Open the Portico Schema site
Portico Developer Guide
Glossary
3 | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

3

3-D Secure™
Three-Domain Secure™ (merchant, acquirer, issuer). A Visa-approved Authentication Method that is the global authentication standard for Electronic Commerce Transactions.

A

ABA Transit Number
American Bankers Association Transit Number. The ABA Transit Number, known as the routing transit number (RTN), is a 9-digit bank code used in the United States. It appears on the bottom of negotiable instruments, such as checks identifying the financial institution on which it was drawn.

ACH
Automated Clearing House. An electronic payment network most commonly associated with payroll direct deposit and recurring payments. The ACH can also be used to clear electronic checks and other demand deposit account (DDA) transactions.

ACI
Authorization Characteristics Indicator. A value determined by Visa based on the data included with the authorization request. It is returned with the electronic authorization response.

Acquirer
A company that enters into contractual relationships with merchants, therefore allowing the merchant to accept credit/debit cards. Heartland Payment Systems is an acquirer.

Acquiring Financial Institution
An acquiring financial institution contracts with a bank and merchants to enable credit card transaction processing. Also known as an Acquirer.

Acquiring Host
The processing system that communicates with the card acceptor or a communications network processor and is responsible for receiving the data relating to a transaction and obtaining an approval or denial for the transaction. The system maintains reconciliation totals for all financial transactions.

Activation
Terminal Hardware Device Transaction used to exchange an activation code for the authentication token; used for secure credential handling for terminal hardware.

Activation – Gift Card
Changing the state of a fixed denomination account from "inactive" to "active", enabling a stored value/prepaid card for use.

Activation and Initial Load – Gift Card
Changing the state of a stored value/prepaid account from "inactive" to "active", enabling the card for use, and requesting the loading of a variable amount to the account.

AES
Advanced Encryption Standard. It is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology.

AFD
Automated Fuel Dispenser. A pump at a service station or truck stop that is operated by the cardholder to obtain credit for pumping fuel. The pump contains a card reader. Also called an ICR, CRIND, or CAT.

Age Verification
A security process used to verify a consumer’s age. Age verification is typically used by liquor and tobacco outlets, bars and casinos.

Agents
Those who sell bankcard services to merchants on behalf of ISOs, acquirers and processors. Also known as merchant level salespeople (MLSs) and independent sales agents (ISAs), most agents are independent contractors. Others are paid employees of ISOs, acquirers and processors.

ANSI
American National Standards Institute. Governing institute that establishes guidelines for business practices.

APR
Annual Percentage Rate. The percentage rate charged for a credit card (or other loan) for a whole year. It is the finance charge, expressed as an annual rate.

ASP
Active Server Page. Part of Microsoft’s .NET platform. ASPX is a text file format used to create Webform pages.

ASV

Approved Scanning Vendor. The PCI Security Standards Council maintains a structured process for security solution providers to become Approved Scanning Vendors (ASVs), as well as to be re-approved each year.

The five founding members of the Council recognize the ASVs certified by the PCI Security Standards Council as being qualified to validate adherence to the PCI DSS by performing vulnerability scans of Internet facing environments of merchants and service providers.

The major requirement of the process is a rigorous remote test conducted by each vendor on the PCI Security Standards Council's test infrastructure, which simulates the network of a typical security scan customer. The Council has set up the test infrastructure in such a way as to deliberately introduce vulnerabilities and misconfigurations for the vendor to identify and report as part of the compliance testing process.

Authorization
A process where a merchant issues a request to an authorization center to obtain an approval for a cardholder transaction for a specific amount. This process verifies that a credit or debit card has sufficient funds available to cover the amount of the transaction. This process also reserves the specified amount and ensures the card is authentic and not reported lost or stolen. This authorization request is usually submitted through a point-of-sale device. The merchant may also obtain authorizations by telephoning the authorization center.

Authorization Code
A code that a credit card issuing bank returns to the POS indicating an approval of the request transaction.

Authorization Request
A request sent to a financial institution to determine if a credit or debit card has sufficient funds to cover the amount of the transaction.

Authorization Response
A response to an authorization request indicating a financial institution’s approval or disapproval of a transaction.

Auto-Substantiation
This transaction is applied to either a Credit Authorization or Credit Sale Transaction. Amount types included in this transaction are healthcare, prescription, vision/optical, clinic or other qualified medical, and dental amounts.

Auto-Voiding Transactions
Portico Gateway automatically voids all active credit transactions that have not been added to a batch after the Issuer time limits.

AVS
Address Verification Service. A system that verifies the personal address and billing information provided by a customer at the time of the transaction against the information the credit card Issuer has on file. This system enhances fraud protection.

B

B2B
Business-to-Business. A marketing term that refers to the commerce between business as opposed to business-to-consumer or business-to-government.

Back-End Vendor/Processor
A company that receives data, captures it from the front-end processor, and submits the data for clearing and settlement. The back-end vendor generates the merchant’s monthly statement, causes the merchant to be paid for their transactions, causes the merchant to be charged their processing fees and causes the cardholder to be charged. Examples of back-end vendors are: Passport and Vital.

Balance Inquiry
Requesting the balance of an existing stored value/prepaid account to provide to the customer at the POS.

Bank Card
In general, a bank card refers to a plastic card issued by a bank and used to access funds from an account.

Bank Routing Number
Every bank is assigned a unique 9-digit number for identification purposes. This routing number appears as the first 9 digits across the bottom of a check. (See also Transit Routing Number)

Batch
A set of credit and/or debit transactions submitted together for settlement, clearing, and funding. 

