Payments &
Ecommerce Glossary

An authentication protocol that adds a verification step during online card payments to confirm the cardholder's identity. 3D Secure reduces fraud, shifts liability to the issuing bank, and is required for PSD2 compliance in Europe.

3D Secure 2.0 (3DS2) is an EMVCo authentication protocol that verifies cardholders during online transactions using risk-based analysis and 100+ data points, enabling frictionless checkout while satisfying Strong Customer Authentication requirements.

A/B testing is a controlled experiment that splits live traffic between two versions — a control (A) and a variant (B) — to determine which drives better outcomes. It replaces guesswork with empirical data, letting real user behavior decide what to ship.

Abandoned cart recovery is the process of re-engaging shoppers who added items to their cart but left without completing their purchase. Merchants use automated emails, SMS messages, and retargeting ads to bring these shoppers back to checkout.

Acceptance marks are logos or symbols displayed by merchants to indicate which payment methods, card networks, or digital wallets they accept. They set customer expectations at checkout and are often required by card network rules.

An Access Control Server (ACS) is a system operated by card issuers that authenticates cardholders during 3D Secure transactions. It performs real-time risk assessment, determines whether to approve silently or issue a challenge, then returns an ECI code and cryptographic authentication value to the merchant.

Account takeover (ATO) is a form of fraud where cybercriminals gain unauthorized access to a legitimate user's account using stolen or guessed credentials, then exploit it for financial gain, data theft, or further attacks.

Account-to-account (A2A) payments move funds directly between two bank accounts, bypassing card networks entirely. They combine lower costs, faster settlement, and reduced fraud exposure compared to card-based transactions.

ACH (Automated Clearing House) is a US electronic network that processes batch credit and debit transfers between bank accounts. It underpins payroll, bill payments, and B2B transfers, settling funds in 1–3 business days.

An ACH Credit is a push payment initiated by the payer to deposit funds directly into a recipient's bank account via the ACH network. It is widely used for payroll direct deposits, vendor payments, tax refunds, and government benefit disbursements.

An ACH Debit is a pull payment that moves funds from a payer's bank account to a payee's account through the Automated Clearing House network. Initiated by the receiving party with prior authorization, it underpins recurring billing, subscription payments, and B2B transactions across the US.

An ACH payment is an electronic funds transfer processed through the Automated Clearing House network, the US interbank system operated by Nacha. ACH batches bank-to-bank transactions to move money between accounts for payroll, bill pay, and B2B transfers, typically settling in 1–3 business days.

An ACH Return is a rejected ACH transaction sent back through the ACH network by the receiving bank, accompanied by a standardized NACHA return code explaining the rejection reason. Returns occur when funds are unavailable, account details are incorrect, or authorization is missing.

An acquirer (acquiring bank) is the financial institution that processes card payments on behalf of a merchant, settling funds from the card networks into the merchant's account. It holds the merchant account and bears the financial risk of chargebacks and fraud.

Acquirer processing is the set of operations an acquiring bank or its processor performs to route, validate, and settle card transactions on behalf of a merchant, encompassing authorization, clearing, and settlement through card networks.

An Acquirer Reference Number (ARN) is a unique 23-digit identifier assigned by an acquiring bank to every settled card transaction. It travels through the card network, enabling merchants, acquirers, and issuers to trace payments and resolve disputes.

A fraud prevention tool that verifies whether the billing address provided by a cardholder matches the address on file with the card-issuing bank. Widely used in card-not-present transactions to reduce fraud risk.

An adjustment is a post-authorization correction applied to a merchant's settlement account to reconcile discrepancies in transaction amounts, fees, or disputed payments. Adjustments may be credits or debits issued by a payment processor or acquirer.

Adverse media screening searches news sources, regulatory databases, and public records for negative information about customers or business partners. It surfaces financial crime risks — fraud, money laundering, corruption — before or during a business relationship.

Affiliate marketing is a performance-based channel where merchants pay third-party publishers a commission only when a verified action—typically a sale—occurs. Cost shifts from fixed ad spend to variable, pay-for-results payouts tied directly to revenue.

An aggregator merchant is an entity that pools multiple smaller merchants under a single master merchant account, enabling them to accept card payments without individual merchant accounts. The aggregator assumes liability for its sub-merchants' transactions.

Alipay is a Chinese digital wallet and online payment platform operated by Ant Group. It enables consumers to pay via QR code, app, or web checkout, and is one of the world's largest payment networks by transaction volume.

Alternative payment methods (APMs) are any payment options beyond traditional card networks—including digital wallets, bank transfers, buy now pay later schemes, and local payment instruments. APMs help merchants reach customers who prefer or rely on non-card options.

Annual Recurring Revenue (ARR) is the total value of recurring subscription revenue a business expects to collect over a 12-month period. It excludes one-time fees and variable usage charges, giving a predictable baseline for forecasting.

Anti-money laundering refers to the laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. AML frameworks require financial institutions and payment businesses to detect, report, and block suspicious financial activity.

A series of EU legislative directives requiring financial institutions and payment providers to implement controls against money laundering and terrorist financing, including KYC procedures, transaction monitoring, and suspicious activity reporting.

