Explore the A-Z of Payment Processing: Comprehensive Glossary of Payment Terms

Your Guide to Navigating Payment Terms: Understanding Industry Jargon

The Gala Technology payments glossary page provides a comprehensive list of key terms and definitions related to payment processing. This glossary covers various concepts such as different types of payment methods, security processes, transaction types, and compliance standards. It's designed to help users understand the complex terminology associated with payment processing and related technologies.


3D Secure

A security process that applies to online card payments. It was developed by Visa in the form of Verified by Visa to improve the security of online payments, and has since been adopted by MasterCard and American Express with their own versions. Adopting a 3D Secure process to accepting payments can shift liability for chargebacks away from a merchant.



Account2Account payments are those which are made directly from one bank account to another.


An Acquirer is a financial institution that processes credit or debit card payments on behalf of the merchant, collecting funds from the cardholder’s bank and placing it into a holding account until cleared and then settled into the merchant’s business account. They are also known as Acquiring Banks.


An acronym which stands for Application Programming Interface. An API is a piece of software which can be integrated into existing software to allow two different programmes to communicate and work with one another, for example your Customer Relationship Management system and the SOTpay payment processing software.


An acronym which stands for Alternative Payment Method. An APM is essentially a payment which doesn’t come in the form of cash or payment card. These can include Digital Wallets, Open Banking and PayPal, for example.


Authentication is the process of a cardholder directly or indirectly verifying a card payment. An example of directly authenticating a payment would be entering their pin number into a card terminal when making an in-person payment, or entering their 3D Secure password when making an online payment. Indirectly might be their card issuer choosing not to challenge a payment as it recognises that it has been made using the cardholder’s regular device at an outlet they regular spend at.

Authorisation Fees

Authorisation Fees are a common cost involved with accepting card payments, as a fee for authorising the transaction, and are in addition to Transaction Fees. An Authorisation Fee will typically cost between 1p and 5p.


The Address Verification System requires merchants to supply/check cardholder address information when processing Card-not-Present transactions. This includes online orders.



Previously known as the Bankers’ Automated Clearing System, BACS is an organisation which is responsible for clearing and settlement of bank transfers and automated Direct Debit payments.


Card Issuer

A Card Issuer is a financial institution that issues the payment card to the cardholder, such as Barclays, Revolut, Capital One etc.


A Card-on-File transaction occurs when a cardholder has authorised a merchant to store their payment details on file and charge the card when a purchase is made or a payment is due. Some retailers such as Amazon use Card-on-File to enable customers to make quick purchases using their saved card, as do organisations which adopt a subscription or membership business model.

Card Scheme

A Card Scheme is a central payment network that uses credit and debit cards to process payments. The scheme is a network that bridges the gap between the Acquirer and the Card Issuer for authorising and settling transactions. An example of a Card Scheme would be Visa or MasterCard.


A chargeback occurs when a cardholder has a dispute with a card payment, for example there is suspected fraudulent activity, or failure to deliver goods by the Merchant. Their bank will attempt to reverse the payment via the Card Issuer, who will charge the Acquirer, who will in turn charge the merchant. Fraud-related chargebacks are amongst the most common.


Cardholder Data Environment


Cardholder Data, which relates to cardholder’s name, card number, security code and expiry date.


Card-not-present is an extension of MOTO transactions and can extend to online purchases, which are often more secure due to the ability to authenticate the payment using 3D Secure or SCA methods, but not always.

Compliance Fees

PCI Compliance fees are a monthly or annual levy that merchants must pay to service providers for ensuring their merchant account complies with all applicable PCI standards. They do not guarantee full PCI Compliance, and the merchant will still be required to complete their own Self-Assessment Questionnaire (SAQ) which must remain updated. These are not to be confused with Non-Compliance Fees.

Countertop Card Reader

A Countertop Card Reader is a chip & pin and/or contactless payment terminal which sits static at the side of a till point in shops, cafes, hotels and garages, and is used for accepting in-person payments.


An acronym which stands for Customer Relationship Management. A CRM System is typically a programme on which a business will store data on new prospects and existing customers, and manage their relationships and interactions with either. Some CRM systems are designed for allowing multi-channel interactions, such as email, telephone and live chat.


CSID stands for Creditor Scheme Identifier, and is a unique ID number that a business will obtain to be able to process SEPA Direct Debit.


Also known as the CVV number, the CV2 is the security number attached to all debit and credit cards. On most Card Schemes the CV2 is the 3 digits on the back of the card, but American Express uses a 4-digit code on the front.


Data Breach

A Data Breach is a violation of security where information is stolen, copied, transmitted or used by an unauthorised person or operation. The information is often sensitive, confidential and protected. Data Breaches carry many risks, including financial penalties, reputational damage and prosecution.

