NETPAY PAYMENT SYSTEM GLOSSARY
This glossary contains
definitions and terminology particular to NetPay, SET, and basic
electronic commerce terminology.
ABA Routing Number
Unique bank identifying number that directs electronic ACH deposits to the
proper bank — this number precedes the account number printed at the
bottom of a check. This number is usually printed with magnetic ink.
Acquirer or Acquiring Bank
A financial institution (or its agent) which receives electronic financial
data from a Merchant relating to a transaction and initiates that data
into an interchange system. The Acquirer is the Merchant Account issuer.
The Acquirer works directly with businesses to establish Merchant
Accounts. Merchant Accounts establish a way in which monies may be
deposited into a business deposit account collected from a cardholder’s
bank (or account).
The payment gateway is a system operated by an Acquirer for the purpose of
providing electronic commerce services to the merchants who support the
Acquirer, and interfaces with the Acquirer to support the authorization
and capture of transactions.
Process which seeks to validate identity (merchants and cardholders) or to
prove the integrity of a transaction. Authentication in public key systems
uses digital signatures.
This is a process that assesses transaction risk, confirms that a given
transaction does not raise the account holder's debt above the account's
credit limit, and reserves the specified amount of credit. (When a
merchant obtains authorization, payment for the authorized amount is
guaranteed provided, that the merchant followed the rules associated
with the authorization process.)
The portion of time that a system can be
used for productive work, expressed as a percentage.
Capacity of a network or data connection,
often measured in kilobits/second (kbps) for digital transmissions.
Software resident on a cardholder's computer that provides an interface
with public data networks such as the World Wide Web.
(Thin-Client / Fat-Client)
Software resident on a hardware device
that retrieves information from a server. Maithean's NetPay Client/Server
solution both "thin" and "fat" client computing models. Under the NetPay
Thin Client model, clients display the user interface of an application
and provide only the minimum application logic required to maintain
transaction security and integrity.
Group of independent systems working
together as a single system. Clustering technology allows groups of
servers to access a single disk array containing applications and data.
A transaction sent after the merchant has shipped the goods. This
transaction will trigger the movement of funds from the Issuer to the
Acquirer and then to the merchant's account.
A person or company that holds a valid payment card account and uses
software supporting online commerce.
Contract with a customer which sets forth the customer's responsibilities
and governs which security process will be used in the conduct of business
between the institution (Bank of America) and customer.
Card Not Present
A situation where the cardholder (and the card) is not physically present
at the time of purchase. Typical CNP transactions take place in businesses
focussed on Mail Order/Telephone Order, Business to Business, and
A situation where the cardholder (and the card) is physically present at
the time of purchase. Card present transactions account for the majority
of credit card transactions in the world and are accounted for by
traditional retailers (e.g. Gas station or restaurant) and all other
situations where the cardholder is present at the time of purchase.
A digital certificate is a special kind of digitally signed message that
contains information about a public key and the owner of a public key. A
real world equivalent would be a driver's license or similar
identification card that requires multiple forms of identification to be
presented before it is obtained.
An entity trusted by one or more users to create and assign certificates.
In the example of the driver's license, a state government validates that
the owner of a particular license is who they say they are and they are
represented by a picture on the license.
A base certificate plus a sequence of all digital certificates up to but
not including the Root Certificate.
Process by which a new certificate is created for an existing public key.
The process of ascertaining that a set of requirements or criteria has
been fulfilled and attesting to the fact to others usually with some
written instrument. Software that has been inspected and evaluated as
fully compliant with the SET protocol by duly authorized parties and
process are said to be certified compliant. With respect to security,
sometimes refers to the technical evaluation of a piece of software's
Corporate Purchase Card
Identical physically to a personal credit card, a purchase card has the
ability to (1) regulate card usage and (2) transfer enhanced information
back to the cardholder statement for reconciliation purposes (see Level
2 data and Customer Code).
A value which is used to control a cryptographic process, such as,
encryption or authentication. Knowledge of an appropriate key allows
correct decryption or validation of a message.
Mathematical process used for encryption or authentication of information.
SET™ transforms data in order to hide its content, prevent its undetected
modification, and prevent its unauthorized use.
One of two additional fields captured with Level 2 data. Assigned
by the cardholder, and normally used for tracking the purchase (e.g.