An API (Application Programming Interface) is a set of rules that enables software systems to communicate. In payments, APIs let merchants connect their platform to processors, gateways, and financial services to accept and manage transactions programmatically.

Apple Pay is a mobile payment and digital wallet service by Apple that lets users pay contactlessly using iPhone, Apple Watch, iPad, or Mac. It tokenizes card data so the real card number is never transmitted to merchants, reducing fraud risk.

Application fraud occurs when criminals use stolen, fabricated, or synthetic identities to fraudulently obtain financial products such as credit cards, loans, or merchant accounts. The fraud begins at the onboarding stage, before the account ever becomes active.

Approval rate is the percentage of payment transactions successfully authorized by issuing banks out of all attempted transactions. It is a core KPI for any business accepting card payments, directly tied to revenue capture and customer experience.

Arbitration is the final stage of the chargeback dispute process, where a card network such as Visa or Mastercard reviews the case and issues a binding ruling after both issuer and acquirer fail to resolve it bilaterally.

An assessment fee is a charge levied by card networks (Visa, Mastercard, Amex, Discover) on every transaction processed over their rails. It is calculated as a small percentage of the transaction volume and is non-negotiable.

Attribution is the process of assigning credit to the marketing touchpoints that influenced a conversion. It tells merchants which channels, ads, and interactions drive revenue — and where to allocate budget for maximum return.

Authentication is the process of verifying that a user, device, or system is who it claims to be. In payments, it confirms cardholder identity before granting access or authorizing a transaction, forming the first line of defense against fraud.

The real-time process where a card network and issuing bank approve or decline a payment transaction. Authorization verifies the card is valid, the account has sufficient funds, and the transaction passes fraud checks.

An authorization hold is a temporary reservation of funds on a cardholder's account, placed by the issuing bank at a merchant's request. Funds remain unavailable to the cardholder until the merchant submits a capture or the hold expires.

Authorization rate is the percentage of payment transactions successfully approved by the issuing bank out of all attempted transactions. A higher rate means more completed sales and less revenue lost to unnecessary declines.

Authorized Push Payment fraud occurs when a criminal manipulates a victim into willingly transferring funds to a fraudster-controlled account. Because the victim authorizes the payment, standard protections like chargebacks rarely apply, making recovery difficult.

Average Order Value (AOV) is the mean amount spent by a customer per transaction. It is calculated by dividing total revenue by the number of orders over a given period.

Average Revenue Per User (ARPU) measures total revenue divided by active users over a set period. It quantifies monetization efficiency, guides pricing decisions, and benchmarks performance across product tiers and competitors.

BACS (Bankers' Automated Clearing Services) is a UK payment scheme that processes electronic transfers between bank accounts, including Direct Debits and Direct Credits, with a standard three-day settlement cycle.

Bank account verification confirms that a bank account exists, is active, and is owned by the person claiming it before initiating ACH payments, payouts, or direct deposits.

A Bank Identification Number (BIN) is the first 6–8 digits of a payment card number that identify the issuing institution, card network, card type, and country of origin. It enables merchants and processors to route transactions correctly and perform real-time risk checks before authorization.

A bank payout is the transfer of funds from a payment platform or marketplace to a recipient's bank account. It is the final step in the payment cycle, converting settled transaction revenue into accessible funds for merchants, sellers, or service providers.

The Bank Secrecy Act (BSA) is a U.S. federal law requiring financial institutions to assist government agencies in detecting and preventing money laundering, tax evasion, and other financial crimes through recordkeeping and reporting obligations.

Banking as a Service (BaaS) is a model in which licensed banks expose their core infrastructure—accounts, payments, lending, and compliance—via APIs, enabling non-bank companies to embed regulated financial products into their own platforms.

A basis point equals one-hundredth of one percent (0.01%). In payments, fees and rate changes are quoted in basis points to eliminate ambiguity between percentage and absolute values.

A batch fee is a fixed charge assessed by payment processors each time a merchant closes and submits a batch of transactions for settlement. Typically $0.10–$0.30 per event, it covers the cost of grouping and transmitting payment data to the acquiring bank.

Batch processing is the practice of grouping multiple payment transactions together and submitting them for authorization, clearing, or settlement in a single bulk operation rather than one at a time.

Behavioral analytics examines how users interact with digital touchpoints — mouse movements, typing speed, navigation patterns — to detect anomalies that signal fraud. Unlike static rules, it builds dynamic risk profiles that adapt continuously to evolving attacker tactics.

Beneficial ownership identifies the natural persons who ultimately own or control a legal entity, even when obscured by corporate layers or nominees. Regulators require payment platforms and financial institutions to collect and verify this information during onboarding.

A BIC (Bank Identifier Code) is an 8- or 11-character alphanumeric code that uniquely identifies a financial institution in international transactions. Standardized by ISO 9362, it directs funds to the correct bank during cross-border wire transfers.

A billing descriptor is the text that appears on a customer's bank or credit card statement identifying a charge. It typically includes the merchant name, a short description, and sometimes a phone number or URL.

A BIN attack is a fraud technique where criminals systematically test large numbers of card number combinations based on a known Bank Identification Number to find valid, active card credentials they can exploit for unauthorized purchases.

