Glossary
This page provides a list of glossary terms used in this guide.
-
The merchant acquirer or bank that offers the merchant a trading account, to enable the merchant to take payments in store or online from cardholders.
-
Cryptogram created when a transaction is declined, helping issuers validate their risk management processes. See also: Application Cryptogram.
-
The Application Cryptogram is an encrypted value generated by the EMV chip card during a transaction. It is used for transaction validation, fraud prevention and data security. here are several types of application cryptograms used in EMV transactions: ARQC, ARPC and AAC.
-
This includes checks to confirm the cardholder identity, such as PIN, CVV2 and CAVV.
-
Stage where a merchant requests approval for a card payment by sending a request to the card issuer to check that the card is valid, and that the requested authorisation amount is available on the card. At this stage the funds are not deducted from the card.
-
Cryptogram generated by the card when a transaction is initiated and sent to the issuer for authorization. It validates that the transaction details match what is expected and confirms that the card is legitimate. See also: Application Cryptogram.
-
Cryptogram generated by the issuer in response to an ARQC. It indicates whether the transaction has been approved or declined and provides additional verification. See also: Application Cryptogram.
-
The Bank Identification Number (BIN) is the first six to eight numbers on a payment card, which identifies the institution that issues the card.
-
Thredd has relationships with existing card manufacturers, who we can instruct to print your cards. We use Secure FTP (sFTP) to send the card manufacturer a generated bulk XML file containing card details. This is sent on a daily basis, or at a frequency that can be customised for your service. The card manufacturer prints the cards and sends to the cardholder.
-
Card network, such as MasterCard, Visa and Discover, responsible for managing transactions over the network and for arbitration of any disputes.
-
The card chip provides a list of permitted methods that can be used by the terminal or device to verify the identity of the cardholder. Common methods include: PIN verification (offline and online), signature verification and no verification.
-
A proprietary data element that specifies which cryptographic algorithm is employed during transaction processing. The CVN is included in the Issuer Application Data (IAD) and can influence how cryptographic keys are derived and how transaction data is processed. Different versions of CVN correspond to different processing methods and security protocols used by various card schemes, such as Visa or MasterCard.
-
A payment card chip standard, to ensure all EMV cards work in all EMV terminals. Derived from the names of the three payment systems that wrote it: Europay, Mastercard and Visa. See www.emvco.com for more information
-
The card issuer, typically a financial organisation authorised to issue cards. The issuer has a direct relationship with the relevant card scheme (payment network).
-
The MAC length typically refers to the size of a MAC (Message Authentication Code) in cryptographic contexts. The length of a MAC can vary depending on the specific algorithm being used. Common MAC lengths are 128, 160, and 256 bits depending on the specific method used.
-
Mastercard Chip and PIN Application, is a specification developed by MasterCard for the secure processing of transactions using EMV (Europay, Mastercard, and Visa) chip cards. It outlines the protocols and standards for card authentication, transaction processing, and data security in environments where chip-and-PIN is used.
-
The shop or store providing a product or service that the cardholder is purchasing. A merchant must have a merchant account, provided by their acquirer, in order to trade. Physical stores use a terminal or card reader to request authorisation for transactions. Online sites provide an online shopping basket and use a payment service provider to process their payments.
-
A unique identifier of the merchant, to identity the type of account provided to them by their acquirer.
-
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations that handle credit cards from the major card schemes (payment networks). All Program Managers who handle customer card data must be compliant with this standard. See: https://www.pcisecuritystandards.org/pci_security/
-
The PAN is the long number (typically 16-19 digits) that is either printed or embossed on the card.
-
The Product Setup Form is a spreadsheet that provides details of your Thredd account setup. The details are used to configure your Thredd account.
-
A Thredd customer who manages a card program. The program manager can create branded cards, load funds and provide other card or banking services to their end customers.
-
The 9-digit token is a unique reference for the PAN. This is used between and clients to remove the need for clients to hold actual PANs.
-
Checks to confirm the card is valid, such as CHIP cryptograms, mag-stripe data (if available) and expiry date
-
Outlines the requirements for conducting secure contactless transactions at point-of-sale (POS) devices.
-
A set of standards covering aspects of transaction processing such as security protocols, data formats, and communication methods between payment devices and networks.