|   FAQs   |   CONTACT   |   CAREERS   |   Log In   |

Glossary of Industry Terms

ABCDEFGHIJKLMNOPQRSTUVWXYZ


Include special terms? Include Show selected special terms only
                                           PCI Related Terms Technical Terms

Sale

A transaction between a merchant and a consumer.
 

Sales Draft

Evidence of a purchase of goods or services by a Cardholder from Client using a Card, regardless of whether the form of such evidence is in paper or electronic form or otherwise, all of which must conform to Association Rules.
 
A form showing an obligation on the cardholder\'s part to pay money (i.e., the sales amount) to the card issuer. This is the piece of paper that is signed when making the purchase. Sales draft data can be captured electronically and sent to be processed over the phone lines. Also see Electronic Data Capture.
 

Sanitization

(PCI) (Technical)
Process for deleting sensitive data from a file, device, or system; or for modifying data so that it is useless if accessed in an attack
 

Schedules

The attachments, addenda and other documents, including revisions thereto, which may be incorporated into and made part of the Merchant Agreement.
 

Secure Electronic Transaction (SET)

The system of providing safety of payments for bank cards, developed by the companies VISA, MasterCard, Microsoft and by several leading banks, based on the coding with the open key of the information, connected with the parameters of the card, and with the separation of information between participants in the transaction in such a way that none of the participants in the calculations possesses information wholly. With the aid of standard SET, the buyer and salesperson can unambiguously identify each other, after exchanging the digital SET- certificates.
 

Secure Hash Algorithm

(PCI) (Technical)
A family or set of related cryptographic hash functions. SHA-1 is most commonly used function. Use of unique salt value in the hashing function reduces the chances of a hashed value collision
 

Secure Payment Gateway

Secure Payment Gateway companies help other Processors conduct secure business on the internet using Secure
 

Secure Payment Software

(Technical)
In order to conduct secure business on the web, the Secure Gateway Provider runs a Secure Host System, and sells/licenses software modules that allow Shopping Carts and other applications to request and receive Credit Card Authorizations via their system using encrypted communications. (This is called Real Time Authorization.)
 
The other features of this licensed software are the functions provided to merchants online when they connect to the Secure Payment Gateway host; merchant can access their own account information, use a “Virtual Terminal” to conduct transactions, handle administrative tasks, etc. (These features all “live” on the provider’s Host computer system.)
 

Secure Server

(Technical)
A secure server is a web server other computer connected to the Internet that supports any of the major security protocols, such as SSL, that encrypt and decrypt messages to protect them against third-party tampering or fraudulent use.
 

Secure shell

(Technical)
Protocol suite providing encryption for network services like remote login or remote file transfer.
 

Secure Socket Layer

(Technical)
A system for encrypting data sent over the Internet, including e-commerce transactions and passwords. With SSL, client and server computers exchange public keys, allowing them to encode and decode their communication.
 
Established industry standard, it encrypts the channel between a web browser and web server to ensure the privacy and reliability of data transmitted over this channel
 
 
 

Secure Socket Layer (SSL)

(Technical)
A protocol running over a network protocol which provides secure communication for passing credit card data, authorization requests, and authorization responses over the internet using encryption technology.
The transaction information is sent by the Payment Gateway secure server via leased line to the credit card network where the validity of the card is checked and the availability of funds on that account is verified. An authorization code is returned via leased line to the Payment Gateway; the authorization is encrypted by the Payment Gateway and transmitted in encrypted form to the web server of the merchant, which triggers fulfillment of the order.
 

Security Officer

(PCI)
Primary responsible person for security related affairs of an organization
 

Security policy

(PCI)
Set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information
 

Self-Service Terminal

A Customer Activated Terminal that accepts payment of goods or services such as prepaid cards or video rental, has electronic capability, and does not accept PINs.
 

Sensitive Authentication Data

(PCI) (Technical)
Security-related information (Card Validation Codes/Values, complete track data, PINs, and PIN Blocks) used to authenticate cardholders, appearing in plaintext or otherwise unprotected form. Disclosure, modification, or destruction of this information could compromise the security of a cryptographic device, information system, or cardholder information or could be used in a fraudulent transaction
 

Separation of duties

(PCI)
Practice of dividing steps in a function among different individuals, so as to keep a single individual from being able to subvert the process
 

Server

(PCI) (Technical)
Computer that providers a service to other computers, such as processing communications, file storage, or accessing a printing facility. Servers include, but are not limited to web, database, authentication, DNS, mail, proxy, and NTP (Network Time Protocol)
 

Service Code

Three- or four-digit number on the magnetic-stripe that specifies acceptance requirements and limitations for a magnetic-stripe read transaction.
 

Service Provider

Business entity that is not a payment card brand member or a merchant directly involved in the processing, storage, transmission, and switching or transaction data and cardholder information or both. This also includes companies that provide services to merchants, services providers or members that control or could impact the security of cardholder data. Examples include managed service providers that provide managed firewalls, IDS and other services as well as hosting providers and other entities. Entities such as telecommunications companies that only provide communication links without access to the application layer of the communication link are excluded.
 