Purchase Order number, Job Number, Department Code, employee number). This
data is captured at the point of sale by the seller, and is transmitted
through to the processor in order to be displayed on the cardholder’s
A digital envelope is a generic cryptographic technique used to encrypt
data and to send the encryption key along with the data. Generally, a
symmetric algorithm is used to encrypt the data, and an asymmetric
algorithm is used to encrypt the encryption key.
Information encrypted with an entity's private key, which is appended to a
message to assure the recipient of the authenticity and integrity of the
message. The digital signature proves that the message was signed by the
entity owning, or with access to, the private key.
The percentage fee charged by the acquiring bank to advance and collect
credit card and purchase card transaction sales monies. Percentage varies
based on your average sale amount, annual credit/purchase card sales
volume and nature of business.
The exchange of goods and services for payment between a cardholder and
merchant when some or all of the transaction is performed via electronic
Software loaded onto a personal computer containing a customer's payment
card information, digital certificates and cryptographic keys.
Process of converting information so as to render it unintelligible to
anyone except holders of a specific cryptographic key. Use of encryption
protects information between the encryption process and the decryption
process (the inverse of encryption) against unauthorized disclosure.
An acronym for Enterprise Resource Planning systems that
permit organizations to manage resources across the enterprise and
completely integrate manufacturing systems.
A design method that ensures continued
systems operation in the event of individual failures by providing
redundant system elements.
An establishment responsible for facilitating customer-initiated
transactions or transmission of funds for the extension of credit or the
custody, loan, exchange, or issuance of money.
and Services Order
The price, currency, payment method, and other terms of the transaction
(also referred to as the Order Description in SET).
Hypertext Transport Protocol. This protocol provides for the delivery of
URLs from clients to servers and the delivery of text files (like HTML
and HDML) from servers to clients. HTTP is part of the TCP/IP protocol
The exchange of information, transaction data and money
among banks. Interchange systems are managed by Visa and MasterCard
associations and are very standardized so banks and merchants worldwide
can use them.
A fee paid by the acquiring bank/merchant bank to the
issuing bank. The fee compensates the issuer for the time after
with the acquiring bank/merchant bank and before it recoups the
settlement value from the cardholder.
The largest collection of networks in the world that are interconnected
in such a way as to allow them to function as a single virtual network.
The ability to exchange keys, both manually and in an automated
environment, with any other party implementing this standard, providing
that both implementations use compatible options of this standard and
compatible communications facilities.
A financial institution or its agent that issues the payment card to the
cardholder identified by the primary account number (PAN).
Level 2 (Data)
Additional information captured during a Purchase Card transaction,
consisting of a Customer Code and a separate Sales Tax field.
This data cannot be transferred using a standard (Level 1) Credit Card.
Corporate Purchase Cards make it possible for businesses to track
purchases and sales tax expenses using level 2 data.
Order/ Telephone Order
A type of payment card transaction where the order and payment
information is transmitted to the merchant either by mail or by
telephone in contrast to a "card present" or face-to-face transaction
customer is making a purchase at the merchant's store. This type of
transaction is also referred to as a "MOTO transaction".
A seller of goods, services, and/or other information who accepts
payment for these items electronically. The merchant may also provide
electronic selling services and/or electronic delivery of items for
sale. The Merchant must have a relationship with a Acquirer to accept a
bank issued credit cards.
Message Code Authentication
Code appended to a message by the sender, which is the result of
processing the message through a cryptographic process. If the receiver
can generate the same code, confidence is gained that the message was
not modified and that it originated with the holder of the appropriate
Message digests help verify that a message has not been altered because
altering the message would change the digest.
Collection of communication and information processing systems which may
be shared among several users.
The request made by the cardholder to the merchant to determine the
status of a purchase request.
A term used in SET to collectively refer to the credit cards, debit
cards and charge cards issued by a financial institution and reflects a
relationship between cardholder and financial institution.
A major factor in
determining the overall productivity of a system, performance is
primarily tied to availability, throughput and response time.
POS (Point of
The tool used to capture credit or purchase card information for payment
of goods/services, in either Card Not Present and/or Card
Present transactions. SoftTerminal (a POS Terminal) is capable of
Level 2 data capture, is mobile (use via web browser), and supports any
number of users on a single account (all can be entering sales
(transaction processing networks)
Provides credit card processing, billing, reporting, settlement and
operational services to acquiring and issuing banks.
