Glossary
This glossary contains general terms used in the payments industry and should help you better understand the world of payments.
Acquirer (or Acquiring Bank)
A bank or a financial institute, which acquires funds for its merchant from a shopper.
To accept card payments, an acquirer should be licensed by corresponding card networks and either partner with a payment processor, or be a payment processor itself.
Sometimes, a payment service provider may operate as an acquirer in certain regions.
Authorisation
This is the process of the card issuer (like Visa or Mastercard) verifying payment details and reserving the funds to capture it later.
The payment gateway and payment processor perform required validation and risk checks, and ask a corresponding card network to authorise this payment from an issuer to an acquirer.
When a payment was authorised but hasn't been captured yet, a merchant can also decide to cancel it for some reason (like a high risk of fraud).
Note that authorisation is valid only for a limited amount of time. In case an authorised payment hasn't been captured or cancelled, it expires after the predefined deadline is missed.
Cancel a Payment
An authorised payment can be either captured (where funds are sent to a merchant's account) or cancelled (where a merchant decides to reject the payment for some reason like a high risk of fraud).
Note that cancelling a payment is not possible for transactions that have already been captured. In this case the merchant should initiate a refund to send funds back to a shopper. Captures, cancels, and refunds together are called modifications, because they modify the state of an authorised payment request.
Capture (or Clearing and Settlement)
A payment that has been authorised by the payment processor must be captured to be completed. Capturing is the act of transferring the reserved funds from the shopper to the merchant.
By default, payments are captured automatically, immediately after authorisation.
Many payment methods support separate authorisation and capture. This means you can set up a capture delay, capture payments manually, perform partial captures, or cancel an authorisation.
Captures, cancels, and refunds together are called modifications, because they modify the state of an authorised payment request.
Cardholder
A shopper who uses a card issued by a bank to make cashless payments to a merchant.
Card Networks (or Card Schemes)
Payment networks that set rules and provide infrastructure to issue cards and process payments made with cards. For a payment to be made, both an issuer and an acquirer must be members of the same network as the card. Examples of some popular card networks are Visa, Mastercard, American Express, and UnionPay.
Card schemes charge fees for processing payments, and also regulate the value of the interchange fee, which depends on many factors for each specific payment.
Card Not Present (CNP)
A payment transaction made with a card, where the shopper cannot physically present the card to the merchant at the time of the transaction. Examples of CNP transactions include online payments, in-app payments, and MOTO transactions.
CNP transactions are a common target for card fraud, because it is difficult for the merchant to verify that it is the actual cardholder making the purchase. To reduce the risk of card fraud arising from CNP, use 3D Secure and AVS features.
Card Number (PAN)
Every payment card (be it a debit, credit, gift, or a similar card) has a unique number associated with it. This number is usually printed on the card and required to uniquely identify this card and to refer to it in every transaction.
The whole card number is called Primary Account Number (PAN), and the first six or eight digits of it are also called the Bank Identification Number (BIN).
Also, a card may contain a card security code, which, along with the card number, can be used in card-not-present transactions.
Cards
Plastic cards issued by shoppers' banks to enable cashless payments either on a point of sale, via an ecommerce website, or inside a mobile application. Cards may be debit, credit or prepaid, and are usually operated by card networks. Sometimes cards may be linked to ewallets or other local payment methods, but most commonly they are used to withdraw cash or make cashless payments.
A typical card contains a card number, which uniquely identifies a card. It also contains a security code, used in combination with other information (a card expiry date and cardholder name) to verify card-not-present payments (for example, when paying for goods or services on a ecommerce website or inside a mobile application).
Card Security Code (CVC, CVV, CID)
The 3- or 4-digit numeric code that is printed on a card in addition to the card number. The security code is used in card-not-present transactions to verify the identity of a cardholder.
This code may have different names, for instance:
- Visa: Card Verification Value (CVV, CVV2)
- Mastercard: Card Validation Code (CVC, CVC2)
- Amex and Discover: Unique Card Code (CID)
The security code is an example of Sensitive Authentication Data, and as such in scope of PCI DSS compliance restrictions.
Cash Register (POS)
An application used at the point of sale that allows product selection and that calculates the total amount to be charged from a cardholder. Additional functionality can include loyalty handling, stock keeping, and so on. This term is often used interchangeably with POS.
The application can run on a physical machine, or can be hosted in combination with an interface for the staff or shopper (in kiosks).
Chargeback
If a shopper for some reason wants the funds returned from a merchant, they can ask the merchant to make a refund. If the merchant refuses, a shopper may ask their issuer to make a chargeback (sending the funds back from the merchant to a shopper).
