.png?width=300&height=300&name=Untitled%20design%20(6).png)
Payment Industry Terms Glossary
Payment Card Industry Glossary
Alphabetized, searchable reference for PCI/Payments terminology used in training, support, and enablement.
| Term | Definition | Category |
|---|---|---|
| Account Number (PAN) | Primary Account Number printed/encoded on the card; uniquely identifies the cardholder account. | Card Data |
| Acquirer | Financial institution or processor that signs merchants and processes their card transactions. | Participants |
| Address Verification Service (AVS) | Issuer check comparing submitted billing address to the address on file to reduce fraud. | Fraud & Risk |
| Adjustment | Processor-driven correction to a settled transaction, often resolving disputes or errors. | Processing |
| AID (Application Identifier) | EMV identifier on the card/terminal that selects the correct application for processing. | Hardware & POS |
| Approval Code | Code returned by issuer indicating an authorization was approved. | Processing |
| Attestation of Compliance (AOC) | PCI DSS form confirming an entity's assessment results and compliance status. | Compliance |
| Batch | Group of approved authorizations queued for settlement/funding. | Processing |
| Batch Close / Z-Batch | Action that submits the open batch for settlement; typically daily closeout. | Processing |
| BIN (Bank Identification Number/IIN) | First 6–8 digits of the PAN identifying the issuing institution. | Card Data |
| Blacklist | List of blocked cards, devices, or accounts used by risk systems to prevent fraud. | Fraud & Risk |
| Capture | Step that converts an authorization into a transaction to be settled. | Processing |
| Card-Not-Present (CNP) | Transaction where the card is not physically presented—e.g., e-commerce or mail/phone order. | Processing |
| Card-Present | In-person transaction using chip, contactless, or swipe at a terminal. | Processing |
| Card Verification Value (CVV/CVC) | 3–4 digit code used to verify card possession; cannot be stored post-auth. | Card Data |
| Cardholder Data (CHD) | Data such as PAN, cardholder name, expiration date, and service code. | Card Data |
| Cardholder Data Environment (CDE) | People, processes, and systems that store, process, or transmit CHD or can impact its security. | Security |
| Chargeback | Issuer-initiated reversal of a transaction due to dispute or rule violation. | Processing |
| Chargeback Reason Code | Network-specific code describing why a chargeback was initiated. | Processing |
| Compliance Report | Assessment documentation (e.g., ROC/SAQ) demonstrating PCI DSS status. | Compliance |
| Contactless (NFC) | Tap-to-pay using NFC cards or wallets (Apple Pay, Google Pay). | Hardware & POS |
| Credential-on-File (CoF) | Stored credential used for recurring or merchant-initiated transactions under card-brand rules. | Processing |
| Cryptogram | EMV/Tokenization-based cryptographic proof used to authenticate a transaction. | Security |
| CSC/CID | Alternative names for CVV by some networks (Card Security Code/Card Identification). | Card Data |
| Customer Present/Not Present | Indicator specifying whether the cardholder was physically present during payment. | Processing |
| Data Breach | Unauthorized exposure of sensitive data such as PAN or SAD. | Security |
| Data Encryption | Transforming data into unreadable form to protect confidentiality in transit or at rest. | Security |
| Deferred Authorization | Auth sent later due to connectivity limits; riskier and rule-bound. | Processing |
| Descriptor | Merchant name/text shown on the cardholder statement. | Processing |
| Digital Wallet | Tokenized payment credential stored on devices/apps (e.g., Apple Pay). | Digital Wallets & Alt Pay |
| Dispute | Cardholder contesting a transaction; may escalate to chargeback. | Processing |
| Do Not Honor (05) | Generic issuer decline with no specific reason provided. | Processing |
| EMV (Chip) | Global chip standard (Europay, Mastercard, Visa) enabling stronger card authentication. | Hardware & POS |
| eCommerce Indicator (ECI) | Code signaling authentication/3-DS status for online transactions. | Processing |
| Encryption Key Management | Policies/tools for generating, storing, rotating, and revoking cryptographic keys. | Security |