Service set identifier

(PCI)
Name assigned to wireless WiFi or IEEE 802.11 network
 

Services

The activities undertaken by Processor and Bank to authorize, process and settle all U.S. Dollar denominated Visa, MasterCard and Discover Card transactions undertaken by Cardholders at Client
 

Session Key

(Technical)
The key for the symmetrical coding, which is used for a limited time, is more frequent used for a protected connection, for example, on protocol SSL.
 

Settlement

The process by which merchant and cardholder banks exchange financial data and value resulting from sales transactions, cash disbursements and merchandise credits. It is the process by which Visa and MasterCard transfer funds between a cardholders account at the issuing bank and merchant’s account at the acquiring bank. Settling a transaction involves withdrawing funds from the cardholder\'s account and depositing them into the merchant\'s account. If the transaction is a refund, the process is opposite from the above description. The acquiring bank transfers those funds directly to your business checking account.
 
Settlement is the reporting of settlement amounts owed by one member to another, or to a card issuing concern, as a result of clearing. This is the actual buying and selling of transactions between the merchants, processors, and acquirers; along with the card issuing entities.
 

See also Capture.

See also Clearing.

Settlement Account

An account at a financial institution designated by Client as the account to be debited and credited by Processor or Bank for Card transactions, fees, Chargebacks and other amounts due under the Agreement or in connection with the Agreement.
 

Settlement Bank

A bank, including a correspondent or intermediary bank, that is both located in the country where a member\'s settlement currency is the local currency, and authorized to execute settlement of interchange on behalf of the member or the member\'s bank.
 

Setup Fee

A setup fee is a nominal amount charged by a merchant account service provider when a merchant account is established. Setup fees may include application fees, software licensing fees, and equipment purchases.
 

SHA

(PCI) (Technical) See Secure Hash Algorithm.

Shopping Basket

As a consumer shops online, Items may be added to a \'virtual\' shopping basket. The basket is simply a list of the items selected to buy, together with the necessary details (number selected, price of each item etc). Consumers can review what\'s in their basket at any time they shop. The contents of the shopping cart are used in the virtual checkout and payment of purchases.
 

Shopping Cart Applications

These applications typically provide a means of capturing a consumers purchase and also collecting the consumers Credit Card information.
 

See also Shopping Basket.

Shopping Cart Software Providers

Shopping Cart Software Providers are software companies that either produce, utilize or resell Shopping Cart Applications (programs) that display merchandise and/or services, and take orders for merchants.
 

Simple Network Management Protocol

(Technical)
Supports monitoring of network-attached devices for any conditions that warrant administrative attention
 

Smart Card

A plastic card containing a computer chip that can store electronic "money". Unlike a credit card, a smart card can only spend out the dollar amount its owner has already put into the card account. It\'s similar in function to a prepaid calling card but is available for all purchases.
 

Software Application (Software)

(Technical)
Relating to credit card processing, typically a point of sale Terminal Application or PC or Internet Application that runs transactions and associated administration.
 
Software that provide functionality to users and/or other software applications. The software might be accessed via a browser, POS device, PC, or a cell phone.
 

Sole Proprietorship

A business in which you have complete control and responsibility.
 

Split Dial/Capture

A process which allows the Authorization terminal to dial directly to different Card processors (e.g., AmEx) for Authorization. In this instance, the merchant cannot be both EDC and Split Dial. Split Dial is also utilized for Check Guarantee companies.
 

Split knowledge

(PCI)
Condition in which two or more entities separately have key components that individually convey no knowledge of the resultant cryptographic key. It is a process of using two or more separate entities (usually persons) operating in concert to protect sensitive functions or information. Both entities are equally responsible for the physical protection of materials involved in vulnerable transactions. No single person is permitted to access or use the materials (for example, the cryptographic key). For manual key generation, conveyance, loading, storage, and retrieval, dual control requires dividing knowledge of the key among the entities.
 

Sponsor

The sponsor bank of Visa and MasterCard to whom the rights and obligations of this agreement may be assigned.
 

Sponsoring Bank

A Sponsoring Bank is a Chartered Bank or S & L that has obtained membership in Visa or MasterCard in order to allow a Processor access to the Visa and MasterCard networks ( in order to process these types of transactions).
 
Since only a Bank may join Visa or MasterCard, many Processors make deals with a Sponsoring Bank in order to gain access to the Visa and MasterCard networks.
 
Because these Sponsoring agreements are usually like a partnership, the line between the Sponsoring Banks and their Processors is not always clear; sometimes the partnership is referred to by the name of the bank, while other times they are referred to by the name of the Processor.
 

SQL

(PCI) (Technical) See Structured Query Language.

SQL injection

(PCI) (Technical)
SQL Injection is a form of attack on database-driven web site. An attacker executes unauthorized SQL commands by taking advantage of insecure code on system connected to the Internet. SQL injection attacks are used to steal information from a database from which the data would normally not be available and/or to gain access to an organization’s host computers through the computer that is hosting the database
 

SSH

(Technical) See Secure shell.

SSL

(Technical) See Secure Socket Layer.

(Technical) See Secure Socket Layer (SSL).

