Glossary
This page provides a list of glossary terms used in this guide.
-
3D Secure (3-domain structure), also known as a payer authentication, is a security protocol that helps to prevent fraud in online credit and debit card transactions. This security feature is supported by Visa and Mastercard and is branded as ‘Verified by Visa’ and ‘Mastercard SecureCode’ respectively.
-
Pass code or activation code which you supply to Thredd. You can use the access code to authenticate user access to card services or to request a user to activate the card by entering their access code.
-
An AVS check compares the billing address used in the transaction with the issuing bank’s address information on file for that cardholder. Depending on whether they match fully, partially, or not at all, the merchant can use that information in their decision on whether or not to accept or cancel the order. AVS is one of the most widely used fraud prevention tools in card-not-present transactions.
-
Apata provide an Access Control Server (ACS) that enables support for the 3D Secure cardholder authentication scheme. See: https://apata.com/
-
Controls the dates and times when authorisations on a card are allowed. You can use this option to control when the card can be used, for example, prevent usage on weekends or out of hours.
-
A Bank Identification Number, or BIN, refers to the initial sequence of 4 to 6 numbers on a credit card and used to identify the card’s issuing bank or other financial institution. The BIN is the lynch pin that ties an issuer to its cards and transactions.
-
The Linkage Group set up in Smart Client controls various parameters related to linked cards; for details, check with your Implementation Manager.
-
Thredd instructs existing card manufacturers (that it has relationships with) to print cards. Thredd uses Secure FTP (sFTP) to send the card manufacturer a generated bulk XML file containing card details. This is sent on a daily basis, or at a frequency that can be customised for your service. The card manufacturer prints the cards and sends to the cardholder. Any white label test cards are typically sent to Thredd, the Program Manager and the Card Schemes (payment networks).
-
3 digit code on the magnetic strip of a card which indicates where it is valid for use.
-
The Card Verification Value (CVV) on a credit card or debit card is a 3 digit number on VISA, MasterCard and Discover branded credit and debit cards. Cardholder's are typically required to enter the CVV during any online or cardholder not present transactions. CVV numbers are also known as CSC numbers (Card Security Code), as well as CVV2 numbers, which are the same as CVV numbers, except that they have been generated by a 2nd generation process that makes them harder to guess.
-
Cardinal Commerce provide an Access Control Server (ACS) that enables support for the 3D Secure cardholder authentication scheme. See: https://www.cardinalcommerce.com
-
Where a cardholder disputes a transaction on their account and is unable to resolve directly with the merchant, they can raise a chargeback with their card issuer. The chargeback must be for a legitimate reason, such as goods and services not received, faulty goods, or a fraudulent transaction.
-
The number of sessions (concurrent requests) that can be processed by the Thredd server at the same time. This figure may vary, depending on server load and performance, which affects the response time. For example, an average server response time of 0.05ms.
-
The Card Verification Value (CVV) on a credit card or debit card is a 3 digit number on VISA, MasterCard and Discover branded credit and debit cards. Cardholder's are typically required to enter the CVV during any online or cardholder not present transactions. CVV numbers are also known as CSC numbers (Card Security Code), as well as CVV2 numbers, which are the same as CVV numbers, except that they have been generated by a 2nd generation process that makes them harder to guess.
-
Device PAN. The PAN value set up on the cardholder’s device. This is not visible to the cardholder, but is the PAN used for the transactions as far as the merchant is concerned.
-
European Economic Area
-
External Host Interface (EHI) is a Thredd facility that enables exchange of data between the Thredd processing centre and external systems using online web services. All transaction data processed by Thredd is transferred to the External Host side via EHI in real time. For certain types of transactions such as Authorisations, the External Host can participate in payment transaction authorisation.
-
For authorisation type of transactions, the External Host Interface (EHI) can operate in one of five modes: Gateway Processing (mode 1) the External Host maintains card balances and participates in transaction authorisation by approving or declining the transaction. Cooperative Processing (mode 2) - Thredd maintains balances and performs all types of the authorization, but the External Host can overrule in some circumstances. Full Service Processing (mode 3) - read-only data feed from the Thredd system to the Client's system. Gateway Processing with STIP (mode 4) - External Host maintains Balance (with Thredd stand-in).
-
When a card with a fixed validity period, such as a gift card, expires, the available funds on the card are charged as an expiry breakage fee. The actual money is shared between Thredd and the Program Manager.
-
The External Host Interface provides a facility to enable exchange of data between Thredd and external systems via our web services. All transaction data processed by Thredd is transferred to the External Host side via EHI in real time. For certain types of transactions, such as Authorisations, the External Host can participate in payment transaction authorisation.
-
Group which controls the card transaction authorisation fees.
-
Funding PAN. The true 16-digit PAN of the card, which Mastercard/Visa converts when authorisations come through to them from Acquirers on the DPAN.
-
Controls the rates for FX currency conversions if the purchase currency is different from the card's currency.
-
Thredd Issuer (Program Manager) code, assigned by Thredd. Each Program Manager is assigned their own unique issuer code on the system.
-
Interactive Voice Response System Typically a telephony-based system, where the user calls in and selects options via an automated voice prompt.
-
Velocity limit group which restricts the frequency and/or amount at which the card can be loaded or unloaded. You can view your current Limit Groups in Smart Client.
