The difference between the authorized amount and the captured amount is automatically released back to the cardholder.

A partial refund returns a portion of the original transaction amount to the customer, rather than the full payment. It is used when only part of an order is returned, cancelled, or disputed.

Pass-through pricing is a payment processing model where the processor charges merchants the exact interchange and network fees set by card networks, plus a fixed markup. It eliminates fee blending, giving merchants full cost transparency.

A passkey is a cryptographic credential that replaces passwords using public-key cryptography, allowing users to authenticate with a biometric gesture, PIN, or device unlock — without ever transmitting a secret over the network.

A Payment API is a set of programmatic interfaces that allows software applications to initiate, process, and manage financial transactions. It connects merchants directly to payment networks, processors, and banking infrastructure without handling card data on their own servers.

A payment dongle is a compact card reader that plugs into a smartphone or tablet, enabling merchants to accept credit and debit cards anywhere. It pairs with a merchant app to process card-present transactions over any internet connection.

A Payment Facilitator (PayFac) is a company that aggregates multiple sub-merchants under a single master merchant account, handling underwriting, onboarding, and settlement on their behalf.

A payment form is the data-entry interface that collects card details, billing information, and payment method selection from a customer during checkout. It is the last touchpoint before a transaction is authorized.

Payment fraud is any unauthorized or deceptive transaction that results in financial loss to a merchant, cardholder, or financial institution. It encompasses schemes ranging from stolen card use to identity theft and friendly fraud.

A technology service that captures, encrypts, and transmits payment data from the customer to the acquiring bank for authorization. Payment gateways are the bridge between your checkout and the payment network.

A payment link is a shareable URL that routes customers directly to a ready-made checkout page, enabling merchants to collect payments without a website or shopping cart. Generated in seconds, they are shared via email, SMS, social media, or any messaging channel.

A technology layer that sits above individual payment gateways and intelligently routes each transaction to the optimal processor based on card type, geography, fees, and approval rates — with automatic failover if one processor declines.

Payment processing is the end-to-end sequence of steps that moves funds from a customer's account to a merchant's account when a transaction is initiated. It involves authorization, authentication, clearing, and settlement across multiple financial entities.

A payment processor is a company that handles transaction communication between merchants, card networks, issuing banks, and acquiring banks to authorize and settle card payments in real time.

Payment rails are the underlying infrastructure and networks that move money between banks, businesses, and consumers. They define the rules, protocols, and technical pathways that determine how fast, at what cost, and under what conditions funds are transferred.

A Payment Service Provider (PSP) is a company that enables merchants to accept electronic payments by connecting them to card networks, banks, and payment infrastructure. PSPs bundle acquiring, gateway, fraud tools, and settlement into a single contract and integration.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements that any business handling credit card data must follow. PCI compliance protects cardholder data and reduces the risk of data breaches.

The Payment Card Industry Security Standards Council (PCI SSC) is a global body founded by Visa, Mastercard, American Express, Discover, and JCB to develop and maintain security standards that protect cardholder data across the payment ecosystem.

Phishing is a cyberattack where criminals impersonate trusted entities via email, SMS, or fake websites to trick victims into revealing credentials, payment data, or other sensitive information.

A Point of Sale (POS) is the physical or digital location where a customer completes a purchase. It combines hardware and software to process card, contactless, and cash transactions, routing payment data through the card network for real-time authorization and settlement.

Point-to-Point Encryption (P2PE) encrypts cardholder data from the moment a card is swiped, dipped, or tapped at a payment terminal until it reaches a secure decryption environment, rendering the data unreadable to anyone in between.

A prepaid card is a payment card pre-loaded with a fixed amount of funds, allowing holders to spend only the deposited balance. It requires no bank account or credit check, making it accessible to unbanked consumers and useful for controlled spending.

The Primary Account Number (PAN) is the 8–19 digit identifier on a payment card that uniquely identifies the cardholder's account. It encodes the card network, issuing bank, and account, and is the central data element that PCI DSS mandates be encrypted or tokenized at rest and in transit.

PSD2 (Payment Services Directive 2) is the EU regulation that mandates Strong Customer Authentication, opens banking APIs to third parties, and sets liability rules for electronic payments across the European Economic Area.