Direct Debit

The process of enabling an authorised, automated recurring payment directly from a customer’s bank account into that of the merchant. These tend to be set for fixed amounts and on set dates, unless the payee provides prior notice of changes to terms, such as payment date or value.



E-commerce, also known as electronic commerce, is the process of buying and selling goods and services online, with a transfer of funds to pay for those products and services.


Encryption is the process of converting data in many forms, scrambling it into a form which cannot be deciphered by unauthorised parties. Encryption is one form of security measure that data handlers use that can help to protect from data breaches.


Fixed Recurring Payments

Similar to a subscription basis, a Fixed Recurring Payment occurs where the same value is charged to the cardholders account on a fixed date.

Friendly Fraud

Friendly Fraud is the act of a cardholder challenging a perfectly valid purchase from a merchant, by suggesting they did not make the purchase or that the items were not delivered even though they were, and therefore activating the chargeback process to benefit personally from the act. SCA and 3D Secure are active deterrents against Friendly Fraud.


F2F stands for Face to Face, and in the context of processing payments and orders, means the customer is present when the interaction takes place.



GDPR is an acronym which stands for General Data Protection Regulation. It is a regulation which was implemented in 2018, and replaced the old Data Protection Act. GDPR is a directive which addresses the privacy and protection of personal data, and enables European citizens to maintain a greater control over how their data is used. An example of GDPR in action in daily life is the requirement to accept or tailor a website’s cookie settings when you visit each one.




An Independent Sales Organisation (or ISO) is a company that sells credit card processing services independently from a financial firm or bank. In other words, an ISO is a third-party company that can sign up your business to accept credit cards.






M-Commerce, also known as Mobile Commerce, is a modern evolution of e-commerce, and relates to the use of devices such as mobile smart phone and tablets for conducting purchases of goods and services, paying bills and managing online bank accounts. It is not strictly restricted to online purchases, as digital wallets, where cardholders store their card details on their phones and make F2F purchases, are a development which is on the rise.


The Merchant is the business, retailer, or any other person or organisation that arranges to accept credit or debit card payments with an Acquirer or Independent Sales Organisation.

Merchant Acquirer

A financial institution that processes a payment transaction, acquiring the funds from the cardholder bank, placing it into a holding account, before eventually settling it into the merchant’s business bank account.

Merchant Account

The holding account that acquired funds are placed into when a Merchant Acquirer takes them from the cardholder’s account.


Merchant ID. A Unique ID number assigned to a merchant by an acquirer. Each payment channel, such as telephone or online, will be allocated a separate MID.


An MMS refers to a Merchant Management System.


Minimum Merchant Service Charge, an agreed fee with the Acquirer to guarantee a minimum payment by the Merchant, should their transaction fees fail to generate enough revenue. The Merchant will pay the Acquirer either the MMSC or the total monthly transaction rates, whichever is higher.


Merchant Services Charge, a charge levied upon the Merchant by the Acquirer for each transaction. This charge will vary, depending on the type of card used, ie. Debit or credit card, Visa or Amex.

Mobile Card Reader

A Mobile Card Reader is a card payment terminal which comes with SIM/Data Roaming capabilities to enable the merchant to accept in-person payments anywhere that has mobile coverage. They are particularly popular with street food vendors or traders that work in an outdoor setting, wherever that might be.


MOTO stands for Mail Order/Telephone Order, and relates to telephone or in-writing payments made when the card is not present in the merchant’s environment, so the card information would usually be entered into a Chip & Pin terminal or Virtual Terminal.


Non-Compliance Fee

A Non-Compliance Fee is a penalty issued if a merchant has failed to keep their merchant account compliant. The most common cause of a non-compliance fee would be failure to maintain or complete a Self-Assessment Questionnaire (SAQ). A non-compliance fee tends to be a monthly charge and can often be charged simultaneously with the PCI Compliance Fee if a merchant does not resolve compliance failures. It is entirely avoidable if you maintain account PCI compliance.

Non-Secure Transaction

A MOTO or CNP card payment made where the cardholder has not authenticated the purchase, therefore the merchant cannot prove that the genuine cardholder has made the transaction. This type of transaction is at major risk of fraud-related chargeback.


Open Banking

Open Banking is a payment process which enables a customer to pay a business directly using their mobile or online banking account, but without the need for security measures involved in setting up new recipients.



A PCI Point-to-Point Encryption (P2PE) Solution cryptographically protects account data from the point where a merchant accepts the payment card to the secure point of decryption. A PCI P2PE Solution can significantly help merchants reduce the PCI DSS validation effort of their cardholder data environment.


PAN is an initialisation of Primary Account Number, and is another term for the long number on the front of the payment card. 

