Payments &
Ecommerce Glossary

An authentication protocol that adds a verification step during online card payments to confirm the cardholder's identity. 3D Secure reduces fraud, shifts liability to the issuing bank, and is required for PSD2 compliance in Europe.

3D Secure 2.0 (3DS2) is an EMVCo authentication protocol that verifies cardholders during online transactions using risk-based analysis and 100+ data points, enabling frictionless checkout while satisfying Strong Customer Authentication requirements.

Acceptance marks are logos or symbols displayed by merchants to indicate which payment methods, card networks, or digital wallets they accept. They set customer expectations at checkout and are often required by card network rules.

Account-to-account (A2A) payments move funds directly between two bank accounts, bypassing card networks entirely. They combine lower costs, faster settlement, and reduced fraud exposure compared to card-based transactions.

ACH (Automated Clearing House) is a US electronic network that processes batch credit and debit transfers between bank accounts. It underpins payroll, bill payments, and B2B transfers, settling funds in 1–3 business days.

An ACH Credit is a push payment initiated by the payer to deposit funds directly into a recipient's bank account via the ACH network. It is widely used for payroll direct deposits, vendor payments, tax refunds, and government benefit disbursements.

An ACH Debit is a pull payment that moves funds from a payer's bank account to a payee's account through the Automated Clearing House network. Initiated by the receiving party with prior authorization, it underpins recurring billing, subscription payments, and B2B transactions across the US.

An acquirer (acquiring bank) is the financial institution that processes card payments on behalf of a merchant, settling funds from the card networks into the merchant's account. It holds the merchant account and bears the financial risk of chargebacks and fraud.

An aggregator merchant is an entity that pools multiple smaller merchants under a single master merchant account, enabling them to accept card payments without individual merchant accounts. The aggregator assumes liability for its sub-merchants' transactions.

Alipay is a Chinese digital wallet and online payment platform operated by Ant Group. It enables consumers to pay via QR code, app, or web checkout, and is one of the world's largest payment networks by transaction volume.

Annual Recurring Revenue (ARR) is the total value of recurring subscription revenue a business expects to collect over a 12-month period. It excludes one-time fees and variable usage charges, giving a predictable baseline for forecasting.

Anti-money laundering refers to the laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. AML frameworks require financial institutions and payment businesses to detect, report, and block suspicious financial activity.

Apple Pay is a mobile payment and digital wallet service by Apple that lets users pay contactlessly using iPhone, Apple Watch, iPad, or Mac. It tokenizes card data so the real card number is never transmitted to merchants, reducing fraud risk.

Arbitration is the final stage of the chargeback dispute process, where a card network such as Visa or Mastercard reviews the case and issues a binding ruling after both issuer and acquirer fail to resolve it bilaterally.

An assessment fee is a charge levied by card networks (Visa, Mastercard, Amex, Discover) on every transaction processed over their rails. It is calculated as a small percentage of the transaction volume and is non-negotiable.

The real-time process where a card network and issuing bank approve or decline a payment transaction. Authorization verifies the card is valid, the account has sufficient funds, and the transaction passes fraud checks.

An authorization hold is a temporary reservation of funds on a cardholder's account, placed by the issuing bank at a merchant's request. Funds remain unavailable to the cardholder until the merchant submits a capture or the hold expires.

Authorization rate is the percentage of payment transactions successfully approved by the issuing bank out of all attempted transactions. A higher rate means more completed sales and less revenue lost to unnecessary declines.

Average Order Value (AOV) is the mean amount spent by a customer per transaction. It is calculated by dividing total revenue by the number of orders over a given period.

Batch processing is the practice of grouping multiple payment transactions together and submitting them for authorization, clearing, or settlement in a single bulk operation rather than one at a time.

Beneficial ownership identifies the natural persons who ultimately own or control a legal entity, even when obscured by corporate layers or nominees. Regulators require payment platforms and financial institutions to collect and verify this information during onboarding.

