3-D Secure™ (3DS) is a standard developed by Visa and MasterCard designed to combat online credit card fraud. Cardholders who have registered for Verify by Visa® or MasterCard SecureCode® use their password to validate their identity whenever they make a purchase.
American Express Advanced Verification. See AVS.
Account Updater is a service that allows merchants to keep customer’s Visa and MasterCard credit card information up to date. Customers who use either Recurring Billing or Payment Tokenization can avail the Account Updater service and have their credit card data updated automatically.
Automated Clearing House – an electronic network for financial transactions in the United States. ACH direct debit transfers include consumer payments on insurance premiums, mortgage loans, and other bills.
This is normally a bank (acquirer or Worldline itself) that acquires the payment transactions sent by the Merchant. Acquiring means accepting the Merchants payment request in order to make the transfer of the funds between the Merchant and the buyer.
A bank that receives the credit card transactions and then settles with the issuing banks. Bank that signs up or enables the merchant to process transactions.
Address Verification Service (AVS)¶
AVS is used to verify customer billing addresses submitted with e-commerce payment transactions. Though AVS does not verify the legitimacy of a transaction, Card Not Present merchants can use AVS to accept or decline transactions based on the validity of the billing address information provided by the customer.
American Express (AMEX)¶
AMEX is one of the main international credit card issuing schemes. It issues it’s own credit cards - unlike Visa and MasterCard and is responsible for it’s own relationships with retailers.
Application Programming Interface (API)¶
A communication protocol that facilitates the transfer of or access to information between separate software applications. Worldline supports SCMP, Simple Order API, and SOAP Toolkit API for connecting with the Internet Commerce Suite.
A hold placed on a customer's account when a purchase is made using a debit card or credit card.
The processing of a group of payment orders and/or securities transfer instructions as a set at different intervals of time.
An interface that allows the user to process transactions where all of the data is collected and held until the bill is processed as a batch at the end of the billing cycle.
Card Verification Code (CVC)¶
A unique value calculated from the data encoded on the magnetic stripe of a MasterCard card, validating card information during an authorization process.
Card Verification Value (CVV)¶
A unique value calculated from the data encoded on the magnetic stripe of a VISA card, validating card information during the authorization process.
The most common use of certificates is for HTTPS based web sites. A web browser validates that an SSL (Transport Layer Security) web server is authentic, so the user can feel secure that their interaction with the web site has no eavesdroppers and that the web site is who it claims to be. The certificate request is an electronic document that contains the web site name, contact email address, and company information.
When the cardholder or account holder disputes a transaction directly to their issuing bank and not to the merchant. The cardholder contacts the issuing bank and the money is returned to the cardholder. The chargeback is reported to the merchant via Worldline and the merchant may choose to take action to dispute the chargeback.
The timeframe during which a credit card issuer (a credit card transaction that the cardholder has reported as invalid) can dispute with the merchant. Chargeback periods vary by payment processor and by transaction type, but are typically up to 180 days or six months. If a chargeback is completed, the merchant loses the money from the sale and the charge is credited to the customer’s credit card account. The consumer can no longer initiate a chargeback, after the chargeback period has expired.
Digital / Electronic Signature¶
A technology that allows a person to electronically affix a signature or its equivalent to an electronic document, as when consenting to an online contract.
In this payment method, customer provides bank account information and authorize a merchant to pull funds from the account. Direct debits are used for in-country fund transfer only. Direct debits are similar to electronic checks used in the U.S.
Dot NET [. NET]¶
The Microsoft .NET Framework is a software framework that can be installed on computers running Microsoft Windows operating systems. It includes a large library of coded solutions to common programming problems and a virtual machine that manages the execution of programs written specifically for the framework. The .NET framework supports multiple programming languages in a manner that allows language interoperability, whereby each language can utilize code written in other languages; in particular, the .NET library is available to all the programming languages that .NET encompasses.
An electronic device, website, software system, or database that facilitates commercial transactions by storing a consumer's credit card, shipping address, and other payment data.
Electronic Funds Transfer (EFT)¶
EFT is an offline payment method where the customers makes the payment themselves, citing a reference given by Worldline.
Capability to switch over automatically to a redundant or standby computer server, system, or network upon the failure or abnormal termination of the previously active application. Failover happens without human intervention.
File Transfer Protocol (FTP) is a standard network protocol used to copy a file from one host to another over a TCP/IP-based network, such as the Internet. FTP is used with user-based password authentication or with anonymous user access.