Purchase Card –
see Corporate Purchase Card
This is a transaction that allows a merchant to submit a previously
authorized transaction to the Acquirer for payment.
Primary Account Number (PAN)
The assigned number that identifies the card issuer and card holder.
This account number is composed of an issuer identification number, an
individual account Number Identification, and an accompanying check
digit, as ISO 7812-1985: Identification Cards - Numbering system and
registration procedure for issuer identifiers.
Privacy is the protection of sensitive and personal information from
unintentional and intentional attacks and disclosure.
A cryptographic key used with a public key cryptographic algorithm,
uniquely associated with an entity, and not made public. This key is
used to create digital signatures, or to decrypt messages or files. It
is the key that you alone know, allowing you to decrypt messages sent to
you using your public key.
A cryptographic key used with a public key cryptographic algorithm,
uniquely associated with an entity, and which is available publicly. It
is used to verify signatures that were created with the matched private
key. Public keys are also used to encrypt messages or files that can
only be decrypted using the matched private key. You can freely
distribute your public key to other people, allowing them to communicate
with you securely.
Public key and identification data signed by a trusted third party to
provide authentication and integrity of the key.
A field of cryptography invented in 1976 by Whitfield Diffie and Martin
Hellman that depends on a matched pair of inverse keys. Information
encrypted with one key can only be decrypted with the other. This public
key provides a user with the facility to both encrypt and decrypt data
An independent, third-party organization that processes payment card
applications for multiple payment card brand associations and forwards
applications to the appropriate financial institutions.
A type of payment transaction initiated by the cardholder that permits
the merchant to process multiple authorizations. There are two kinds of
recurring payments: multiple payments for a fixed amount (for example,
four easy payments of $9.95) or repeated billings (for example, a
monthly bill from an Internet service provider).
The hookup of a
remote computing device via communications lines such as ordinary phone
lines or wide area networks to access network applications and
Certificate at the top of the certificate hierarchy.
SSL was developed by Netscape Communications to provide security and
privacy over the Internet. The protocol supports server and client
authentication and maintains the security and integrity of the
transmission channel by using encryption, authentication and message
A payment authorization transaction that allows a merchant to authorize
a transaction and request payment in a single message to the Acquirer.
The ability to
expand a computing solution to support large numbers of users without
Computer which acts as a provider of some service to other computers,
such as processing communications, interface with file storage, or
A group of
servers that are linked together as a ‘single system image’ to provide
centralized administration and horizontal scalability.
SET (Secure Electronic Transaction)
SET is a advanced
cryptographic based protocol designed to safeguard payments and protect
user privacy for purchases made over open public networks.
Encryption protects the transactions from being intercepted or altered.
In addition, digital certificates electronically identify each party
involved in a transaction, helping assure that the person at each end of
the Internet connection is who he or she claims to be and has the
authority to pay or receive payments. The SET specification was
originally developed by Visa International and MasterCard International
in February 1996 with participation from leading technology companies
around the world.
As the sales transaction value moves from the merchant to
the acquiring bank, to the issuer, each party buys and sells the sales
Settlement is what occurs when the acquiring bank and the issuer
exchange data or funds during that function.
An innovative, server-based approach to delivering business-critical
applications to end-user devices, whereby an application’s logic
executes on the server and only the user interface is transmitted across
a network to the client. Its benefits include single-point management,
universal application access, bandwidth-independent performance, and
improved security for business applications.
A sequence of one or more messages between two or more parties.
One example of a transaction is the process that takes place when a
cardholder makes a purchase with a credit card.
Live connection to the transaction processing networks, allowing
immediate funds authorization. Authorization is returned just seconds
(normally 2 to 5 seconds, depending on your web connection) after the
transaction is submitted. Immediate authorizations enable businesses to
identify bogus cards or cards without accessible funds immediately,
reducing fraudulent transactions for the seller and the acquirer.
Batch Transaction Processing
Card and sale data is stored for later submission and authorization
attempt. Especially for immediate shipment or delivery of
goods/services, off-line payment processing is risky. Card number and
expiration date errors, stolen cards, or any other "unapproved"
situation is much more likely.
Maithean, NetPay, Personal
Commerce Assistant, PCA, SecureTranz, Fusion/C++, and Fusion/J++ are
trademarks of Maithean.
All other company, product, and brand names are trademarks of their