A billing descriptor is the text that appears on a customer's bank or credit card statement identifying a charge. It typically includes the merchant name, a short description, and sometimes a phone number or URL.

A blended rate is a single, averaged percentage that a payment processor charges merchants for all card transactions, regardless of card type, network, or interchange category. It combines interchange fees, assessments, and processor margins into one flat figure.

Buy Now Pay Later (BNPL) is a short-term financing option that lets consumers split a purchase into installments—often interest-free—paid over weeks or months, with approval decided at checkout in seconds.

Capture is the step that transfers reserved funds from a cardholder's account to the merchant's account after authorization. It finalizes the payment and triggers settlement.

A Card-Not-Present (CNP) transaction occurs when a payment is processed without the physical card being present at the point of sale—typically in ecommerce, phone, or mail-order purchases. Because the merchant cannot verify the card physically, CNP transactions carry higher fraud risk and different liability rules than in-person payments.

Cart abandonment occurs when a shopper adds items to an online shopping cart but leaves without completing the purchase. It is one of the most widespread conversion problems in ecommerce, with an industry-average abandonment rate of 70.19% according to Baymard Institute.

Cascading payments is a retry strategy that automatically routes a failed transaction to an alternative payment processor or acquirer in real time, maximizing approval rates without requiring customer action.

A forced reversal of a payment transaction initiated by the cardholder's bank. Chargebacks can result from fraud, customer disputes, or processing errors. High chargeback rates (above 1%) can lead to account termination and placement on the MATCH list.

Chargeback Monitoring Programs are card network initiatives—run by Visa and Mastercard—that track merchants whose chargeback rates exceed defined thresholds, imposing fines and requiring remediation plans to avoid termination.

Chargeback rate is the ratio of chargebacks received to total transactions processed in a given month, expressed as a percentage. Card networks use it to identify merchants posing financial risk to the payment ecosystem.

A chargeback reason code is a numeric or alphanumeric code assigned by a card network to classify the specific justification a cardholder or issuing bank provides when disputing a transaction. Each code maps to defined rules, evidence requirements, and response deadlines.

Checkout is the final stage of an online purchase where a customer reviews their order, enters payment and shipping details, and confirms the transaction. It is the critical conversion point between cart and completed sale.

Clearing is the process by which a card network reconciles and transmits transaction data between an acquiring bank and an issuing bank after authorization, determining the exact amounts owed before funds are moved.

Conversion Rate Optimization (CRO) is the systematic process of increasing the percentage of website visitors who complete a desired action — such as making a purchase, submitting a form, or completing checkout — through data-driven testing and UX improvements.

Cross-border payments are financial transactions where the payer and recipient are located in different countries, requiring currency conversion, international routing, and compliance with multiple regulatory frameworks.

Customer Acquisition Cost (CAC) is the total spend required to win one new paying customer, calculated by dividing total sales and marketing costs by the number of new customers acquired in a given period.

Direct Debit is a payment method that allows a business to pull funds directly from a customer's bank account, with the customer's prior authorization. It is widely used for recurring billing, subscriptions, and utility payments.

Dunning is the automated process of retrying failed subscription payments and notifying customers to update their billing information. Effective dunning recovers 20-40% of failed charges before they become involuntary churn.

Dynamic Currency Conversion (DCC) lets cardholders pay in their home currency at the point of sale abroad. The merchant's terminal converts the transaction amount in real time, displaying the home-currency total before the cardholder approves.

E-commerce (electronic commerce) is the buying and selling of goods or services over the internet, encompassing transactions between businesses, consumers, and governments. It includes online storefronts, marketplaces, and digital payment processing.

An ecommerce platform is software that enables businesses to build, manage, and operate online stores — handling product listings, inventory, payments, and order fulfillment in one system.

Embedded finance is the integration of financial services—such as payments, lending, insurance, and banking—directly into non-financial platforms and applications, enabling businesses to offer these services without becoming regulated financial institutions.