Batch Close
The process of sending transactions to the processor for clearing and settlement (the cardholders are charged and the merchant is paid).

BIN
Bank Identification Number. The primary account number found on credit cards and bank cards. It is a 6-digit number, maintained by the American Bankers Association that identifies the bank and type of card. The first number identifies the card type (i.e., American Express = 3, Visa = 4, Mastercard = 5, Discover = 6). Also referred to as IIN (Issuer Identification Number).

Buy Rate
The acquiring bank's fee. It is equal to interchange (which is paid to the issuing bank) plus the acquiring bank's markup. The wholesale price of a transaction to which processing and other fees are added to come up with the cost to a merchant. Buy rates have not been widely used since the multitude of interchange rates came into being. Many ISOs and acquirers now use pricing models that involve splits of net revenue.

C

CAB Program Code
A Card Acceptor Business (CAB) Program Code is a code assigned by Mastercard to represent a grouping of MCC values by Industry.  Each MCC can belong to only one  Industry CAB Program Code.

CAPN
Card Acceptance Processing Network. A set of requirements mandated by American Express to ensure processing of AMEX transactions according to their security standards. CAPN enhances POS security, supports expanded amounts, and adds a transaction lifecycle identifier for all AMEX transactions.

Card Acceptor
The facility at which a purchase is made and a payment transaction is initiated. Also known as a merchant.

Card Issuing Bank
A financial institution that issues payment cards such as credit/debit cards.

Card Laundering
When a merchant processes sales through its merchant account on behalf of another merchant. Laundering violates the terms of merchant agreements. Also called draft laundering and factoring.

Card Not Present
Card transactions (Internet or MO/TO purchases, for example) for which the customer’s card is not physically handled by the merchant. Interchange is set higher on these transactions because there is a greater likelihood of fraud.

Cardholder

A consumer doing business with a merchant using one or more of the following payments cards:

CAT
Card Acceptor Terminal. Unattended terminals that accept bank cards for payment. These terminals are frequently installed at rail ticketing stations, gas stations, toll roads, parking garages, and other merchant locations.

CAVV
Cardholder Authentication Verification Value. A unique value transmitted by an issuer (or Visa on behalf of an issuer) in response to an authorization request message.

Cellular CDMA
Code Division Multiple Access. Digital cellular technology that converts audio signals into a stream of digital information (made up of 1s and 0s).

Cellular GPRS
General Packet Radio Service Packet-based wireless communication service.

Chargeback
A procedure where a cardholder or card issuer is disputing all or part of the amount of a credit or debit card transaction. A chargeback is therefore the act of taking back funds from a merchant for a disputed or improper transaction.

Check Reader or Check Scanner
A counter-top device used to scan images of checks, according to legal specifications, for electronic clearing and settlement. Also known as check scanner.

CID
Card Identifier. A 3 or 4-digit code appearing on the front or back of Discover or American Express credit cards (Discover is 3 digits, American Express is 4 digits). CID is used for fraud prevention. For all other bankcards, see CVN.

CISP
Cardholder Information Security Program. A program established by Visa to ensure the security of cardholder information. CISP has been superseded by the PCI Data Security Standard.

Client
A company that has contracted to use the services provided by Heartland Payment Services.

Client Libraries
See Heartland POS Gateway Client Libraries.

Close Batch
The end-of-day or end-of-shift process where the merchant balances and submits their credit and debit card transactions for clearing and settlement. (See also Settlement)

CMDA - Verizon
Code Division Multiple Access. A communication channel access principle that employs spread-spectrum technology and a special coding scheme (where each transmitter is assigned a code).

CNP
Card Not Present. See Card Not Present.

CoF
Credential/Card on File.  Represents cardholder payment information that the merchant stores with permission that will be used for future purchases.

Commercial Cards
Credit cards issued to businesses for travel, entertainment and other business expenses.

Conditional
Conditional fields are required in the message under certain conditions. These conditions are indicated in the description or in an associated note.

Consumer
See Cardholder.

Corporate Cards
See Commercial Cards.

Counter-Top POS
A category of POS devices that typically only fit on a counter for use.

CPS
Custom Payment Services. Visa’s regulations for the information that must be submitted with each transaction. Transactions must meet CPS criteria in order to qualify for lowest transaction processing fees available. This is similar to Mastercard’s Merit system.

Credit Cards
Standard-size plastic token, with a magnetic stripe that holds a machine readable code. Credit cards are a convenient substitute for cash or check, and an essential component of electronic commerce and internet commerce. Credit cardholders (who may pay annual service charges) draw on a credit limit approved by the card-issuer such as a bank, store, or service provider (an airline, for example). Cardholders normally must pay for credit card purchases within 30 days of purchase to avoid interest and/or penalties. Cards can be issued by banks and non-banks and are associated with such brand names as AMEX, Discover Financial Services, Mastercard, JCB International Co. Ltd. and Visa.

CSC
Card Security Code. The security code on a credit card is the brief number that is printed on the card that helps verify its legitimacy. Depending on the card, the security code can be a 3-digit or 4-digit number, printed on either on the back of the card or the front, and goes by several names. The most common is CVV, which stands for "card verification value" code. Other card issuers call their security codes CVV2 (Visa), CVC2 (Mastercard) or CID (American Express).

CUP
China UnionPay. The only domestic bank card organization in the People's Republic of China.

Customer
See Cardholder.