SSL Certificate

SSL (Secure Sockets Layer) certificates are files, regularly installed on safe online servers, that recognize a specific website.
 

See also Secure Socket Layer.

Standard

The lowest level of qualification (most expensive) in which a transaction can interchange.
See Tiered Pricing.
 

See also Tiered Pricing.

Standard Entry Class Code

The 3-letter code that identifying the class of ACH transaction. CCD, POP, POS, PPD, RCK, TEL, TRC, TRX, WEB, XCK are all standard entry class codes.
 

Standard Floor Limit

A floor dollar limit that varies by merchant type. This refers to a dollar limit on transactions above which authorization requests are required.
 

Standard Industry Code/Merchant Category Code

The SIC code is a four-digit, numeric identifier of merchant business types. There are thousands of these codes, all of them defined by VISA International in the VISA USA Merchant Data Manual.  This system is being replaced by the NAICS Coding system.
 

Statement

A record prepared by a financial institution, usually once a month, listing all transactions for an account, including deposits, withdrawals, checks, electronic transfers, fees and other charges, and interest credited or earned. The statement is usually mailed to the customer, but may be maintained in electronic form for access on the internet by the merchant.
 

Statement Fee

The fixed periodic payment for the use of a Merchant Account.
 

Store and Forward

A transaction that has been authorized by a merchant when the merchant cannot obtain an Authorization while the customer is present, typically due to a communications failure. The merchant will store the transaction electronically in their host system and retransmit the transaction when communications have been restored.
 

Stored-value Card

A stored-value card is a credit-card-sized device, implanted with a computer chip, with stored money value. A reloadable stored-value card can be reused by transferring value to it from an automated teller machine or other device. A disposable card cannot be reloaded.
 

Strong Cryptography

(PCI) (Technical)
General term to indicate cryptography that is extremely resilient to cryptanalysis. That is, given the cryptographic method (algorithm or protocol), the cryptographic key or protected data is not exposed. The strength relies on the cryptographic key used. Effective size of the key should meet the minimum key size of comparable strengths recommendations. One reference for minimum comparable strength notion is NIST Special Publication 800-57, August, 2005 (http://csrc.nist.gov/publications/) or others that meet the following minimum comparable key bit security:
• 80 bits for secret key based systems (for example TDES)
• 1024 bits modulus for public key algorithms based on the factorization (for example, RSA)
• 1024 bits for the discrete logarithm (for example, Diffie-Hellman) with a minimum 160 bits size of a large subgroup (for example, DSA)
• 160 bits for elliptic curve cryptography (for example, ECDSA)
 
 

Structured Query Language

(PCI) (Technical)
Structured (English) Query Language. Computer language used to create, modify, and retrieve data from relational database management systems
 

Submission

The process of sending Batch deposits to Processor for processing. This may be done electronically or by mail.
 

Summary Adjustment

An adjustment to your Submission and/or Settlement Accounts in order to correct errors.
 

Surcharges

Additional charges to a merchants standard processing fees.
 

Suspect Merchant

A suspect merchant is one who has a large amount of questionable transactions in relation to the total business conducted over a fixed period of time. While many factors are used to determine whether or not a merchant is suspect, highly suspect or not suspect at all, the single most damaging category are transactions that were recorded on or near a date that a credit card was reported lost or stolen.
 

Suspended Batch

Occurs when a batch of transactions cannot be released to interchange because of a problem.
 

Swipe

A Swipe refers the passage of a magnetic stripe card through a payment processing terminal to process a transaction. The card is run through the terminal which reads the information off of the card with a magnetic reader. It submits it to a merchant service provider and card issuer simultaneously in order process a sales transaction or related transactions for a merchant and customer.
 
The alternate method of getting this information into the terminal is by manually keying it in. The value of swiping cannot be overstated in that it documents the physical presence of the card at the point-of-sale. By definition, all swiped transactions are face-to-face transactions.
 

Swipe Discount Rate

The discount rate charged by a merchant account provider for transactions in which a credit card is available for inspection by the merchant. Swipe discount rates are generally lower than MOTO discount rates because the merchant can match signatures and perform other checks for fraud or misuse.
 

Swiped Card

Used in card-present situations where the credit card information is transferred from the magnetic stripe to a card reader for authorization.
 

Symmetric Cryptography

(PCI) (Technical)
A symmetrical cryptography algorithm uses a single key to both encode and decode the same piece of data.
 

System Components

(PCI) (Technical)
Any network component, server, or application included in or connected to the cardholder data environment
 

ABCDEFGHIJKLMNOPQRSTUVWXYZ

PE Systems has analyzed approximately $270,462,947,108.07 in revenue for our clients (over a quarter of a trillion dollars and counting).
Contact us today and let our patented and proprietary analytics find savings for you too!
or click below to send an email to us at: information@pesystemscorp.com
 
Our relationship with them and the savings that they have provided us with have been extremely beneficial to our University…
Quinnipiac





   © 2009 PE Systems   |    Privacy Policy   |    Site Map   |
Click to learn about the Electronic Transactions Association.     Click to verify BBB accreditation and to see a BBB report.