Embedded payments integrate payment processing directly into a non-financial software platform, enabling users to transact without leaving the application. This eliminates redirects to third-party checkout pages and creates a seamless, native payment experience within any product.

EMV is a global payment standard developed by Europay, Mastercard, and Visa that uses embedded chips in payment cards to authenticate transactions securely. Unlike magnetic stripes, EMV chips generate a unique cryptogram for each transaction, making stolen card data nearly useless for fraud.

Encryption converts readable data into an unreadable format using a cryptographic algorithm and key, so only authorized parties can decrypt and access the original information. It is the foundational security layer protecting payment data in transit and at rest.

End-to-end encryption (E2EE) is a security method that encrypts data at its origin and keeps it encrypted until it reaches the intended recipient, ensuring no intermediary can read or tamper with it in transit.

Enhanced Due Diligence (EDD) is a rigorous identity verification and risk assessment process applied to high-risk customers, transactions, or business relationships that exceed standard KYC/CDD requirements.

FedNow is a real-time interbank payment and settlement service operated by the U.S. Federal Reserve, launched in July 2023. It enables financial institutions to send and receive payments instantly, 24/7/365, with immediate fund availability for end users.

First-party fraud occurs when a legitimate account holder deliberately misrepresents information or abuses financial products for personal gain—such as falsely claiming non-delivery to keep goods and their money.

Force capture is a transaction method that lets merchants submit a capture request without a prior authorization code, using a manually obtained approval code—often from a voice authorization or offline approval—to settle the payment directly.

Fraud is any intentional deception carried out to gain an unfair or unlawful financial advantage, typically at the expense of a merchant, consumer, or financial institution. In payments, fraud encompasses unauthorized transactions, identity theft, and account takeovers.

The process of identifying fraudulent payment transactions in real time using rules, machine learning models, and behavioral signals. Effective fraud detection balances blocking bad actors against minimizing false positives that reject legitimate customers.

Fraud prevention encompasses the strategies, tools, and processes merchants use to stop unauthorized or deceptive transactions before they occur, protecting revenue and customer trust.

Fraud scoring is a real-time risk assessment process that assigns a numerical score to each transaction, indicating the likelihood it is fraudulent. Scores are generated by machine learning models weighing hundreds of signals—device, behavior, velocity, and history—enabling automated accept, review, or decline decisions.

Friendly fraud occurs when a legitimate cardholder makes a purchase, receives the goods or services, then disputes the charge with their bank to obtain a refund while keeping the item. Unlike external fraud, the perpetrator is the actual account holder.

The General Data Protection Regulation is an EU law that governs how organizations collect, store, and process personal data of EU residents. It imposes strict obligations on businesses worldwide and carries fines up to €20 million or 4% of global annual turnover.

A hard decline is a permanent payment rejection issued by the card issuer, indicating the transaction cannot be retried. Unlike soft declines, hard declines signal a fundamental problem with the card or account that retrying will not resolve.

Headless commerce decouples the frontend presentation layer from the backend ecommerce engine, connecting them via APIs. This lets teams build custom storefronts on any technology while keeping order, inventory, and payment logic separate.

A high-risk merchant is a business classified by acquirers and payment processors as having an elevated likelihood of chargebacks, fraud, or regulatory scrutiny. This classification affects which processors will work with the merchant, the fees charged, and the reserve requirements imposed.

A hosted payment page is a secure, third-party checkout page where customers enter payment details, removing the merchant from direct contact with sensitive card data and simplifying PCI compliance.

An Independent Sales Organization (ISO) is a third-party company authorized by a card network or acquiring bank to resell payment processing services to merchants. ISOs act as intermediaries, recruiting merchants and managing relationships on behalf of their acquiring partners.

An interchange fee is a per-transaction fee paid by a merchant's bank (acquirer) to the cardholder's bank (issuer) every time a card payment is processed. It is the largest component of card acceptance costs, typically ranging from 0.2% to 2%+ of transaction value.