Biometric authentication verifies a user's identity using unique physical or behavioral traits — such as fingerprints, facial geometry, or voice patterns. It replaces or supplements passwords to reduce fraud and streamline checkout.

Biometric payment authenticates a transaction using a person's unique physical traits—fingerprint, face scan, or iris—instead of a PIN or password, enabling faster, more secure checkout with near-zero fraud exposure from stolen credentials.

Bitcoin is a decentralized digital currency that operates on a peer-to-peer network without a central authority, using cryptographic proof to secure transactions recorded on a public blockchain.

A blended rate is a single, averaged percentage that a payment processor charges merchants for all card transactions, regardless of card type, network, or interchange category. It combines interchange fees, assessments, and processor margins into one flat figure.

A blockchain is a distributed, tamper-resistant ledger that records transactions in cryptographically linked blocks across a decentralized network. No single party controls the data, making it highly secure and transparent.

Brand building is the process of creating a distinct identity, reputation, and emotional connection between a business and its customers. It encompasses visual identity, messaging, and consistent experiences designed to drive long-term loyalty and competitive differentiation.

Business Email Compromise (BEC) is a targeted fraud scheme where attackers impersonate executives, vendors, or trusted contacts via email to trick employees into transferring funds or sensitive data. BEC attacks exploit trust rather than technical vulnerabilities, making them among the costliest cyber-enabled financial crimes.

Buy Now Pay Later (BNPL) is a short-term financing option that lets consumers split a purchase into installments—often interest-free—paid over weeks or months, with approval decided at checkout in seconds.

Capture is the step that transfers reserved funds from a cardholder's account to the merchant's account after authorization. It finalizes the payment and triggers settlement.

Capture rate is the percentage of authorized transactions that are subsequently captured and settled. It measures how reliably a merchant collects revenue that has already been approved by the issuing bank.

Card Account Updater is a card network service that automatically refreshes stored card credentials—account numbers and expiry dates—when cards are replaced or reissued, keeping recurring payments and subscriptions active without customer intervention.

Card acquiring is the process by which a financial institution enables merchants to accept and process card payments. The acquiring bank routes authorization requests through card networks and settles transaction funds into the merchant's account.

Card issuing is the process by which a licensed financial institution or program manager creates, distributes, and manages payment cards for cardholders. The issuer controls credit limits, fraud monitoring, and settlement with card networks.

A card network is the payment infrastructure connecting issuing banks, acquiring banks, and merchants to authorize and settle card transactions. Networks like Visa, Mastercard, and UnionPay set the technical standards, rules, and fee structures that govern every swipe, tap, or click.

Card on File (CoF) is a payment method where a merchant securely stores a customer's card details—or a token representing them—to enable future transactions without re-entry. It powers subscriptions, one-click checkout, and merchant-initiated charges.

Card skimming is a form of payment fraud where criminals use a hidden device to illegally capture card data from the magnetic stripe during a legitimate transaction, enabling them to clone the card or make unauthorized purchases.

Card testing is a fraud technique where criminals make small or micro-transactions on a merchant's checkout to verify whether stolen card details are valid before using them for larger purchases.

A Card-Not-Present (CNP) transaction occurs when a payment is processed without the physical card being present at the point of sale—typically in ecommerce, phone, or mail-order purchases. Because the merchant cannot verify the card physically, CNP transactions carry higher fraud risk and different liability rules than in-person payments.

A card-present transaction occurs when the physical payment card is used at the point of sale, allowing the terminal to read card data directly via magnetic stripe, EMV chip, or NFC tap.

A security mechanism used during a payment transaction to confirm the person presenting a card is its legitimate holder, using methods such as PIN entry, signature, or biometrics.

Cart abandonment occurs when a shopper adds items to an online shopping cart but leaves without completing the purchase. It is one of the most widespread conversion problems in ecommerce, with an industry-average abandonment rate of 70.19% according to Baymard Institute.

Cascading payments is a retry strategy that automatically routes a failed transaction to an alternative payment processor or acquirer in real time, maximizing approval rates without requiring customer action.

A cash advance is a short-term liquidity product that provides immediate access to funds against a credit line or future card receivables. Repayment carries higher fees or a fixed factor rate rather than a conventional interest rate.

CAVV (Cardholder Authentication Verification Value) is a cryptographic code generated by an issuer's Access Control Server during 3D Secure authentication, proving to card networks and issuers that a cardholder was genuinely verified for a specific transaction.

A Central Bank Digital Currency (CBDC) is a sovereign-issued digital form of a national currency, fully controlled and backed by the central bank. It carries no credit or liquidity risk and constitutes legal tender by law.

CESOP (Central Electronic System of Payment information) is an EU-mandated database requiring payment service providers to report cross-border transaction data quarterly to national tax authorities, enabling coordinated VAT fraud detection across member states.

A charge card is a payment card that requires the cardholder to pay the full outstanding balance each billing cycle, with no option to carry revolving debt and no preset spending limit enforced against a fixed credit line.

A forced reversal of a payment transaction initiated by the cardholder's bank. Chargebacks can result from fraud, customer disputes, or processing errors. High chargeback rates (above 1%) can lead to account termination and placement on the MATCH list.

A chargeback fee is a penalty charged by an acquiring bank to a merchant each time a customer successfully disputes a transaction. It is separate from the disputed transaction amount itself and typically ranges from $15 to $100 per incident.