CUT
Coordinated Universal Time. The time scale used as the basis of a coordinated dissemination of standard frequencies and time signals. Formerly known as Greenwich Mean Time (GMT).

CVC2
See CVV2.

CVN

Card Verification Number. This is a 3- or 4-digit number that appears on either the front or back of a credit card. It is not included in the magnetic stripe data. It is provided as a fraud deterrent to ensure the card is physically present when a POS transaction is initiated. These codes are only required at authorization time. The following terms are used by various card issuers:

CVV
Card Verification Value. An authentication procedure established by credit card companies to reduce fraud for internet transactions. It consists of requiring a cardholder to enter the CVV number in at transaction time to verify that the card is on hand. The CVV code is a security feature for "card not present" transactions (e.g., Internet transactions), and now appears on most (but not all) major credit and debit cards. This new feature is a 3- or 4-digit code which provides a cryptographic check of the information embossed on the card. The CVV code is not part of the card number itself.

CVV2
Card Verification Value. A 3-digit code appearing on the front or back of Visa or Mastercard. CVV2 is used for fraud prevention. For all other bankcards see CVN.

D

DBA
Doing Business As

DCC
Dynamic Currency Conversion - Allows a cardholder to make a purchase in a foreign country in the currency of their home country.

DDA
Demand Deposit Account. A merchant’s checking account that is credited or debited with their deposits, fees and adjustments (also referred to as Direct Deposit Account).

Debit Card
Issued by financial institutions and tied to cardholders' DDAs. Debit card funds are withdrawn directly from a cardholder’s checking account. Debit cards come in online/offline and offline-only versions. Online in this context means able to interface with the card brand networks for authorization at the POS. Debit cards can be co-branded with Discover, Mastercard or Visa. Online debit requires customers to enter PINs; offline debit card payments are authorized with cardholder signatures.

DES
Data Encrypted Standard. A standard method for encrypting and decrypting data which was developed by the U.S. National Institute of Standards & Technology.

Dial-up
A temporary communication connection through a telephone line.

Discount
A fee charged to a merchant for card processing services. This fee is usually represented as a percentage of the merchant's daily or monthly credit/debit sales. (Also known as "discount fee" or "discount rate.")

Discount Fee
A fee charged to a merchant for card processing services. This fee is usually represented as a percentage of the merchant's daily or monthly credit/debit sales. (Also known as "discount" or "discount rate.")

Discount Rate
The percentage of card sales acquirers collect from merchants for transaction authorization and settlement.

Downgrade
A transaction is downgraded because it does not qualify for the best interchange rate possible, therefore the transaction costs more to process. Examples of why a transaction downgrades are: a) credit card is not swiped; b) merchant does not close their batch within 24 hours; c) the credit card used is a business, corporate or foreign credit card; d) the credit card was voice authorized.

Download
The passing of programming information and parameters from a processor to a point-of-sale device such as a terminal. This passing or transfer of information is typically accomplished by the point-of-sale device "dialing out" and connecting to the processor’s remote computer.

DPAN
Device Primary Account Number or Digital Primary Account Number that represents a  cardholder PAN.  This is a network token which can be used to process transactions via from a specific device, such as the cardholder's mobile phone.

Draft Laundering
See Card Laundering.

DSL
Digital Subscriber Line. DSL is a family of technologies that provides digital data transmission over the wires of a local telephone network.

DSOP
Data Security Operations Policy. A standard developed by American Express to protect cardholder information. PCI is now used as a standard.

DSS
Data Security Standard. See PCI-DSS.

DTMF
Dial tone multi-frequency. Used for telephone signaling over the line in the voice-frequency band to the call switching center.

DUKPT
Derived Unique Key Per Transaction. Reference standard X9.24, Retail Key Management for this definition. It is a key management technique in which for every transaction a unique key is used, which is derived from a fixed key. If a derived key is compromised, future and past transaction data are still protected since the next or prior keys cannot be easily determined.

E

E3
Heartland End-to-End Encryption. New technology offered by Heartland to allow encryption of card data from initial swipe or input at the POS through arrival at the Issuer. This system not only removes intrusion threats but it also greatly reduces the scope for PCI audits on the associated merchant POS software.

EBT
Electronic Benefits Transfer. EBT is an electronic system in the United States that allows state governments to provide financial and material benefits to authorized recipients through a plastic debit card. Common benefits provided are typically in two different categories: Food Stamp and Cash Benefits.

ECA
Electronic Check Acceptance. Electronic process of depositing a check into a merchant account. A check is processed through an electronic system that captures bank account information and the amount of the check. The ‘paper’ check is handed back to the customer, voided or marked so that it cannot be used again. The merchant electronically sends information from the check (but not the check itself) to a bank or other financial institution, and the funds are transferred into the merchant’s account.

EDC
Electronic Data Capture. The process of electronically authorizing, capturing and settling a credit card transaction.

EDI
Electronic Data Interchange. The structured transmission of data between organizations electronically. It is used to transfer electronic documents or business data from one computer system to another computer system.

EEPROM
Electronically-Erasable Programmable Read-Only Memory. EEPROM is a special type of PROM that can be erased by exposing it to an electrical charge. Like other types of PROM, EEPROM retains its contents even when the power is turned off. EEPROM is similar to flash memory. The principal difference is that EEPROM requires data to be written or erased 1 byte at a time whereas flash memory allows data to be written or erased in blocks.

EFT
Electronic Funds Transfer. A way of performing financial transactions electronically. The Pulse and Star networks are examples of EFT systems.