-
A Thredd virtual card that is restricted to loading and unloading to a physical card and cannot be used for e-commerce or in-store transactions. An MVC is used to reflect the value of the ‘actual’ money in the Issuer's bank account. An MVC guarantees that the load is limited to the amount prefunded (i.e. loaded onto MVC) and gives the Programme Manager the ability to distribute funds immediately rather than having to wait for notification of each individual load into the Issuer Bank account.
-
The MasterCard Digital Enablement Service (MDES) is a data interchange platform for generating and managing secure digital payment tokens.
-
Merchant Category Code (MCC) Group. The MCC is a four-digit number used by the Card Schemes (payment networks) to define the trading category of the merchant.
-
The MasterCard Digital Enablement Service (MDES) helps transform any connected device into a commerce device to make and receive payments. The MDES platform is used in iPhone 6, iPhone 6 Plus and Apple Watch to enable secure payments to take place for contactless and in-app payments.
-
Merchant category codes (MCCs) are four-digit numbers that describe a merchant's primary business activities. MCCs are used by credit card issuers to identify the type of business in which a merchant is engaged.
-
Payment card which supports payment and settlement transactions in multiple currencies. The MFX card typically has a single PAN with multiple currency wallets linked.
-
Card which is loaded with funds at the time of card creation, but cannot be reloaded after this.
-
OOB authentication is a type of two-factor authentication that requires a secondary verification method through a separate communication channel along with the typical ID and password. For example, the user may be asked to respond to an automatically-generated phone call, enter a code sent to their smartphone or provide biometric verification via voice or fingerprint.
-
An additional amount or fee charged on a transaction, typically used to hedge against FX currency fluctuations or mitigate risks of higher declines or chargebacks for certain merchant categories.
-
A payment card number (PAN), primary account number, or simply a card number, is the card identifier found on payment cards, such as credit cards and debit cards, as well as stored-value cards, gift cards and other similar cards.
-
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations that handle credit cards from the major Card Schemes (payment networks). All Program Managers who handle customer card data must be compliant with this standard. See: https://www.pcisecuritystandards.org/pci_security/
-
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. uses PGP for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
-
The Product Setup Form is a spreadsheet that provides details of your Thredd account setup. The details are used to configure your Thredd account.
-
The predefined reference code associated with the card, which is included in the XML file sent to the card manufacturer. This field is called the <ProductRef> on ws_create_card and the <DesignRef> on ws_customer_enquiry and ws_customer_enquiry_v2
-
Card product-level master record
-
Logical grouping of your products set up in Smart Client. This is setup with whatever the customer (issuer or program manager) wants. Can be viewed in reports or via the web services API and may also be sent to the card manufacturer.
-
A Program Manager is a Thredd client who manages their own card service program.
-
The Project Initiation Document (PID) is put together at a start of a project. This document outlines the initial project requirements and parties involved.
-
The Project Requirements Document (PRD) provides full details of the requirements of your project. Project schedules and implementation are based on the details provided in this document.
-
The Project Scoping Document (PSD) defines the scope of the project, and is typically produced before the start of the project.
-
PSD2 is an EU Directive which sets requirements for firms that provide payment services. It introduces a number of requirements around how firms treat their customers and handle their complaints, and the data they must report to the FCA.
-
When two separate processes are reading and updating a value at the same time, then the latest process can overwrite the previous saved result.
-
Provider of identity and access management solutions. See: https://www.rsa.com/
-
SAFE (System to Avoid Fraud Effectively) is a Mastercard initiative requiring card issuers to report all cardholder fraud claims. The data sent to Mastarcard helpS identify and track fraudulent activity. See: https://globalrisk.mastercard.com/online_resource/system-to-avoid-fraud-effectively-safe-compliance-program/
-
Controls whether a card is charged a recurring fee, such as a monthly platform fee.
-
Card scheme-level master record
-
Thredd’s Trust Framework is the combination of several components which enable secure access to Thredd’s resources, using a common identity store.
-
Secure File Transfer Protocol. File Transfer Protocol FTP) is a popular unencrypted method of transferring files between two remote systems. SFTP (SSH File Transfer Protocol, or Secure File Transfer Protocol) is a separate protocol packaged with SSH that works in a similar way but over a secure connection.
-
Card which can only be used for a single transaction.
-
Smart Client is Thredd's user interface for managing your account on the Thredd Platform. You install Smart Client as a desktop application which requires a secure connection to Thredd systems in order to access your account.
-
SOAP (Simple Object Access Protocol) is a messaging protocol for exchanging structured information in the implementation of web services. It uses Extensible Markup Language (XML) for its message format and relies on application layer protocols such as HTTP for message negotiation and transmission. SOAP allows developers to invoke processes running on disparate operating systems (such as Windows, macOS, and Linux) to authenticate, authorise, and communicate using XML.
-
Stand-In Processing. Where Thredd holds the card balance on behalf of a Program Manager, in some instances where the Program Manager is not available, we are able to provide an authorisation decision for a transaction on their behalf.
-
Thredd Portal is Thredd's new user interface for managing your cards and transactions on the Thredd Platform.
-
The name of the high-level product type set up in Thredd, usually at a BIN level.
-
Group that controls where a card can be used. For example: POS or ATM.
-
Virtual Data Element, used for 3D Secure identification. Examples are memorable name, memorable place and memorable date.
-
Controls the fees charges for web service usage. Different web services can have different fees associated with them.
-
Web Service Definition Language (WSDL) is an XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information. WSDL files are central to testing SOAP-based services. SoapUI uses WSDL files to generate test requests, assertions and mock services.