Chargeback Monitoring Programs are card network initiatives—run by Visa and Mastercard—that track merchants whose chargeback rates exceed defined thresholds, imposing fines and requiring remediation plans to avoid termination.

Chargeback rate is the ratio of chargebacks received to total transactions processed in a given month, expressed as a percentage. Card networks use it to identify merchants posing financial risk to the payment ecosystem.

A chargeback reason code is a numeric or alphanumeric code assigned by a card network to classify the specific justification a cardholder or issuing bank provides when disputing a transaction. Each code maps to defined rules, evidence requirements, and response deadlines.

Chargeback representment is the process by which a merchant disputes a chargeback by resubmitting the transaction to the issuing bank with compelling evidence proving the charge was legitimate.

A chargeback reversal occurs when a card network or issuing bank overturns a previously filed chargeback, restoring the disputed funds to the merchant. It is achieved through representment, compelling evidence submission, or arbitration.

A chargeback threshold is the maximum ratio of chargebacks to total transactions a merchant may reach in a calendar month before card networks enroll them in a monitoring program, impose fines, or terminate processing privileges.

Chargeback win rate is the percentage of disputed transactions a merchant successfully overturns through representment. It measures how effectively a business recovers revenue lost to chargebacks by submitting compelling evidence to the issuing bank.

Checkout is the final stage of an online purchase where a customer reviews their order, enters payment and shipping details, and confirms the transaction. It is the critical conversion point between cart and completed sale.

Checkout optimization is the process of improving the payment and purchase completion flow to reduce friction, minimize cart abandonment, and increase the percentage of shoppers who successfully complete a transaction.

Chip and PIN is an EMV-based card payment method where a microchip embedded in the payment card generates a unique transaction cryptogram, confirmed by the cardholder entering a personal identification number at the terminal.

A chip card is a payment card embedded with an integrated circuit (EMV chip) that generates a unique transaction code for each purchase, making it significantly harder to counterfeit than magnetic-stripe cards.

CHIPS (Clearing House Interbank Payments System) is the largest private-sector USD clearing network in the US. Operated by The Clearing House, it settles approximately $1.8 trillion in large-value dollar transactions daily via multilateral netting and Fedwire final settlement.

Churn rate is the percentage of subscribers or customers who cancel or fail to renew their subscriptions within a given period. It is a critical metric for any recurring-revenue business, directly impacting growth, forecasting, and lifetime value.

Clearing is the process by which a card network reconciles and transmits transaction data between an acquiring bank and an issuing bank after authorization, determining the exact amounts owed before funds are moved.

A clearing house is a financial intermediary that validates, nets, and reconciles payment obligations between member institutions before final settlement occurs. By acting as a central counterparty or operator, it eliminates bilateral risk and sharply reduces the gross liquidity required to move funds across the financial system.

Click and collect is a retail fulfillment model where customers purchase products online and pick them up at a physical store or designated collection point. It removes shipping costs and wait times while driving incremental in-store purchases at pickup.

A closed loop payment system restricts card or account usage to a single merchant, brand, or network. The issuer and acceptor are the same entity, eliminating third-party card networks like Visa or Mastercard.

Combating the Financing of Terrorism (CFT) is the regulatory framework of laws, controls, and procedures designed to prevent terrorists from raising, moving, or accessing funds. It operates alongside AML as a core pillar of global financial compliance.

A commercial card is a payment card issued to a business entity for managing corporate spend—covering procurement, travel, and accounts payable. Unlike personal credit cards, commercial cards carry enhanced data fields, configurable spend controls, and access to lower interchange tiers when Level 2/3 data is submitted.

Compelling Evidence 3.0 (CE 3.0) is Visa's updated representment framework enabling merchants to counter Card Not Present fraud chargebacks by submitting two prior undisputed transactions with matching customer identifiers, shifting liability back to the issuer.

Compliance automation uses software to continuously monitor, enforce, and document regulatory requirements without manual intervention. It replaces repetitive tasks—such as AML screening, KYC checks, and audit logging—with rule-based or AI-driven workflows, reducing cost and human error.

Contactless payment is a method of completing transactions by tapping a card, phone, or wearable near a reader instead of inserting or swiping. It uses short-range wireless technology—typically NFC—to transmit payment data securely in under a second.

A Content Management System (CMS) is software that allows users to create, manage, and publish digital content without writing code. In ecommerce, a CMS controls product pages, landing pages, and checkout flows from a central interface.

Conversion rate is the percentage of visitors who complete a desired action — such as making a purchase — out of the total number of visitors. It is a core metric for measuring the effectiveness of an ecommerce funnel.

Conversion Rate Optimization (CRO) is the systematic process of increasing the percentage of website visitors who complete a desired action — such as making a purchase, submitting a form, or completing checkout — through data-driven testing and UX improvements.

A counterfeit card is a fraudulent payment card created by copying legitimate cardholder data onto a blank card. Criminals use stolen magnetic stripe data to produce working fakes, enabling unauthorized transactions.

Cross-border payments are financial transactions where the payer and recipient are located in different countries, requiring currency conversion, international routing, and compliance with multiple regulatory frameworks.