EIFR
Electronic Interchange Reimbursement Fee. The fee that a merchant's bank or acquiring bank pays the customer's bank or the issuing bank after a merchant accepts the use of a card for a particular transaction. The issuing bank, in a payment transaction, deducts the interchange fee in which it pays the acquiring bank that handles the transaction on behalf of the merchant or business owner. In turn, the merchant is paid by the acquiring bank the amount for the purchase minus the interchange fee. Some smaller fees may also apply, which are commonly referred to as the discount rate, the passthru or the add-on rate.

EIPP
Electronic Bill and Invoice Presentment and Payment. This is a business-to-business system for billing, invoice presentment, and payment.

EMV
Europay, Mastercard and Visa. EMV is a global standard for inter-operation of integrated circuit cards (IC cards or "chip cards") and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions.

EMVCo
Europay International, Mastercard International and Visa International. EMVCo manages, maintains and enhances the EMV® Integrated Circuit Card Specifications for chip-based payment cards and acceptance devices, including POS terminals and ATMs. EMVCo establishes and administers testing and approval processes to evaluate compliance with the EMV Specifications. EMVCo is currently owned by American Express, JCB, Mastercard and Visa.

Encryption
A method of protecting data by "scrambling" data. Encryption transforms readable information using an algorithm (called a cipher) and makes it unintelligible to anyone except those who possess a key that converts the information back into readable form.

End-to-End Encryption
See E3 definition.

EPPS
Encrypting PIN Pads. EPPs form a component of unattended PIN Entry Devices (PEDs). Typically, EPPs are used to enter a cardholder’s PIN in a secure manner. EPPs are used in conjunction with ATMs, automated fuel dispensers, kiosks, and vending machines.

EPROM
Erasable Programmable Read-Only Memory. A type of memory chip that retains its data when its power supply is switched off.

ERC
Electronic Receipt Capture. A paperless system that securely stores and retrieves electronic card receipts on demand. This reduces bank chargeback losses and the costs associated with merchants' storage and manual retrieval of paper receipts.

F

Factoring
See Electronic Funds Transfer.

File Extension
Part of a filename that indicates the file type.

Financial Transaction
A message that either notifies the host of the completion of a previously authorized payment transaction or that requests the approval and completion of the payment transaction by the host causing the reconciliation totals to be increased.

Floor Limit
The payment amount above which credit and debit card transactions must be authorized. This amount is specified in each merchant's processing agreement.

Force/Offline Transaction (Prior Authorization)
The after-the-fact entry of a sale transaction. The merchant obtains an approval code for the transaction by telephoning the authorization center. The transaction must now be entered into the terminal by "forcing it" or "offline entry." When pressing the "force" or "offline" key on the terminal, the terminal does NOT dial out to the authorization center, as the merchant has already obtained an authorization by telephone. The merchant simply swipes the credit card or manually enters the credit card number and expiration date, amount of the sale and the authorization code. The terminal simply "captures and stores" the transaction in the merchant's batch, due to already having obtained a valid authorization code.

Fraud Monitoring
An operational process, usually done in the risk management area that involves setting alert parameters for review at the time each transaction is presented to the system. Examples of these parameters are: excessive chargebacks, excessive credits/refunds, duplicate transaction amounts, excessive sales, higher than expected average sale amounts.

Front-End Vendor/Processor
A company that provides communication and data processing to authorize card transactions and transfer the data between the merchant’s point-of-sale equipment to the back-end clearing/back-end settlement processor. Examples of front-end vendors are: Heartland Exchange, VISANet, MAPP, BuyPass, NDC, MDI, Paymentech, Envoy, and FDR.

FSA
Flexible Spending Accounts. A tax-advantaged financial account that can be set up through an employer in the United States. An FSA allows an employee to set aside a portion of his or her earnings to pay for qualified expenses as established in the cafeteria plan, most commonly for medical expenses or purchases.

FTIN
Federal Taxpayer Identification Number An identification number assigned to taxpayers by the IRS.

FTP
File Transfer Protocol. Standard network protocol used to transfer files from one host to another over a TCP-based network such as the Internet.

G

Gift Card
A card that can be used for purchases as well as for storing value on the card.

GPRS - Cingular
General Packet Radio Service. Charges by the data and not connection time.

Gratuity
This is an adjustment to a transaction for a tip.

GSA
General Services Administration. Visa Purchasing Card that is issued to federal government agencies by an Issuer contracted with the General Services Administration.

GSM
Global System for Mobile communications. Standard for mobile phones.

H

HBMI
Defined by the GSAP-NA and GSAP-AP authorization platforms as Host Based Merchant Initiated batch close.  Portico acts as the merchant in managing the batch details.  The merchant may send a BatchClose request to Portico, or be set up for Auto-Close.

HBTI
Defined by the GSAP-NA and GSAP-AP authorization platforms as Host Based Time Initiated batch close.  The host manages the batch details.  Requires configuration in Portico. 

Help Desk Center
Organization or department that is tasked with supporting the clerks in the various client locations when a problem is encountered with the POS system or its operation. The type of support available depends on the operating environment and service agreements.

HIM
Heartland Information Marquee. Found on the merchant serving page (merchant viewer).

HMS
Heartland Marketing Solutions. An HPS Specialty Team that services HMS merchants. Paperwork or questions regarding HMS should be directed to 1-866-402-8056 or to HeartlandmarketingSolutions@e-hps.com.

