Authorization Only (Auth Only)

The process of reserving an amount against a payment card's available credit limit for intended purchases. Authorization Only is used in the restaurant industry to receive approval for an estimated tab prior to the finalization of the charge amount.


A type of card transaction in which the card is not present at the point of sale. Online sales are an example of card-not-present.

Card Present

A type of transaction in which the card is presented by the customer for payment, and the card’s chip or magnetic-stripe data is read by an electronic device.


A disputed card transaction that is “charged back” to the merchant. Customers have the right to dispute charges on their monthly statement. Issuing banks charge merchants a penalty for the dispute and allow the merchant to appeal. If the merchant loses or decides not to appeal, the issuing bank will charge back the full amount to the merchant.

Chargeback Reason Code

A numerical code that identifies the specific reason for a chargeback. All card brands have their own unique set of chargeback codes.


The process of scrambling data so that only the intended user can read it. Data is encrypted using a key that makes the information unreadable. It is later decrypted, making the information readable again.


Card Validation Code – a MasterCard term for the three-digit code printed next to the card number in the signature panel and used as part of the authorization process.


Card Verification Value – a Visa term for the three-digit code printed next to the card number in the signature panel and used as part of the authorization process.

Digital Wallet

Applications that store a virtual copy of the card in your wallet for use in payment transactions. PayPal and Apple Pay are examples of digital wallets.

EMV cards

Credit and debit cards with an embedded microcomputer chip. EMV stands for Europay, MasterCard and Visa, the three companies that initially worked on the technology for these safer, more secure cards. EMV cards generate a unique code for each transaction that cannot be counterfeited. Nearly all cards in circulation today have the EMV chip, plus a magnetic stripe for those instances where the merchant’s equipment is not EMV-enabled.


Independent Sales Organization – an individual or company that sells merchant services on behalf of card acquirers and processors. In addition to bankcard services, ISOs may sell payment equipment, check-processing services, gift and loyalty cards, and software.

Interchange Fee

The fee charged by issuing banks to cover the cost and risk of handling card payments. Interchange fees are set by the card networks and are assessed in two parts: a percentage to the issuing bank and a fixed transaction fee to the card network. Interchange rates vary based on a number of “interchange qualification” factors such as card present vs. not present, processing method used, card type and merchant’s business type.

Issuing Bank

A financial institution that issues credit and debit cards to consumers as part of a card network. The issuing bank authorizes payment, prepares monthly statements and acts as a representative for the customer in the case of a disputed charge.

Merchant or Acquiring Bank

Also known as the acquirer, the financial institution that receives payment on behalf of the merchant during the settlement process.

Merchant Agreement

The written contract between a merchant and an acquiring bank detailing rights, responsibilities and warranties.


Near Field Communication – a short-range wireless technology that is often used in mobile and electronic payment transactions.

Payment Gateway

An e-commerce application service provider that authorizes payments for e-businesses, online retailers, or traditional brick and mortar businesses. It is equivalent to a physical point of sale terminal.


Payment Card Industry Data Security Standard – security standards designed to protect payment account data. PCI DSS applies to any organization, regardless of size, that accepts, transmits or stores cardholder data. PCI DSS governs security management, policies and procedures, network architecture, software design and other areas critical to the protection of cardholder data. Failure to comply with these standards may result in fines or a prohibition on processing credit cards. PA-DSS (Payment Application Data Security Standard) refers to the requirements vendors must meet to ensure the payment software used by merchants is PCI-compliant. PCI-PTS (Payment Card Industry PIN Transaction Security) refers to PCI-compliant point of sale devices merchants use to capture card data.


A company that facilitates electronic payments on behalf of a merchant. The processor may provide the physical devices (terminals or card readers) that encrypt card data for transmission to the card networks and issuing bank for authorization. Processors also send transaction data to the merchant bank for settlement.


The process in which a merchant transmits batches of transactions to its merchant bank (acquirer) for payment. The merchant bank accepts the settlements and moves the money from the issuing bank to the merchant bank via the merchant’s processor.


The process of replacing sensitive data, such as account numbers, with non-sensitive values or "tokens" that have no extrinsic or exploitable value. Tokens minimize an operator’s exposure to theft of sensitive card data and can be safely used to track transactions.

This post is sponsored by Heartland, a Global Payments company that delivers fast, secure omnichannel payment processing and business solutions to more than 400,000 business locations nationwide. Product offerings include payments, payroll, point of sale, customer engagement and lending. Heartland is an endorsed partner of the Association.