Customer Acquisition Cost (CAC) is the total spend required to win one new paying customer, calculated by dividing total sales and marketing costs by the number of new customers acquired in a given period.

Customer Due Diligence (CDD) is the process of verifying a customer's identity, assessing their risk profile, and monitoring their transactions to prevent money laundering, fraud, and financial crime.

A Customer Identification Program (CIP) is a mandatory compliance framework requiring financial institutions and certain businesses to verify the identity of customers before opening accounts or processing transactions, as mandated by the USA PATRIOT Act.

Customer Lifetime Value (CLV) is the total net revenue a business expects to earn from a customer over the entire duration of their relationship. It guides decisions on acquisition spend, retention investment, and pricing strategy.

A Customer-Initiated Transaction (CIT) is any payment where the cardholder is actively present and directly authorizes the transaction in real time. CITs require Strong Customer Authentication (SCA) under PSD2 and are subject to 3DS challenge flows when triggered.

CVV (Card Verification Value) is a 3- or 4-digit security code printed on payment cards. It proves the buyer has physical possession of the card during card-not-present transactions, reducing fraud without storing sensitive data.

A data breach is an incident where unauthorized individuals access, steal, or expose sensitive information — such as cardholder data, personal records, or credentials — without permission. In payments, breaches can trigger regulatory penalties, chargebacks, and loss of card acceptance rights.

A debit card is a payment card that draws funds directly from the cardholder's linked bank account at the moment of purchase. Unlike credit cards, no credit is extended — the transaction is declined if the account holds insufficient funds.

A decline code is a numeric or alphanumeric code returned by a card network or issuing bank when a payment authorization fails, indicating the reason the transaction was rejected.

A device fingerprint is a unique identifier constructed from hardware, software, and browser attributes collected during a user session, used to recognize devices without cookies or login credentials.

A digital wallet is a software application that stores payment credentials, loyalty cards, and IDs on a device, letting users pay online or in-store without carrying physical cards or cash.

Direct Debit is a payment method that allows a business to pull funds directly from a customer's bank account, with the customer's prior authorization. It is widely used for recurring billing, subscriptions, and utility payments.

A disbursement is the act of paying out funds from a central account to one or more recipients. In payments, it refers to the programmatic distribution of money to merchants, workers, or end users via bank transfer, card, or wallet.

A dispute is a formal challenge raised by a cardholder against a transaction, triggering a review process between the issuing bank, merchant, and card network. Disputes can result in chargebacks if the merchant cannot provide sufficient evidence.

Dunning is the automated process of retrying failed subscription payments and notifying customers to update their billing information. Effective dunning recovers 20-40% of failed charges before they become involuntary churn.

Dynamic Currency Conversion (DCC) lets cardholders pay in their home currency at the point of sale abroad. The merchant's terminal converts the transaction amount in real time, displaying the home-currency total before the cardholder approves.

E-commerce (electronic commerce) is the buying and selling of goods or services over the internet, encompassing transactions between businesses, consumers, and governments. It includes online storefronts, marketplaces, and digital payment processing.

An ecommerce platform is software that enables businesses to build, manage, and operate online stores — handling product listings, inventory, payments, and order fulfillment in one system.

Electronic Funds Transfer (EFT) is the digital movement of money between bank accounts through computer-based systems, without the need for physical cash or paper checks. It covers a broad range of payment methods including ACH, wire transfers, direct debit, and SEPA.

Embedded finance is the integration of financial services—such as payments, lending, insurance, and banking—directly into non-financial platforms and applications, enabling businesses to offer these services without becoming regulated financial institutions.

Embedded payments integrate payment processing directly into a non-financial software platform, enabling users to transact without leaving the application. This eliminates redirects to third-party checkout pages and creates a seamless, native payment experience within any product.

EMV is a global payment standard developed by Europay, Mastercard, and Visa that uses embedded chips in payment cards to authenticate transactions securely. Unlike magnetic stripes, EMV chips generate a unique cryptogram for each transaction, making stolen card data nearly useless for fraud.

Encryption converts readable data into an unreadable format using a cryptographic algorithm and key, so only authorized parties can decrypt and access the original information. It is the foundational security layer protecting payment data in transit and at rest.

End-to-end encryption (E2EE) is a security method that encrypts data at its origin and keeps it encrypted until it reaches the intended recipient, ensuring no intermediary can read or tamper with it in transit.

Enhanced Due Diligence (EDD) is a rigorous identity verification and risk assessment process applied to high-risk customers, transactions, or business relationships that exceed standard KYC/CDD requirements.

The Fair Credit Billing Act (FCBA) is a U.S. federal law enacted in 1974 that protects consumers from unfair billing practices on open-end credit accounts, establishing formal dispute rights and merchant obligations for billing errors.

FedNow is a real-time interbank payment and settlement service operated by the U.S. Federal Reserve, launched in July 2023. It enables financial institutions to send and receive payments instantly, 24/7/365, with immediate fund availability for end users.

The Financial Action Task Force (FATF) is an intergovernmental body that sets global standards for combating money laundering, terrorist financing, and proliferation financing. Its 40 Recommendations form the basis of AML/CFT compliance frameworks in over 200 jurisdictions.