Hold Back
The money set aside from a merchant's credit card receipts to cover potential chargebacks or other disputes. Typically, the amount is returned after a specified period.

HOST
Any networked computer that provides services to other computers, systems or users.

Host Batch Close
A system where the merchant's transactions are stored at the "host" and not in the actual terminal or point-of sale device. The host computer captures and retains all the transactions. The host automatically closes all batches at a predetermined time if the merchant does not initiate a "close batch" function.

HRA
Health Reimbursement Arrangement. HRAs are Internal Revenue Service sanctioned programs that allow an employer to set aside funds to reimburse medical expenses paid by participating employees. Using an HRA yields tax advantages to offset health care costs for both employees as well as an employer.

I

ICR
Island Card Reader. An ICR is an unattended device that accepts payment cards, typically used with fuel pumps at gasoline stations. Also known as AFD, CRINDS, DCR, and pay-at-the-pump.

IEEE
Institute of Electrical and Electronics Engineers. The IEEE is a non-profit professional association dedicated to advancing technological innovation related to electricity.

IIAS
Inventory Information Approval System (healthcare). This system identifies the qualified healthcare products being purchased by the cardholder at the point of sale. This system must be used for merchants utilizing auto-substantiation.

IIN
Issuer Identification Number. See BIN.

Incremental Authorization
Unique authorization for the Lodging Industry. Occurs when an authorization is adjusted above a threshold amount.

Integrated POS
A category of POS devices that typically combine several Point of Service locations in such industries as Retail, Parking, and Petroleum.

Interchange
The process by which all parties involved in a credit card transaction (processors, acquirers, and issuers) manages the processing, clearing and settlement of credit card transactions.

Interchange Fees
Fees paid by the acquirer (Heartland) to the card issuing bank to compensate for transaction-related costs.

IP Address
Internet Protocol Address. A unique number assigned to any computer or printer that uses internet protocol.

ISA
Independent Sales Agent. See Agent.

ISC
Information Security and Compliance. Program used by Discover to implement and maintain efficient data security requirements and procedures. PCI is now used as a standard.

ISDN
Integrated Services Digital Network. A set of standards for digital transmission over ordinary telephone copper wire as well as over other media. ISDN requires adapters at both ends of the transmission so an access provider also needs an ISDN adapter.

ISO

International Organization for Standardization. Founded in 1946, ISO is an international organization composed of national standards bodies from over 75 countries. ANSI is a member of ISO. ISO has defined a number of important computer standards.

Also an organization registered with Visa and sponsored by an acquiring bank to sell Visa card acceptance services. Can refer to an organization that works with and does business under the name of such a registered ISO. ISOs may also service merchant accounts once they are registered, dependent upon the contract with the acquirer. Mastercard uses the term "member service provider" to describe ISOs. However, it is common within the payments industry to use the term "ISO" when referring to independent sales organizations registered with either or both card brands.

Issuer
A company that enters into contractual relationships with consumers and/or businesses through the issuance of plastic credit/debit cards. An issuer is also known as a "card issuing center." Examples of issuers are Bank of America and Citi-Bank.

Issuing Bank
A federally insured financial institution that issues credit and debit cards. This is the cardholder's financial institution.

Issuing Host
The processing system that acts under the authority of the card issuer to receive a transaction and to approve funds to be given to the card acceptor or to guarantee checks.

ITU
International Telecommunication Union. An international organization within which governments and the private sector coordinate global telecom networks and services.

J

JCB
Japan Credit Bureau. An independent card company originally established in Japan. JCB International Credit Card Company, Ltd. was established in Los Angeles in 1988 to issue credit cards as well.

K

Key Data
Data related to a security key. Reference standard X9.24, Retail Key Management.

KSN
Key Serial Number. Used in PIN encryption/decryption.

KTB
Key Transmission Block. Also known as the Encryption Transmission Block.

L

LLVAR
L is for length (LLL = 3 bytes). The field is parsed as 3 bytes of length and remaining of bytes as text content.

Load Amount
The amount of value that is added to the account. See Activation and Reload.

Load Value
To deposit funds into a cash account.

LRC
Longitudinal Redundancy Character. The LRC is used as an error checking method by both host and terminal to validate that the data was received without error.

LUHN Formula
The LUHN formula, also known as the MOD-10 Checksum, is used to generate and/or validate and verify the accuracy of account numbers.

M

Maestro
Maestro is a multi-national debit card service owned by Mastercard.

Magnetic Stripe
A strip of magnetic material on the back of credit cards which contains data identifying the cardholder, such as account number and cardholder name.

Manual Entry (Key Entered)
Card information is entered manually, or key-entered into a terminal, usually because the magnetic stripe could not be read or the card is not present at the time of sale (i.e., a mail/phone order merchant).

MCC
Merchant Category Code. Usually a 4-digit number that identifies the type of business in which a merchant is engaged by the type of goods or services it provides. Visa and Mastercard have specific numbers for each type of merchant business.

Member Service Provider
See ISO.

Merchant
Business that is a Heartland customer that processes transactions.

Merchant Bank
A banking or financial institution that provides merchant services.

Merchant Discount Fee
A fee charged to a merchant for card processing services. This fee is usually represented in a percent format (example 2.25%). This merchant discount fee is used to determine part of a merchant’s monthly processing charge.

Merchant Service Fee
A fee assessed to a merchant for Heartland's value-add services such as the Merchant Center, 24/7 customer support and local servicing by Heartland Payment Systems Relationship Managers.