Payment Gateway

Also known as a Payment Service Provider (PSP), a Payment Gateway is an online system used to facilitate an e-commerce transaction for the transmission of payment card information from a website or device, to a card processor for verification and authorisation of the payment between the customer and the merchant.


Payment Card Industry Security Stands Council. Formed in 2006 by Visa, MasterCard, American Express, Discover and JCB, the PCI-SSC devised and manages the development of the Payment Card Industry Data Security Standard.


The Payment Card Industry Data Security Standard is a series of twelve major requirements, plus several smaller requirements, which businesses that take card payments must adhere to with regards their payment card security measures, policies, procedures and guidelines.


PIN Transaction Security devices, also known as card readers of terminals, are used for capturing payment card data. The PCI-PTS is a series of requirements that manage the security of card data transmitted via card terminals.


The Payment Services Directive Two is a piece of legislation which forces payment service providers to improve their authentication processes by using multi-factor authentication, known as SCA.

Portable Card Reader

A Portable Card Reader is a chip & pin payment terminal which can be taken around a business premises to accept payments anywhere on site. They are typically quite popular in restaurants and bars where payments might be taken at the table.


QR Code

QR is short for Quick Response, and relates to QR codes which are a variation of bar code that contain data. Whilst they may store all manner of information, they are often used to quickly direct a device to a website or application where they can perform an action, such as make a payment, or find further information.


Recurring Payment

A Recurring Payment is a repeat transaction that the cardholder has given permission for, which bills their account on a periodic basis, such as weekly, monthly or yearly, and an ongoing basis or for a finite period of time, such as the length of a contract. They can be Fixed or Variable Recurring Payments.



SAD is an acronym which stands for Sensitive Authentication Data, for example the 3 digits on the rear of a payment card. 


An SAQ is a Self-Assessment Questionnaire that all merchants who take card payments or store sensitive personal information must complete to state that they are compliant with PCI-DSS requirements. They must be completed on an annual basis and there are different SAQs to complete, dependent upon the business size and type.


Strong Customer Authentication takes payment verification to a new level and is designed to be a major deterrent to fraudster. It will require a customer to provide additional information to authenticate the payment, such as their password or to enter a One Time Passcode at the point of purchase, or even using biometrics on their smart device.

Secure Transaction

A secure transaction is one which has been authenticated by the cardholder, either by Chip & Pin for an in-person payment, or through a process such as 3D Secure. As the payment has been authenticated, the merchant is protected and is no longer liable for any fraud-related chargebacks.


SEPA stands for Single Euro Payments Area, and is Euro version of BACS, which you may be more aware of. SEPA enables two bank accounts from different territories within the Eurozone.

Settlement of Funds

A settlement of funds is when money is transferred from the Acquirer to the Merchant’s business account. Rather than on a per transaction basis, it may be done in one lump sum, known as a batch settlement.

Shopping Cart Itegration



SUN stands for Service User Number, and relates to Direct Debits. It is a unique 6-digit number given to a Service User that takes Direct Debit payments. If you intend to accept payments by Direct Debit then a trip to the bank to check your eligibility is the first step. If an SUN cannot be provided, then a third party may be required to manage the process for you.



Tokenisation is the digital process of removing sensitive data, such as the long number on the front of a card (PAN), and replacing it with tokens, which are other characters, such as numbers or letters. These tokens have no logical value to any unauthorised entity that is able to access them, so the data is protected. td>

Transaction Fees

A Transaction Fee is a mandatory charge that any merchant must pay when accepting an electronic payment. The value of the fee will be dictated by various key factors, such as type of payment made (Open Banking Vs Debit Card, Debit Card Vs Credit Card), and the security of the payment (PCI DSS Compliant payment Vs Non-Secure Payment). For example, a non-secure credit card payment is likely to cost much more in transaction fees than a PCI-DSS compliant, secure debit card payment.



Virtual Terminal

A Virtual Terminal is a piece of software which will allow a merchant to accept card payments remotely (MOTO, online, fax, etc) without the cardholder being present. Using a virtual terminal alone for taking telephone payments would be a non-secure payment and may incur increased transaction fees, therefore it is recommended that further authentication practices are in place to ensure the merchant is protected from fraud-related chargebacks.





Don't Wait; Request a Priority Callback Now

Fill out the form, and a professional payment advisor will contact you.

Armor Secure Hosting    DMARC - Email Protection    PCI Compliant

Gala Technology Limited, Unit 10 Farfield Park, Manvers, Rotherham, South Yorkshire, S63 5DB
what3words location ///balance.buyers.shrug


Copyright © 2015 - 2024 Gala Technology Limited. All Rights Reserved.


Don't leave just yet!

Get the brochure

Snatch this SOTpay Brochure with pricing straight to
your inbox and resume like a Boss whenever it suits you!