FinCEN (Financial Crimes Enforcement Network) is a bureau of the U.S. Treasury Department that collects and analyzes financial data to combat money laundering, terrorist financing, and other financial crimes. It administers the Bank Secrecy Act and issues compliance rules for financial institutions.

First-party fraud occurs when a legitimate account holder deliberately misrepresents information or abuses financial products for personal gain—such as falsely claiming non-delivery to keep goods and their money.

Flat rate pricing is a payment processing model where merchants pay a single fixed percentage (and sometimes a fixed per-transaction fee) on every transaction, regardless of card type, network, or issuer.

Force capture is a transaction method that lets merchants submit a capture request without a prior authorization code, using a manually obtained approval code—often from a voice authorization or offline approval—to settle the payment directly.

Fraud is any intentional deception carried out to gain an unfair or unlawful financial advantage, typically at the expense of a merchant, consumer, or financial institution. In payments, fraud encompasses unauthorized transactions, identity theft, and account takeovers.

The process of identifying fraudulent payment transactions in real time using rules, machine learning models, and behavioral signals. Effective fraud detection balances blocking bad actors against minimizing false positives that reject legitimate customers.

Fraud monitoring is the continuous, real-time surveillance of payment transactions and user activity to detect, flag, and prevent fraudulent behavior before it causes financial loss.

Fraud prevention encompasses the strategies, tools, and processes merchants use to stop unauthorized or deceptive transactions before they occur, protecting revenue and customer trust.

Fraud scoring is a real-time risk assessment process that assigns a numerical score to each transaction, indicating the likelihood it is fraudulent. Scores are generated by machine learning models weighing hundreds of signals—device, behavior, velocity, and history—enabling automated accept, review, or decline decisions.

Frictionless checkout is a payment experience that minimizes the steps, fields, and interruptions a customer faces when completing a purchase, reducing cart abandonment and increasing conversion rates.

Friendly fraud occurs when a legitimate cardholder makes a purchase, receives the goods or services, then disputes the charge with their bank to obtain a refund while keeping the item. Unlike external fraud, the perpetrator is the actual account holder.

A gateway fee is a charge levied by a payment gateway provider for routing and processing each transaction or for maintaining access to its payment infrastructure. It covers the cost of secure data transmission, fraud screening, and connectivity between merchants and payment networks.

The General Data Protection Regulation is an EU law that governs how organizations collect, store, and process personal data of EU residents. It imposes strict obligations on businesses worldwide and carries fines up to €20 million or 4% of global annual turnover.

Google Pay is a digital wallet and contactless payment service by Google that lets users store cards and pay in apps, online, and at physical terminals via NFC. It replaced Android Pay and Google Wallet in 2018 and is available on Android devices and the web.

Gross funding is a settlement model in which a processor transfers the full transaction amount to a merchant before deducting fees, which are billed separately. It contrasts with net settlement, where fees are subtracted prior to disbursement.

A hard decline is a permanent payment rejection issued by the card issuer, indicating the transaction cannot be retried. Unlike soft declines, hard declines signal a fundamental problem with the card or account that retrying will not resolve.

Headless commerce decouples the frontend presentation layer from the backend ecommerce engine, connecting them via APIs. This lets teams build custom storefronts on any technology while keeping order, inventory, and payment logic separate.

A high-risk merchant is a business classified by acquirers and payment processors as having an elevated likelihood of chargebacks, fraud, or regulatory scrutiny. This classification affects which processors will work with the merchant, the fees charged, and the reserve requirements imposed.

A hosted payment page is a secure, third-party checkout page where customers enter payment details, removing the merchant from direct contact with sensitive card data and simplifying PCI compliance.

Identity fraud occurs when a criminal uses stolen or fabricated personal information to impersonate a victim and commit unauthorized financial transactions. It spans tactics from new-account fraud to payment card abuse, often causing severe financial and reputational damage.

In-app payments are transactions completed directly inside a mobile application, without redirecting the user to an external website or browser. They enable purchases of digital goods, subscriptions, or physical products entirely within the app experience.

An Independent Sales Organization (ISO) is a third-party company authorized by a card network or acquiring bank to resell payment processing services to merchants. ISOs act as intermediaries, recruiting merchants and managing relationships on behalf of their acquiring partners.

An Integrated Software Vendor (ISV) is a company that builds software applications and embeds payment acceptance directly into its product, enabling merchants to process transactions without switching to a separate payments platform.

An interchange fee is a per-transaction fee paid by a merchant's bank (acquirer) to the cardholder's bank (issuer) every time a card payment is processed. It is the largest component of card acceptance costs, typically ranging from 0.2% to 2%+ of transaction value.

Interchange-plus pricing is a payment processing fee model where merchants pay the card network's actual interchange fee plus a fixed markup charged by the processor. It separates the true cost of acceptance from the processor's profit margin, giving merchants full transparency.

Involuntary churn occurs when a subscription is cancelled not because the customer chose to leave, but because a payment failed—due to an expired card, insufficient funds, or issuer decline. Unlike voluntary churn, it is recoverable with the right retry and recovery tooling.

The IRS 1099-K is a tax information return that payment processors and third-party settlement organizations must issue to merchants whose card payments or third-party network transactions exceed IRS-set annual thresholds.