A push payment is a transaction where the sender initiates and authorizes the transfer of funds directly to a recipient's account. Unlike pull payments, the payer controls the timing and amount, eliminating the need for the payee to request funds.

Push-to-Card (P2C) is a payment method that sends funds directly to a recipient's debit or prepaid card, typically settling within minutes. It uses card network rails (Visa Direct, Mastercard Send) rather than traditional bank transfers.

Rapid Dispute Resolution (RDR) is a Visa program that allows issuers to automatically resolve disputes at the network level before a formal chargeback is filed, using merchant-defined rules to issue instant refunds.

Real-Time Payments (RTP) is a payment rail that enables the near-instant transfer of funds between bank accounts 24/7/365, with settlement typically completed in seconds. Unlike ACH or wire transfers, RTP provides immediate finality and instant confirmation to both sender and receiver.

Reconciliation is the process of matching and verifying transaction records across multiple systems—such as a merchant's books, payment processor reports, and bank statements—to ensure they are consistent and accurate.

Recurring payments are automatic charges collected from a customer at regular intervals — weekly, monthly, or annually — based on a stored payment method. They power subscription businesses, SaaS billing, and membership models by eliminating manual re-authorization on every cycle.

A refund is a transaction that returns funds to a customer after a completed payment. Unlike a void, which cancels a transaction before settlement, a refund processes as a new credit back to the original payment method.

A retrieval request is a card network's formal demand for a merchant to provide transaction documentation — such as a receipt or order confirmation — to help an issuing bank investigate a cardholder inquiry before it escalates to a chargeback.

A reversal cancels a payment transaction before it fully settles, returning funds to the cardholder without going through the chargeback process. It is faster and cheaper than a refund or dispute resolution.

Risk management in payments is the process of identifying, assessing, and mitigating financial, operational, and fraud-related threats across the transaction lifecycle to protect revenue and maintain compliance.

A fraud prevention methodology that dynamically adjusts authentication and verification requirements based on the assessed risk level of each transaction, rather than applying uniform rules to all payments.

A rolling reserve is a risk-management tool where an acquirer withholds a percentage of a merchant's settlement funds for a fixed period, then releases them on a rolling basis as the hold window expires.

Samsung Pay is a mobile payment service by Samsung that lets users pay in stores, online, and in apps using their Samsung devices. It supports both NFC and the proprietary MST technology, enabling use at virtually any card terminal.

Sanctions screening is the process of checking customers, transactions, and counterparties against government and international watchlists to prevent prohibited parties from accessing financial services.

A sandbox environment is an isolated, simulated payment system that mimics live production without processing real money. Developers use it to build, test, and debug integrations safely before going live.

Scheme fees are charges levied by card networks such as Visa, Mastercard, and American Express on transactions processed through their payment rails. They are paid by acquirers and issuers, then typically passed through to merchants as part of overall card acceptance costs.

A Software Development Kit (SDK) is a packaged set of tools, libraries, and documentation that lets developers integrate a service—such as a payment gateway—into their application without building from scratch.

SEPA (Single Euro Payments Area) is a European payment integration initiative that enables cashless euro payments across 36 countries using unified standards, making cross-border transfers as simple and cost-effective as domestic ones.

SEPA Instant Credit Transfer (SCT Inst) is a pan-European payment scheme enabling euro credit transfers to settle in under 10 seconds, 24/7/365, across 36 SEPA countries. Funds are available to the recipient immediately and irrevocably, with a transaction limit of €100,000.

A SEPA Mandate is a signed authorisation granted by a payer to a creditor, permitting the creditor to initiate one or more Direct Debit collections from the payer's bank account within the Single Euro Payments Area.

Settlement is the process by which funds from a completed transaction are transferred from the issuing bank to the merchant's account, finalizing the payment after authorization and capture. It typically occurs 1–3 business days after the original transaction.

Smart retry is an automated payment recovery strategy that intelligently re-attempts failed transactions using optimized timing, routing, and card network rules to maximize authorization rates without triggering fraud flags.

An automated system that analyzes each payment transaction in real time and directs it to the processor most likely to approve it, based on card type, geography, amount, and historical performance data.

SOC 2 is an auditing framework developed by the AICPA that evaluates how service organizations manage customer data across five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy.