Message
A set of data elements used to exchange information between a POS system and the Heartland Payment Systems.

Message Authentication Code
A block of encrypted data to be sent from the POS on every contact Interac sale and return request. Required for Canadian merchants processing debit reversals.

MICR
Magnetic Ink Character Recognition. Character-recognition technology that uses a countertop reader device used to scan magnetic ink character recognition lines. A MICR line is a sequence of digits at the bottom of a check that provides details about the bank and account on which the check is drawn, and supports authorization and clearing routines.

MID
Merchant Identification Number. A number assigned by an acquirer to identify each merchant for the purpose of reporting, processing and billing. All Heartland Payment Systems merchant numbers begin with a 65. All Heartland Payment Systems merchant numbers are 15 digits in length.

MIME
Multipurpose Internet Mail Extensions. An Internet standard that extends the format of email to support: Text in character sets other than , non-text attachments, Message bodies with multiple parts, and Header information in non- character sets.

MOD-10 Checksum
Modulus 10 Checksum. The "modulus 10" or "mod 10" algorithm, also known as the Luhn formula, is a simple checksum formula used to validate a variety of identification numbers, such as credit card numbers.

MOTO/eCommerce
Mail Order/Telephone Order (MOTO). Typically, credit transactions handled as "card not present." These transactions generally involve purchases made through mail order or telesales companies. In this type of transaction, the merchant typically has a card terminal and manually keys in required card information for transmission to the appropriate authorization network. Interchange rates for these transactions are among the highest.

MPLS
Multiprotocol Label Switching. A mechanism in high-performance telecommunications networks which directs and carries data from one network node to the next. It can encapsulate packets of various network protocols. MPLS is a highly scalable, protocol agnostic, data-carrying mechanism. Packet-forwarding decisions are made solely on the contents of the MPLS label, without the need to examine the packet itself. This allows creation of end-to-end circuits across any type of transport medium, using any protocol.

MSP
Merchant Services Provider (Heartland). Handles the setup with the Front-End and Back-End Processors.

MSR
Magnetic Strip Reader. The device that a payment card is swiped through as the Track Data is read.

N

NACHA
National Automated Clearing House Association. It manages the development, administration, and governance of the ACH Network, the backbone for the electronic movement of money and data in the United States.

NACS
National Association of Convenience Stores. The association for convenience and fuel retailing.

NDA
Non-Disclosure Agreement. A confidentiality agreement signed by a customer and delivered to Heartland Payment Systems. Completion of NDA is required before receiving Heartland SDK, documentation and specifications.

O

Optional
Optional fields are never required. Optional fields in the response are only present when they were present in or generated due to the associated request.

OTB
Open to Buy. The amount of credit left on an account. For example, before a purchase, a customer has $600.00 OTB. The customer purchases $100.00 worth of products. After the purchase, the amount of OTB for that account is $500.00.

OTC
Over-the-Counter. Used in healthcare industry transaction descriptions.

P

PAD
PIN Acceptance Devices. Numeric key pad a consumer uses to enter a Personal Identification Number (PIN) when paying with a debit card.

PA-DSS
Payment Application Data Security Standard. Standards established by Payment Card Industry Security Standards Council to ensure compliance with mandates set by Bank Card Companies.

PAN
Primary Account Number. Also known as the card number. Number code embossed on a bank or credit card and encoded in the card's magnetic strip. PAN identifies the issuer of the card and the account, and includes a check digit as an authentication device.

PAPB
Payment Application Best Practices. PCI SSC took over management of PABP and renamed to PA-DSS. See PA-DSS.

Partial Authorization
A process to complete a transaction if the full amount requested is not approved but a partial portion of the requested amount is approved. A merchant must be set up for this capability. If a merchant is set up for this capability, the Portico Gateway Issuer response will contain the full amount requested or a lesser or partial amount authorized.

Payment Facilitator
A third-party merchant services provider with their own sub-merchant portfolio, which commonly includes underwriting, transaction monitoring, funding, and chargeback control.

A Payment Facilitator may aggregate multiple sub-merchants under a single MID.

PayPlan
The Portico PayPlan application allows a merchant to set up and manage recurring payments. It also provides other important and useful functionality, including: customer information management, secure payment information storage, one-time payment from cards or ACH on file, automated email notifications to merchants and customers, predefined and customizable reports, and the ability to load existing customer and payment information into the Portico PayPlan database.

PCI
Payment Card Industry. The payment card industry (PCI) denotes the debit, credit, prepaid, and the POS cards and associated businesses. The term is sometimes more specifically used to refer to the Payment Card Industry Security Standards Council (PCI SSC), an independent council originally formed with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standards (PCI-DSS).

PCI CAP

Visa PCI Compliance Acceleration Program. Under the CAP plan, acquirers are required to validate Level 1 and 2 merchant compliance with PIN security. This means that Level 1 and Level 2 merchants must not use payment devices such as PIN pads, and encourages the use of unique encryption keys for every device.

For Level 3 and 4 merchants, acquirers must establish a thorough compliance program for those merchants. According to Visa, as of November 1, 2007, acquirers whose transactions qualify for lower interchange rates available in the Visa and Interlink tiers must ensure that the merchants generating the transactions are PCI compliant in order to receive this benefit.

PCI-DSS
Payment Card Industry Data Security Standard. The framework for developing a robust payment card data security process including prevention, detection, and appropriate reaction to security incidents.

PED
PIN Entry Devices. PCI PED requirements were established to protect against fraud by ensuring the security of devices that process financial data. Approval is granted for devices that have been evaluated by an approved laboratory and determined to be compliant with PCI Security Requirements.