ISO 27001 is the international standard for information security management systems (ISMS), specifying requirements to establish, implement, maintain, and continually improve an organization's information security posture.

An issuer is a financial institution—typically a bank or credit union—that provides payment cards to consumers and is responsible for approving or declining transactions on their behalf.

Know Your Business (KYB) is the process by which payment providers and financial institutions verify the identity, ownership, and legitimacy of a business before granting access to payment services.

Know Your Customer (KYC) is a regulatory compliance process requiring businesses to verify the identity of their customers before establishing a relationship. It prevents money laundering, fraud, and terrorist financing by ensuring merchants know who they are transacting with.

Liability shift transfers fraud-related chargeback responsibility from the merchant to the card issuer when specific authentication or technology requirements are met, reducing the merchant's financial exposure to fraudulent transactions.

Local payment methods are payment instruments that are dominant in a specific country or region, such as iDEAL in the Netherlands, PIX in Brazil, or Alipay in China. They differ from global card networks by catering to local banking infrastructure, consumer habits, and regulatory frameworks.

A magnetic stripe is a band of iron-based magnetic particles on the back of a payment card that stores static cardholder data, including the PAN, expiry date, and service code, read by swiping through a card reader.

Manual keyed entry is the process of manually typing a customer's card details—number, expiry, CVV, and billing address—into a payment terminal or virtual terminal rather than swiping, dipping, or tapping the card.

A master merchant is an entity registered directly with payment networks that sponsors sub-merchants to accept card payments under its umbrella account, assuming compliance, underwriting, and chargeback liability on their behalf.

The MATCH (Member Alert to Control High-risk) List is Mastercard's blacklist of merchants and their principals whose accounts were terminated for cause. Being listed can prevent a business from obtaining a new merchant account for up to five years.

A merchant account is a type of bank account that allows businesses to accept and process electronic card payments. Funds from card transactions are held in this account before being settled to the business's primary bank account.

A merchant agreement is a contract between a merchant and an acquiring bank or payment processor that governs the terms under which the merchant may accept card payments, including fees, liabilities, and compliance obligations.

A Merchant Category Code (MCC) is a four-digit number assigned by card networks to classify a business by the goods or services it sells. It determines interchange rates, reward eligibility, and underwriting risk.

The Merchant Discount Rate (MDR) is the total fee a merchant pays to accept card payments, expressed as a percentage of each transaction. It bundles interchange fees, scheme fees, and the acquirer's margin into a single blended rate.

A Merchant Identification Number (MID) is a unique numeric code assigned by an acquirer to identify a merchant's account during payment card processing. It routes transactions to the correct merchant account and appears in settlement and chargeback records.

A Merchant of Record is the legal entity that sells goods or services to the end customer, accepts payment liability, and is responsible for tax collection, chargebacks, and regulatory compliance on behalf of the actual seller.

A Merchant-Initiated Transaction (MIT) is a payment charged to a stored card without the cardholder being present or actively approving the transaction at that moment. MITs are pre-authorized by the customer and used for subscriptions, installments, and usage-based billing.

A mobile point of sale (mPOS) is a smartphone, tablet, or dedicated wireless device that functions as a payment terminal. It accepts card, contactless, and digital wallet payments anywhere with a cellular or Wi-Fi connection, replacing traditional fixed cash registers.

A mobile wallet is a digital application on a smartphone that stores payment credentials, loyalty cards, and IDs, enabling contactless payments in-store and online without a physical card.

A money mule is a person who transfers illegally obtained funds on behalf of criminals, knowingly or unknowingly, typically keeping a commission. They act as a buffer between fraudsters and the banking system to obscure the origin of stolen money.

Monthly Recurring Revenue (MRR) is the predictable revenue a subscription business earns each month from active paying customers. It normalizes all subscription plans into a single monthly figure, making it the core metric for tracking subscription business health.

Net settlement is a process where payment obligations between parties are consolidated over a period, and only the net difference is transferred rather than each individual transaction. This reduces transaction volume, liquidity requirements, and processing costs across the payment ecosystem.

A network token is a surrogate payment credential issued by a card network—Visa, Mastercard, or Amex—that replaces a cardholder's Primary Account Number for digital and card-on-file transactions. Tokens are domain-locked, cryptographically bound, and automatically refreshed when cards are reissued or replaced.

Omnichannel payments is a strategy that unifies payment acceptance across all sales channels — in-store, online, mobile, and social — into a single, consistent customer experience backed by shared data and infrastructure.

One-click payments let returning customers complete a purchase with a single tap or click, using stored payment credentials — no re-entering card details required. They reduce checkout friction and dramatically increase conversion rates for repeat buyers.

A partial refund returns a portion of the original transaction amount to the customer, rather than the full payment. It is used when only part of an order is returned, cancelled, or disputed.

A Payment API is a set of programmatic interfaces that allows software applications to initiate, process, and manage financial transactions. It connects merchants directly to payment networks, processors, and banking infrastructure without handling card data on their own servers.

A Payment Facilitator (PayFac) is a company that aggregates multiple sub-merchants under a single master merchant account, handling underwriting, onboarding, and settlement on their behalf.

A payment form is the data-entry interface that collects card details, billing information, and payment method selection from a customer during checkout. It is the last touchpoint before a transaction is authorized.