| Exemption (SCA/PSD2) | Regulatory carve-outs allowing friction-reduction in strong authentication regimes. | Compliance |
| Expiration Date | Month/year when a card becomes invalid; part of CHD. | Card Data |
| Fallback | When chip fails and terminal requests swipe/manual entry; increases risk. | Hardware & POS |
| FAN (Funding Account Number) | Account used to settle funds in merchant acquiring. | Processing |
| Fraud Filter | Automated rules/ML models blocking high-risk attempts (velocity, geo, AVS, device). | Fraud & Risk |
| Friendly Fraud | Cardholder disputes a legitimate purchase (e.g., forgotten/household use). | Fraud & Risk |
| Full Track Data | Magnetic-stripe data; storing post-auth is prohibited by PCI. | Card Data |
| Gateway | Secure interface routing merchant transactions to processors/acquirers. | Participants |
| Granular Access Control | Least-privilege rights limiting who can access CHD/CDE systems. | Security |
| Hard Decline | Issuer/processor refusal that will not succeed on retry (e.g., stolen card). | Processing |
| HSA/FSA Card | Health benefit cards usable only at eligible MCCs and merchants. | Compliance |
| Interchange | Fees set by card networks and paid to issuers; vary by risk/card type/MCC. | Processing |
| Issuer | Bank or financial institution that issues cards to cardholders. | Participants |
| Issuer Unavailable (91) | Temporal network/issuer outage leading to soft decline. | Processing |
| Just-in-Time (JIT) Provisioning | Creating short-lived access credentials when needed to reduce standing privileges. | Security |
| Key Injection Facility (KIF) | Secure site where cryptographic keys are loaded to terminals/POI devices. | Hardware & POS |
| Kernel (EMV Kernel) | Terminal software implementing EMV application logic and card interaction. | Hardware & POS |
| L2 / L3 Processing Data | Enhanced invoice/line-item data submitted to qualify for better interchange. | Processing |
| Latency (Payments) | Time between request and response; high latency elevates declines/abandonment. | Processing |
| MCC (Merchant Category Code) | Four-digit code classifying merchant industry; affects acceptance and feeing. | Compliance |
| Merchant ID (MID) | Unique identifier assigned to a merchant by the acquirer. | Participants |
| Merchant Initiated Transaction (MIT) | Payment initiated by the merchant using stored credentials with cardholder consent. | Processing |
| Message Reason Code | Code describing why a message (e.g., chargeback, representment) was sent. | Processing |
| Mobile Wallet Provisioning | Adding a card to a wallet; involves device checks, tokenization, and issuer approval. | Digital Wallets & Alt Pay |
| Network Token | Token issued by card networks replacing PAN for safer storage and lifecycle updates. | Security |
| NFC (Near Field Communication) | Short-range wireless tech enabling contactless transactions. | Hardware & POS |
| Offline Authorization | EMV decision at terminal/card without host call; used with risk parameters. | Hardware & POS |
| On-Us Transaction | When acquirer and issuer are the same entity/network, potentially faster routing. | Processing |
| Partial Approval | Issuer approves part of the amount; merchant collects remainder via split tender. | Processing |
| Password Vaulting | Secure storage/rotation of privileged credentials for PCI scope reduction. | Security |
| PA-DSS / SSF | Legacy app standard; replaced by PCI Secure Software Framework for payment software. | Compliance |
| Payment Facilitator (PayFac) | Entity that onboards sub-merchants under a master merchant account. | Participants |
| PCI DSS | Security standard for entities that store, process, or transmit cardholder data. | Compliance |
| PCI P2PE | Validated point-to-point encryption solution that can reduce PCI scope. | Security |
| PED/POI | Payment input device/terminal where card data is captured. | Hardware & POS |
| PIN / PIN Block | Personal identification number and its encrypted block used for cardholder verification. | Card Data |
| Pre-Authorization | Hold placed to reserve funds before final amount is known (e.g., hotels, fuel). | Processing |
| PAN Truncation | Masking PAN on receipts/exports to show only permitted digits. | Security |
| Processor | Routes transactions between merchant, acquirer, networks, and issuer. | Participants |