Peripheral
Any device that attaches to a computer and is controlled by its processor.

PIN
Personal Identification Number. A PIN is used to help ensure that the cardholder is really the cardholder. It is typically a 4-digit number that is not found anywhere on the card or in the track data.

PIN Debit
A debit card transaction authorized by the cardholder using a personal identification number.

PIP
Plural Interface Processing. The process that routes (through an American Express terminal or software) Visa, Mastercard and Discover card transactions to a financial services provider and American Express transactions directly to American Express for both authorization and settlement.

PL
Private Label. Private Label products or services are typically those manufactured or provided by one company for offer under another company’s brand. Private Label Payment Cards tend to be exclusive to one merchant or company and can include special features, such as a rewards program.

POS
Point of Sale or Point of Service. The hardware and software used to collect and transmit non-cash payments for goods and/or services. The device where retail sales occur and payment transactions are initiated.

POS Sequence Number
POS sequence number for Canadian Debit transactions.

POS System
Point of Sale System or Point of Service System. The system that processes the transaction messages at a point of service. The system may handle other non-transaction functions also.

Post-Authorization (Post-Auth)
An offline transaction, also called a force, in which a transaction is created and placed in the merchant's batch using an existing authorization (normally received from a voice authorization center). (See also Offline/Force Transaction).

POTS
Plain Old Telephone Service. A basic wireline telecommunication connection.

Prepaid Card
A card representing a proxy for a stored value/prepaid account where value resides that the consumer can use for the purchase of specific goods or services provided by a prepaid product’s service provider.

Private Label Cards
Credit, debit or stored value cards that are used only at a specific merchant’s store. Proprietary cards.

Processor
An acquirer (such as Heartland Payment Systems) or an acquirer's agent that provides authorization, clearing or settlement services for merchants.

PROM
Programmable Read-Only Memory. A form of digital memory where the setting of each bit is locked. Such PROMs are used to store programs permanently. The key difference from a strict ROM is that the programming is applied after the device is constructed.

Proprietary Cards
See Private Label Cards.

Proximity Entry
This transaction occurs when a card is read by a proximity reader to capture the card information stored on the magnetic strip or chip.

PTS Program
POS Terminal Security Program. This is a security evaluation program for Internet Protocol-enabled POS devices to ensure the necessary level of protection for transaction and cardholder data at Merchants that use equipment that support the TCP/IP protocol suite. The security evaluation verifies that POS devices meet the relevant Mastercard requirements in terms of confidentiality, integrity and communicating parties' authentication. By addressing the interface of POS terminals to open networks using open protocols, this new security program complements existing security programs at Mastercard that already address merchants or POS, such as PCI POS PED (security of PIN provided by PIN Entry Devices) and SDP (based on the PCI Data Security Standard).

Purchase
This term represents a sale transaction of services or goods.

Q

QRG
Quick-Reference Guide. A document or chart, used as a guide, to give a merchant quick reference to terminal operation procedures, such as batch settlement, offline/force entries, refunds, etc.

QSA
Qualified Security Assessor. An individual who meets specific information security education requirements, has taken the appropriate training from the PCI Security Standards Council, and who performs PCI compliance assessments as they relate to the protection of credit card data.

QSR
Quick Service Restaurant. A specific type of restaurant characterized by fast-food cuisine and by mini-meal table service.

R

RDC
Remote Deposit Capture. A check deposit process whereby paper checks are converted into digital images for electronic clearing and settlement, through either electronic check or ACH systems.

Recharge
See Replenish.

Reconciliation
The process of confirming the accuracy of partial or final totals by comparing totals from different systems.

Reload
To load an amount of funds into a stored value/prepaid account.

Replenish
To deposit funds into either the cash or credit account.

Reports
Various transaction reporting functionality available from Heartland Portico Gateway. Transactions supported are: ReportActivity, ReportBatchDetail, ReportBatchHistory, ReportOpenAuths, ReportTxnDetail, and ReportBatchSummary

Request
A message directing or instructing the receiver to perform a specified action and respond with the results of the action.

Required
Required fields are always required to be sent in the message.

Reserve
See Hold Back.

Response
A message that provides the results of an action requested by the sender.

Response Codes
Codes returned from Portico Gateway or the Issuer down to the POS. Codes verify that a particular transaction was accepted or reflect why it was declined.

Retrieval
A request for a legible copy of a sales slip and/or other documentation relating to a credit or debit card transaction. This is the process or stage before a disputed transaction becomes a chargeback.

Reversal
A message that cancels the specified financial transaction that was previously reported as complete, causing the reconciliation totals to be decreased.

Reversal Reason Code
Defines the reason for reversing a previously approved transaction. Required for Canadian merchants processing debit reversals. See enumerations for specific values supported.

RFID
Radio Frequency Identification or Radio Frequency Input Device. Radio-frequency identification (RFID) is the use of an RFID tag applied to or incorporated into a product for the purpose of identification using radio waves. Some tags can be read from several meters away and beyond the line of sight of the reader.

RTN
Routing Transit Number. A routing transit number is a 9-digit bank code, used in the United States, which appears on the bottom of negotiable instruments, such as checks, identifying the financial institution on which it was drawn.

S

SAF
Store and Forward.