After a chargeback is initiated, the merchant can dispute it in some cases. If a dispute is allowed, the merchant should provide all necessary documents to either the acquiring bank, or to the payment processor.
Contactless or Near Field Communication (NFC)
Contactless payments allow your shoppers to make payments without inserting or swiping their card. In the context of POS, NFC is the technology used in contactless payments. Apple Pay, Google Pay and Samsung Pay all use the standard NFC protocol and are therefore accepted. These payment methods are considered strongly authenticated and therefore support high-volume transactions.
Cross-Border Payment
When a payment method issued in one country is used to make a purchase from a merchant based in another country. This is also referred to as an "international payment".
Sana Pay makes it easy for you to accept and settle payments from different countries.
Essentials
A cloud-based web interface, that can be accessed by merchants with an active Sana Pay account. The Essentials dashboard allows merchants to view all payment transactions made by customers from the webstore, view and download comprehensive reports on all the payments, and much more.
Fraud
In payments, this means that there was an attempted transaction made by a criminal. The target of a fraud can either be a merchant or a shopper (depending on the approach of the fraudster).
Fraud defense is an important part of the payment process and is a service that can be provided by the payment provider.
Interchange Fee
A fee that is paid to the issuer by the acquirer for each payment transaction made via a card network. The interchange fee amount is determined by the corresponding card network, as well as the scheme fee.
A further fee is then deducted from the total by the acquirer before paying into the merchant's account.
Issuer (or Issuing Bank)
A bank that issued a card for a shopper to make cashless payments via an ecommerce website, inside a mobile app, or in a physical store. To be able to issue a card, an issuer must be a member of one or several card networks, or subscribe to one of the card services (for instance, ICS).
Sometimes a shopper's bank is referred to as an issuer even if there is no card issued. This is to distinguish between a shopper's bank, which sends funds, and a merchant's bank, which acquires funds.
Know Your Customer (KYC)
Know Your Customer (KYC) is the process of identifying and verifying the identity of your customers. This is required by the payment industry regulations as a prerequisite to allow individuals or business entities being paid out.
To use Sana Pay, you will need to go through the KYC process and provide the necessary information.
Local Payment Methods (or Alternative Payment Methods)
Payment methods that allow merchants to accept ecommerce and in-app payments without use of cards. These methods include bank transfers, direct debit, e-wallets, mobile payments and so on.
For merchants that want to sell goods and services globally to shoppers from all over the world, it is important to support local payment methods that are popular in each specific region.
With Sana Pay, merchants have access to all the key local payment methods.
Merchant
The party selling goods or services to shoppers via an ecommerce website, a mobile app, on a point of sale, or across all three channels. To accept payments made with cards or local payment methods, a merchant must have an acquiring bank account and subscribe to the services available from the payment service provider.
Notifications
These are HTTP callbacks (webhooks), sent from the Sana Pay server to the merchant server. They notify merchants about authorised, captured and modified payments, as well as other events.
Notifications (sometimes referred to as Instant Payment Notifications or IPN) are an essential part of the integration process with Sana Pay. They are used by merchants to ensure that they have processed all payment stages, and stored payment results in their database.
One-Click Payments
Simplifies the purchasing process for returning shoppers by allowing them to make a payment without entering their full card and address information. By enabling one-click payments, the shopper's details are stored during the first payment. For each successive payment the shopper only needs to enter their card security code (CVC/CVV) to complete the order.
One-click has the advantage of ensuring the full card authorisation takes place for each payment, including card security code checks and 3D Secure, if applicable. The potential disadvantage is that the shopper must be present for all payments to supply their card security code.
Payment Gateway
A service that helps merchants to initiate ecommerce, in-app and point-of-sale payments. It is not directly involved in the money flow; typically, it is a web server to which a merchant's website or a POS system is connected.
A payment gateway can be provided by a bank, or can exist as a separate service that connects to one or more payment processors. Sana Pay combines the functions both of a payment gateway and a payment processor, as well as a risk management system and an acquirer. This makes it a full-stack payment service provider.
Payment Modifications
An authorised payment can be either captured or canceled. If a payment has been already captured, it can be also refunded later. Capture, cancel, and refund actions are called modifications, because they modify the state of a payment.
Modifications can be done either manually (through Essentials interface), or automatically (using the Sana Pay API). If an API call is made, the merchant receives an acknowledgement in the response. After Sana Pay processes the payment modification, Sana Pay sends the result asynchronously through notifications.
Payment Processor
A system that connects to a shopper's bank and a merchant's bank in order to make a payment transaction on behalf of a merchant. Usually, a payment processor obtains the payment information from a payment gateway.
Sana Pay combines the functionality of a payment gateway and payment processor, as well as risk management and acquirer. As such it is a full-stack payment service provider.