Involuntary churn occurs when a subscription is cancelled not because the customer chose to leave, but because a payment failed—due to an expired card, insufficient funds, or issuer decline. Unlike voluntary churn, it is recoverable with the right retry and recovery tooling.

ISO 27001 is the international standard for information security management systems (ISMS), specifying requirements to establish, implement, maintain, and continually improve an organization's information security posture.

An issuer is a financial institution—typically a bank or credit union—that provides payment cards to consumers and is responsible for approving or declining transactions on their behalf.

Know Your Business (KYB) is the process by which payment providers and financial institutions verify the identity, ownership, and legitimacy of a business before granting access to payment services.

Know Your Customer (KYC) is a regulatory compliance process requiring businesses to verify the identity of their customers before establishing a relationship. It prevents money laundering, fraud, and terrorist financing by ensuring merchants know who they are transacting with.

Liability shift transfers fraud-related chargeback responsibility from the merchant to the card issuer when specific authentication or technology requirements are met, reducing the merchant's financial exposure to fraudulent transactions.

Local payment methods are payment instruments that are dominant in a specific country or region, such as iDEAL in the Netherlands, PIX in Brazil, or Alipay in China. They differ from global card networks by catering to local banking infrastructure, consumer habits, and regulatory frameworks.

A merchant account is a type of bank account that allows businesses to accept and process electronic card payments. Funds from card transactions are held in this account before being settled to the business's primary bank account.

The Merchant Discount Rate (MDR) is the total fee a merchant pays to accept card payments, expressed as a percentage of each transaction. It bundles interchange fees, scheme fees, and the acquirer's margin into a single blended rate.

Monthly Recurring Revenue (MRR) is the predictable revenue a subscription business earns each month from active paying customers. It normalizes all subscription plans into a single monthly figure, making it the core metric for tracking subscription business health.

Omnichannel payments is a strategy that unifies payment acceptance across all sales channels — in-store, online, mobile, and social — into a single, consistent customer experience backed by shared data and infrastructure.

One-click payments let returning customers complete a purchase with a single tap or click, using stored payment credentials — no re-entering card details required. They reduce checkout friction and dramatically increase conversion rates for repeat buyers.

A partial refund returns a portion of the original transaction amount to the customer, rather than the full payment. It is used when only part of an order is returned, cancelled, or disputed.

A Payment API is a set of programmatic interfaces that allows software applications to initiate, process, and manage financial transactions. It connects merchants directly to payment networks, processors, and banking infrastructure without handling card data on their own servers.

A Payment Facilitator (PayFac) is a company that aggregates multiple sub-merchants under a single master merchant account, handling underwriting, onboarding, and settlement on their behalf.

A payment form is the data-entry interface that collects card details, billing information, and payment method selection from a customer during checkout. It is the last touchpoint before a transaction is authorized.

A technology service that captures, encrypts, and transmits payment data from the customer to the acquiring bank for authorization. Payment gateways are the bridge between your checkout and the payment network.

A technology layer that sits above individual payment gateways and intelligently routes each transaction to the optimal processor based on card type, geography, fees, and approval rates — with automatic failover if one processor declines.

A payment processor is a company that handles transaction communication between merchants, card networks, issuing banks, and acquiring banks to authorize and settle card payments in real time.

Payment rails are the underlying infrastructure and networks that move money between banks, businesses, and consumers. They define the rules, protocols, and technical pathways that determine how fast, at what cost, and under what conditions funds are transferred.

A Payment Service Provider (PSP) is a company that enables merchants to accept electronic payments by connecting them to card networks, banks, and payment infrastructure. PSPs bundle acquiring, gateway, fraud tools, and settlement into a single contract and integration.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements that any business handling credit card data must follow. PCI compliance protects cardholder data and reduces the risk of data breaches.

Point-to-Point Encryption (P2PE) encrypts cardholder data from the moment a card is swiped, dipped, or tapped at a payment terminal until it reaches a secure decryption environment, rendering the data unreadable to anyone in between.