| PSD2 / SCA | EU regulation requiring strong customer authentication in most electronic payments. | Compliance |
| Proxy PAN (DPAN) | Device-specific PAN used in wallets; mapped to real PAN by token vault. | Security |
| Qualified Security Assessor (QSA) | PCI SSC-approved assessor who validates PCI DSS compliance. | Compliance |
| Quiet Period (Disputes) | Interval when parties await network timelines before next dispute step. | Processing |
| Reason Code (Decline/Chargeback) | Numeric/alphanumeric indicator for declines or disputes. | Processing |
| Recurring Transaction | Merchant bills a card at agreed intervals using stored credential frameworks. | Processing |
| Refund | Reversal of a settled transaction; funds returned to the cardholder. | Processing |
| Representment | Merchant response to a chargeback with evidence to re-claim funds. | Processing |
| Risk Score | Model output estimating fraud likelihood to allow/decline or review. | Fraud & Risk |
| ROC (Report on Compliance) | Formal report produced by a QSA for entities undergoing full assessment. | Compliance |
| SAQ (Self-Assessment Questionnaire) | PCI DSS self-validation forms for eligible merchants/service providers. | Compliance |
| Secure Element | Tamper-resistant hardware for storing cryptographic secrets (e.g., wallets/POI). | Hardware & POS |
| Secure Remote Commerce (SRC) | Card-network standard ("Click to Pay") for streamlined, tokenized checkout. | Digital Wallets & Alt Pay |
| Security Incident | Event that compromises confidentiality, integrity, or availability of systems or data. | Security |
| Sensitive Authentication Data (SAD) | Full track data, CVV/CVC, PINs/PIN blocks; must never be stored post-auth. | Card Data |
| Settlement | Finalization/transfer of funds for captured transactions to the merchant. | Processing |
| SFTP (Secure File Transfer Protocol) | Encrypted file transfer used for settlement files and reporting. | Security |
| Skimming | Illegal capture of card data at compromised terminals or ATMs. | Fraud & Risk |
| Soft Decline | Temporary refusal (e.g., issuer/network error) that may succeed on retry. | Processing |
| Strong Customer Authentication (SCA) | Two-factor authentication under PSD2 using knowledge/possession/inherence. | Compliance |
| Surcharging | Passing card fees to customers; subject to brand rules and local laws. | Compliance |
| System Components (PCI Scope) | Servers, networks, applications in or connected to the CDE. | Security |
| Tap to Pay | Contactless card/device payment using NFC and tokenized credentials. | Hardware & POS |
| Terminal ID (TID) | Unique identifier for a payment terminal used in routing and support. | Hardware & POS |
| Three-Domain Secure (3-D Secure) | Card-not-present authentication protocol (e.g., EMV 3-DS) shifting liability in many cases. | Digital Wallets & Alt Pay |
| Tokenization | Replacing PAN with non-sensitive tokens for storage and reuse. | Security |
| Track Data (Track 1/2) | Magstripe/EMV equivalent data; storage prohibited after authorization. | Card Data |
| Transaction ID (TxnID) | Unique reference for each processed payment used for reconciliation. | Processing |
| Transaction Risk Analysis (TRA) | Risk-based evaluation allowing SCA exemptions under PSD2 rules. | Fraud & Risk |
| Unattended Terminal | POS without cashier (kiosks, pumps); special hardware/rules apply. | Hardware & POS |
| Underwriting (Merchant) | Risk assessment when approving a merchant for acquiring services. | Participants |
| Velocity Checks | Rules limiting number/amount of attempts in a period to reduce fraud. | Fraud & Risk |
| Void | Cancels a transaction before settlement; no refund posting required. | Processing |
| Whitelist | Approved list bypassing some risk controls for known customers/devices. | Fraud & Risk |
| Wallet Token | DPAN assigned to a specific device card in a mobile wallet. | Security |
| XID (3-DS Transaction ID) | Transaction identifier used in legacy 3-D Secure versions. | Digital Wallets & Alt Pay |
| Zero Amount Authorization | Auth with $0 to verify card and retrieve network token/cryptogram. | Processing |
| Z Report (End-of-Day) | Summary report generated during daily close (often same time as batch close). | Processing |
Note: Definitions are concise for training. For formal compliance language, reference current PCI SSC publications.