SDK
Software Development Kit. Compilation of software and documents for communicating to Heartland Portico Gateway. NDA must be completed by processing customer and on file with HPS before receipt of the SDK. Kit includes:
Heartland Developers Guide, XML Schema, HTTP XLM Schema Documentation, Source Code Examples, and the Heartland POS Gateway Client Library.

SDP
Site Data Protection. Mastercard's program to maintain data security requirements and compliance validation requirements to protect stored and transmitted payment account data. PCI is now used.

Service Fee
A fee assessed to a merchant for Heartland’s value-add services such as the Merchant Center, 24/7 customer support and local servicing by Heartland Payment Systems Relationship Managers.

Settlement
The process of transferring funds for sales and credits between acquirers and issuers, including the final debiting of a cardholder's account and the crediting of a merchant's account. (See also Close Batch).

SIC
Standard Industry Code (MIC). Usually a 4-digit number that identifies the type of business in which a merchant is engaged (also called Merchant Category Code (MCC)). Visa and Mastercard share specific numbers for each type of merchant business.

Signature Debit
A Visa Debit or Debit Mastercard transaction authorized by a cardholder's signature.

SNAP
Supplemental Nutrition Assistance Program. Offers nutrition assistance to millions of eligible, low-income individuals and families and provides economic benefits to communities. SNAP is the largest program in the U.S. domestic hunger safety net.

SOAP
Simple Object Access Protocol. A communication protocol for use between applications using XML messages through the Internet. It is platform and language independent, simple, extensible, and allows for communication around firewalls.

Sponsor Bank
See Acquirer.

SSL
Secure Sockets Layer. A protocol for transmitting data over the internet. SSL uses a cryptographic system to provide safety and privacy of data.

Super ISO
A large, independent sales organization that supports multiple downstream ISOs and MLSs. Some super ISOs are also processors.

SVA
Stored Value Account. Stored Value Accounts are card-based payment systems that assign a specific value to the card. Such cards are often referred to as gift cards or pre-paid cards. The card's value is stored on the card itself (on the magnetic stripe or in a computer chip) or in a network database. As the card is used for purchases, the total of each transaction amount is subtracted from the card's balance. As the balance approaches zero, some cards can be "reloaded" through various methods and others are designed to be discarded.

Swiped Entry
A transaction where a card is swiped (or passed) through a magnetic card reader or chip reader to capture card information stored on the magnetic strip or chip.

System
A processing system that provides transaction services to the card acceptor. The term includes acquiring host, authorizing host, and issuing host.

System/Device
A single hardware unit (device) or a group of units (system) that present messages to a host processing system.

T

TDES
Triple Data Encryption System. In cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm. It is so named because it applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. Triple DES provides a relatively simple method of increasing the key size of DES to protect against brute force attacks, without requiring a completely new block cipher algorithm.

Terminal
See POS system.

Terminal Batch Close
A system where the merchant's transactions are stored within the terminal's memory. The terminal stores the transactions until the merchant closes the batch.

TID
Terminal Identification Number. A number assigned to the physical terminal device to identify its attributes to the processor. Each terminal within a merchant location has a separate TID.

TIN
Taxpayer Identification Number. An identification number assigned to taxpayers by the IRS. The TIN for individuals is their social security number. The TIN for businesses is the employer identification number.

TLS
Transport Layer Security. A cryptographic protocol designed to provide communication security over the Internet.

TLV
Type-length-value. Optional information that may be encoded in a data communication protocol.

TPPs
Third Party Processors. An independent processor that is contracted with by a Bank or Processor to conduct a part of transaction processing.

Trace Number
Number identifying original transaction.

Track Data
Track Data is the information encoded within the magnetic strip on the back of a credit card which is read by the electronic reader within the terminal or point-of-sale (POS) system.

Transaction
A set of messages to complete a processing action.

Transaction Fee
A fee charged to a merchant each time a transaction is processed, which dials into the authorization system, such as a sale or authorization only.

Transaction Header
A header is to be built for each transaction. This is used for authentication and validation.

Transit Routing Number
Every bank is assigned a unique 9-digit number for identification purposes. This routing number appears as the first 9 digits across the bottom of a check. (See also Bank Routing Number).

TRSM
Tamper Resistant Security Module. Key encryption.

TSYS
Total System Services. Vital. Back-end processor.

U

UAT
User Acceptance Test. Testing for business users to attempt to make a system fail, taking into account the type of organization it will function in. It is checking and verifying the system in the context of the business environment it will operate in.

UTC
Coordinated Universal Time. Also known as Greenwich Mean Time.

V

VAR
Value Added Reseller. A company that adds features or services to an existing product and resells it (usually to end-users) as an integrated product or complete turn-key solution.

Version
May refer to a document version or software version. Each time a new document or software revision is released, a revision version number is incremented.

VIP
VISANet Integrated Payment System. Visa's main transaction processing system.

VNP
VISANet Processors. An entity that is directly connected to Visa through a VisaNet Extended Access Server (VEAS).

Voice Authorization
The process of obtaining an authorization by telephone, typically as a back-up procedure. When an authorization cannot be obtained through an electronic credit card terminal or POS device.

Void
An attendant initiated transaction request to cancel a recently completed transaction.

VSAT
Very Small Aperture Terminal. The hardware and software located at a merchant’s location that allows POS communications by satellite.

W

webTOP
Terminal Option Page. Boarding merchants through web options.

WEP
Wired Equivalent Privacy. Standard for data security. Up to four keys are available using 64-bit or 128-bit encryption.

Wi-Fi
Wireless Fidelity. Another name for the 802.11b wireless networking standard developed by the IEEE.