PSD2 (Payment Services Directive 2) is the EU regulation that mandates Strong Customer Authentication, opens banking APIs to third parties, and sets liability rules for electronic payments across the European Economic Area.

Rapid Dispute Resolution (RDR) is a Visa program that allows issuers to automatically resolve disputes at the network level before a formal chargeback is filed, using merchant-defined rules to issue instant refunds.

Real-Time Payments (RTP) is a payment rail that enables the near-instant transfer of funds between bank accounts 24/7/365, with settlement typically completed in seconds. Unlike ACH or wire transfers, RTP provides immediate finality and instant confirmation to both sender and receiver.

Reconciliation is the process of matching and verifying transaction records across multiple systems—such as a merchant's books, payment processor reports, and bank statements—to ensure they are consistent and accurate.

Recurring payments are automatic charges collected from a customer at regular intervals — weekly, monthly, or annually — based on a stored payment method. They power subscription businesses, SaaS billing, and membership models by eliminating manual re-authorization on every cycle.

A refund is a transaction that returns funds to a customer after a completed payment. Unlike a void, which cancels a transaction before settlement, a refund processes as a new credit back to the original payment method.

A rolling reserve is a risk-management tool where an acquirer withholds a percentage of a merchant's settlement funds for a fixed period, then releases them on a rolling basis as the hold window expires.

Sanctions screening is the process of checking customers, transactions, and counterparties against government and international watchlists to prevent prohibited parties from accessing financial services.

Scheme fees are charges levied by card networks such as Visa, Mastercard, and American Express on transactions processed through their payment rails. They are paid by acquirers and issuers, then typically passed through to merchants as part of overall card acceptance costs.

SEPA (Single Euro Payments Area) is a European payment integration initiative that enables cashless euro payments across 36 countries using unified standards, making cross-border transfers as simple and cost-effective as domestic ones.

Settlement is the process by which funds from a completed transaction are transferred from the issuing bank to the merchant's account, finalizing the payment after authorization and capture. It typically occurs 1–3 business days after the original transaction.

Smart retry is an automated payment recovery strategy that intelligently re-attempts failed transactions using optimized timing, routing, and card network rules to maximize authorization rates without triggering fraud flags.

An automated system that analyzes each payment transaction in real time and directs it to the processor most likely to approve it, based on card type, geography, amount, and historical performance data.

SOC 2 is an auditing framework developed by the AICPA that evaluates how service organizations manage customer data across five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy.

Strong Customer Authentication (SCA) is a regulatory requirement under PSD2 that mandates multi-factor verification for electronic payments in Europe, combining at least two of three elements: knowledge, possession, and inherence.

Subscription billing is a payment model where customers are charged automatically on a recurring schedule—weekly, monthly, or annually—in exchange for ongoing access to a product or service.

A SAR is a mandatory report filed by financial institutions and payment businesses when they detect transactions that may signal money laundering, fraud, or other financial crimes. Regulators use SARs as a primary intelligence tool to investigate illicit activity.

Synthetic identity fraud is when fraudsters fabricate a new identity by combining real and fictitious personal data—such as a valid SSN with a fake name—to open accounts, build credit, and ultimately commit large-scale financial theft.

The process of replacing sensitive card data with a non-sensitive token that can be stored and reused for future transactions. Tokenization enables one-click purchases, subscription billing, and dramatically reduces PCI compliance scope.

Underwriting is the risk assessment process payment providers use to evaluate a merchant's business before approving a merchant account. It determines credit limits, reserve requirements, and processing fees based on financial and operational risk.

A virtual terminal is a web-based application that lets merchants accept card payments by manually entering card details into a browser interface, without requiring a physical card reader or POS hardware.

A void transaction cancels a payment authorization before it settles, preventing funds from ever leaving the cardholder's account. Unlike a refund, no money changes hands — the hold is simply released.

Webhooks are HTTP callbacks that send real-time event notifications from one system to another. When a payment event occurs, a webhook pushes data to your endpoint instantly — no polling required.