Social engineering is the manipulation of people into revealing confidential information or performing actions that benefit an attacker, bypassing technical security controls entirely. Attackers exploit trust, urgency, fear, or authority rather than software vulnerabilities.

A soft decline is a temporary payment authorization failure where the card issuer signals the transaction may succeed if retried — often due to insufficient funds, issuer unavailability, or authentication requirements.

A sponsor bank is a federally licensed financial institution that holds a master merchant account and grants payment facilitators, ISOs, and fintechs the regulatory authority to process card transactions on behalf of sub-merchants through card network membership.

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols that encrypt data transmitted between a client and server. TLS is the modern successor to SSL, securing sensitive data like payment credentials in transit.

A stablecoin is a type of cryptocurrency designed to maintain a stable value by pegging it to a reserve asset such as a fiat currency, commodity, or algorithm. Unlike volatile cryptocurrencies, stablecoins offer the transaction speed of digital assets without price instability.

A stored value card holds a monetary balance on the card itself or a linked account, rather than drawing from a bank account or credit line. Funds are preloaded and depleted as purchases are made, with no credit risk to the issuer.

Strong Customer Authentication (SCA) is a regulatory requirement under PSD2 that mandates multi-factor verification for electronic payments in Europe, combining at least two of three elements: knowledge, possession, and inherence.

A sub-merchant is a business that processes payments through a payment facilitator rather than holding its own direct merchant account with an acquirer. The PayFac aggregates multiple sub-merchants under a single master merchant ID, enabling faster onboarding and simplified payment acceptance.

Subscription billing is a payment model where customers are charged automatically on a recurring schedule—weekly, monthly, or annually—in exchange for ongoing access to a product or service.

A SAR is a mandatory report filed by financial institutions and payment businesses when they detect transactions that may signal money laundering, fraud, or other financial crimes. Regulators use SARs as a primary intelligence tool to investigate illicit activity.

Synthetic identity fraud is when fraudsters fabricate a new identity by combining real and fictitious personal data—such as a valid SSN with a fake name—to open accounts, build credit, and ultimately commit large-scale financial theft.

Tap to Pay is a contactless payment method that lets customers complete transactions by holding an NFC-enabled card, smartphone, or wearable near a payment terminal. No PIN entry or card swipe required for low-value transactions.

A Terminal Identification Number (TID) is a unique numeric code assigned by an acquirer to each payment terminal, enabling transaction routing, reconciliation, and fraud monitoring at the device level.

Tiered pricing is a merchant account fee model that groups card transactions into rate buckets—qualified, mid-qualified, and non-qualified—each carrying a distinct processing rate determined by the payment processor.

The process of replacing sensitive card data with a non-sensitive token that can be stored and reused for future transactions. Tokenization enables one-click purchases, subscription billing, and dramatically reduces PCI compliance scope.

A transaction is the complete exchange of value between a buyer and a seller, triggered by a payment method and completed through authorization, capture, and settlement. Each transaction carries a unique identifier tracked across every participant in the payment chain.

Transaction monitoring is the automated process of analyzing payment activity in real time or near-real time to detect fraud, money laundering, and other suspicious behavior. It combines rule-based triggers with machine learning to flag transactions that deviate from expected patterns.

Two-factor authentication (2FA) is a security method requiring users to verify identity with two distinct factors — typically something they know (a password) and something they have (a one-time code or device) — before granting access.

Underwriting is the risk assessment process payment providers use to evaluate a merchant's business before approving a merchant account. It determines credit limits, reserve requirements, and processing fees based on financial and operational risk.

A virtual terminal is a web-based application that lets merchants accept card payments by manually entering card details into a browser interface, without requiring a physical card reader or POS hardware.

A void transaction cancels a payment authorization before it settles, preventing funds from ever leaving the cardholder's account. Unlike a refund, no money changes hands — the hold is simply released.

Webhooks are HTTP callbacks that send real-time event notifications from one system to another. When a payment event occurs, a webhook pushes data to your endpoint instantly — no polling required.

A wire transfer is an electronic payment method that moves funds directly between financial institutions through secure messaging networks such as SWIFT or Fedwire. Transactions are irrevocable once settled and can cross borders in hours or days.