A technology service that captures, encrypts, and transmits payment data from the customer to the acquiring bank for authorization. Payment gateways are the bridge between your checkout and the payment network.

A technology layer that sits above individual payment gateways and intelligently routes each transaction to the optimal processor based on card type, geography, fees, and approval rates — with automatic failover if one processor declines.

A payment processor is a company that handles transaction communication between merchants, card networks, issuing banks, and acquiring banks to authorize and settle card payments in real time.

Payment rails are the underlying infrastructure and networks that move money between banks, businesses, and consumers. They define the rules, protocols, and technical pathways that determine how fast, at what cost, and under what conditions funds are transferred.

A Payment Service Provider (PSP) is a company that enables merchants to accept electronic payments by connecting them to card networks, banks, and payment infrastructure. PSPs bundle acquiring, gateway, fraud tools, and settlement into a single contract and integration.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements that any business handling credit card data must follow. PCI compliance protects cardholder data and reduces the risk of data breaches.

Point-to-Point Encryption (P2PE) encrypts cardholder data from the moment a card is swiped, dipped, or tapped at a payment terminal until it reaches a secure decryption environment, rendering the data unreadable to anyone in between.

PSD2 (Payment Services Directive 2) is the EU regulation that mandates Strong Customer Authentication, opens banking APIs to third parties, and sets liability rules for electronic payments across the European Economic Area.

Rapid Dispute Resolution (RDR) is a Visa program that allows issuers to automatically resolve disputes at the network level before a formal chargeback is filed, using merchant-defined rules to issue instant refunds.

Real-Time Payments (RTP) is a payment rail that enables the near-instant transfer of funds between bank accounts 24/7/365, with settlement typically completed in seconds. Unlike ACH or wire transfers, RTP provides immediate finality and instant confirmation to both sender and receiver.

Reconciliation is the process of matching and verifying transaction records across multiple systems—such as a merchant's books, payment processor reports, and bank statements—to ensure they are consistent and accurate.

Recurring payments are automatic charges collected from a customer at regular intervals — weekly, monthly, or annually — based on a stored payment method. They power subscription businesses, SaaS billing, and membership models by eliminating manual re-authorization on every cycle.

A refund is a transaction that returns funds to a customer after a completed payment. Unlike a void, which cancels a transaction before settlement, a refund processes as a new credit back to the original payment method.

A rolling reserve is a risk-management tool where an acquirer withholds a percentage of a merchant's settlement funds for a fixed period, then releases them on a rolling basis as the hold window expires.

Sanctions screening is the process of checking customers, transactions, and counterparties against government and international watchlists to prevent prohibited parties from accessing financial services.

Scheme fees are charges levied by card networks such as Visa, Mastercard, and American Express on transactions processed through their payment rails. They are paid by acquirers and issuers, then typically passed through to merchants as part of overall card acceptance costs.

SEPA (Single Euro Payments Area) is a European payment integration initiative that enables cashless euro payments across 36 countries using unified standards, making cross-border transfers as simple and cost-effective as domestic ones.

Settlement is the process by which funds from a completed transaction are transferred from the issuing bank to the merchant's account, finalizing the payment after authorization and capture. It typically occurs 1–3 business days after the original transaction.

Smart retry is an automated payment recovery strategy that intelligently re-attempts failed transactions using optimized timing, routing, and card network rules to maximize authorization rates without triggering fraud flags.

An automated system that analyzes each payment transaction in real time and directs it to the processor most likely to approve it, based on card type, geography, amount, and historical performance data.

SOC 2 is an auditing framework developed by the AICPA that evaluates how service organizations manage customer data across five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy.

Strong Customer Authentication (SCA) is a regulatory requirement under PSD2 that mandates multi-factor verification for electronic payments in Europe, combining at least two of three elements: knowledge, possession, and inherence.

Subscription billing is a payment model where customers are charged automatically on a recurring schedule—weekly, monthly, or annually—in exchange for ongoing access to a product or service.

A SAR is a mandatory report filed by financial institutions and payment businesses when they detect transactions that may signal money laundering, fraud, or other financial crimes. Regulators use SARs as a primary intelligence tool to investigate illicit activity.

Synthetic identity fraud is when fraudsters fabricate a new identity by combining real and fictitious personal data—such as a valid SSN with a fake name—to open accounts, build credit, and ultimately commit large-scale financial theft.

The process of replacing sensitive card data with a non-sensitive token that can be stored and reused for future transactions. Tokenization enables one-click purchases, subscription billing, and dramatically reduces PCI compliance scope.

Underwriting is the risk assessment process payment providers use to evaluate a merchant's business before approving a merchant account. It determines credit limits, reserve requirements, and processing fees based on financial and operational risk.

A virtual terminal is a web-based application that lets merchants accept card payments by manually entering card details into a browser interface, without requiring a physical card reader or POS hardware.

A void transaction cancels a payment authorization before it settles, preventing funds from ever leaving the cardholder's account. Unlike a refund, no money changes hands — the hold is simply released.

Webhooks are HTTP callbacks that send real-time event notifications from one system to another. When a payment event occurs, a webhook pushes data to your endpoint instantly — no polling required.