Payment Service Provider (PSP)
A company, which combines the functions of both a payment gateway and a payment processor, can connect to multiple acquiring and payment networks. Additionally it can be an acquirer and provide risk assessments and other financial services.
For merchants, it is often cheaper and more convenient to use services of a PSP, rather than have different contracts with various payment gateways, processors and acquiring banks.
Sana Pay operates as a full-stack Payment Service Provider.
PCI Compliance
Being PCI DSS-compliant means that you meet all applicable requirements of the current Payment Card Industry Data Security Standard (PCI DSS) on a continuous basis. PCI DSS was created by major card networks to increase safety of cardholder data and reduce the risk of fraud. All organizations that deal with payment card processing must be PCI-compliant, which means fulfilling very strict requirements on securing cardholder data.
Merchants who find it difficult or expensive to fully comply with PCI DSS requirements may consider using encrypted methods (such as Hosting the CSE library) or outsourcing card processing to a PCI-compliant payment service provider, such as Sana Pay. This way their PCI DSS-compliance scope can be significantly reduced.
Point of Sale
A point-of-sale solution allows a shopper to make a cashless in-person payment in a merchant's shop or other physical location. This payment is made using cards, NFC wallets (like Apple Pay), QR code wallets (like Alipay), or prepaid and gift cards.
Often the term POS is used in place of cash register to denote the software collecting point-of-sale payments.
Point-of-Sale Payments (or In-Store Payments)
Electronic payments made by shoppers via point-of-sale systems to buy products or services from merchants at a physical location (for example, a store or a ticketing booth). These payments are usually made with cards (swipe, ICC, or contactless).
Other types of electronic payments include ecommerce and in-app, which are based on similar infrastructure and usually require a payment service provider for merchants to automate and maintain these payments.
Point-to-Point Encryption (P2PE)
Secures card data that is being communicated from point A to point B.
PSP Reference
Every payment or modification request (such as a refund or a capture request) in Sana Pay has a globally unique 16-character string called the PSP reference associated with it. This string is alphanumerical (it can contain both numbers and letters).
Refund
When a shopper cancels the purchase of a product or service, after they have paid. When the merchant makes the refund, the funds are sent back from the acquirer to the issuer. If an authorised payment hasn't been captured yet, a merchant can cancel the payment. In other cases a refund is possible.
If a merchant refuses to make a refund, a shopper can ask their issuer to make a chargeback. In some cases, a merchant is allowed to dispute a chargeback.
Refunds are also referred to as a modification, because they modify the state of an authorised payment request.
Risk Management
A set of services and techniques to analyze and assign a risk score to each payment transaction. Filtering high-risk transactions allows merchants to minimize the number of fraudulent payments and therefore maximize the revenue. Performing accurate risk management is extremely complex, and involves big data analysis.
Sana Pay has its own risk management system which allows merchants to identify and block fraudsters, while reducing friction for legitimate shoppers.
Sana Pay Account
A merchant who wants to use Sana Pay as a payment service provider needs to sign up for a Sana Pay account. After this account is approved, it gives merchants access to Sana Pay payment services.
Sana Pay accounts have two levels: company and merchant. A company-level account determines the global settings for the company, while merchant-level sub-accounts detail specific settings for each merchant.
A Sana Pay account allows merchants to perform payments and safely implement all integrations between a Sana Commerce Cloud webstore and Sana Pay.
Scheme Fee
A fee that is paid by the acquirer to the card scheme for each payment transaction made with the card scheme.
The fee amount is determined by the corresponding card scheme, in addition to the Interchange fee.
Sensitive Authentication Data
Security-related information that is used to authenticate cardholders and/or authorize payment card transactions. This can include card validation codes/values, full track data from the magnetic stripe or chip, PINs, PIN blocks, and more.
Shopper
A customer who buys goods or services from a merchant. In this glossary it is assumed that a shopper makes a cashless payment, which means that they use either cards or local payment methods to pay.
Tokenization
Tokenization is the process of replacing sensitive data with non-sensitive data (known as a token), which can be later used to get access to the initial (tokenized) data. In the payments industry, it is used to safeguard a card number and other payment data by replacing it with a unique string of numbers.
Together with Client-Side Encryption, tokenization enables merchants to securely pass their shoppers' data to a payment service provider, like Sana Pay.
Transaction (or Tx)
In the payments industry, the term "transaction" is used to indicate exchanging of a specified amount of funds from a shopper for purchasing products or services from a merchant, or for fulfilling any other obligations between the two parties.
Funds are usually transferred by means of card payments or local payment methods (bank transfers, e-wallets, mobile payments, etc.).
Tx is a commonly used abbreviation to denote a financial transaction.