HTTP (Hypertext Transfer Protocol)¶
HTTP is a client/server protocol for delivering hypertext material across an internet. HTTP is stateless, when a client makes multiple requests to a single HTTP server, each request is treated independently. HTTP servers do not remember the earlier requests. The stateless protocol allows HTTP servers to respond to requests quickly.
The IETF is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet.
International Organization For Standardization (ISO)¶
An association composed of representatives of several national standards bureaus that establishes and maintains international standards for units of measurements, technical terminology, currency codes, and so on.
Internet Bank Payment (IBP)¶
IBP is a payment method where the customers are redirected to their internet bank to approve the payment.
Any associated member of financial institution, bank, credit union, or company that issues, or causes to be issued, plastic cards to cardholders.
The bank that extends credit to customers through credit card accounts. The bank issues the credit card and receives the cardholder's payment at the end of the billing period.
Java is a programming language originally developed by Sun Microsystems and released in 1995 as a core component of the Java Platform.
Java Key Store is primarily associated with 'keytool' by Sun Microsystems, Inc. Keytool is a key and certificate management utility.
JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted. JWT is defined in RFC7519.
A unique series of digits used in combination with a cryptographic algorithm.
This MasterCard service verifies the cardholder's identity directly with the card issuer in real-time to increase payment security and reduce the risk of fraud.
To accept payments online, you need a merchant account. This is required for all businesses that want to process online card payments. If you do not have a merchant account you can use the services of a merchant account provider / acquiring service.
Merchant ID (MID)¶
mid is a unique number that identifies a merchant within Worldline systems. This ID must be provided when logging into the Business Center and when submitting transactions to Worldline.
Payment Card Industry Data Security Standard (PCI DSS)¶
The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The standard helps the payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard is applied to all the organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands.
A payment gateway facilitates the secure transfer of transactions from a merchant to a third-party payment processor, associated with the merchant's acquiring bank. The payment gateways often offer additional services like reporting, and perform checks on transactional data such as; message formatting, automatic tax calculation, and fraud detection.
Point Of Sale (POS) Terminal¶
Is an electronic device that is used for verifying and processing credit card transactions. The POS is connected with highly reliable telephone wired connections, they require rapid dial up time, low power and reliable performance.
Pretty Good Privacy (PGP)¶
Is a computer program that provides cryptographic privacy and authentication. PGP is often used for signing, encrypting, and decrypting emails to increase the security of email communication.
Privacy Enhanced Mail (PEM)¶
Is an Internet standard that provides for secure exchange of electronic mail. PEM employs a range of cryptographic techniques that provides confidentiality, sender authentication, and message integrity. The confidentiality feature allows a message to be kept secret from people to whom the message was not addressed. The sender authentication allows a user to verify that the PEM message that they have received is truly from the person who claims to have sent it. The message integrity aspects allow the user to ensure that a message hasn't been modified during transport from the sender.
A cryptographic key known only to the user, employed in public key cryptography in decrypting or signing information.
Name of algorithm in JWT. PS256 (RSA Signature with SHA-256) is an asymmetric algorithm, and it uses a public/private key pair: the identity provider has a private (secret) key used to generate the signature, and the consumer of the JWT gets a public key to validate the signature. For JWT, signing is done with PKCS#1 2.1, RSASSA-PSS using SHA-256 and MGF1 with SHA-256.
Reconciliation is the process of ensuring that two sets of records (usually the balances of two accounts) are in agreement. Reconciliation is used to ensure that the money leaving an account matches the actual money spent. This is done by making sure the balances match at the end of a particular accounting period.
Transactions for which a cardholder grants permission to the Merchant to periodically charge his account number for recurring goods or services.
Typically refers to a request for some service or processing provided by Worldline systems. For example, Authorization, Payer Authentication, Settlement and so on.
Information that is returned in response to submitting a request to the Worldline server.
RS256 (RSA Signature with SHA-256) is an asymmetric algorithm, and it uses a public/private key pair: the identity provider has a private (secret) key used to generate the signature, and the consumer of the JWT gets a public key to validate the signature. For JWT, signing is done with PKCS#1 1.5.
Is a public-key encryption. The RSA encryption algorithm uses prime factorization as the trap door for encryption. Deducing an RSA key, therefore, takes a huge amount of time and processing power. RSA is the standard encryption method for important data, especially data that's transmitted over the Internet.
The reporting of settlement amounts owed by one member to another, or to a card issuing concern, as a result of clearing. This is the actual buying and selling of transactions between the merchants, processors, and acquirers; along with the card issuing entities.
Simple Object Access Protocol (SOAP)¶
Is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks. It relies on Extensible Markup Language (XML) as its message format.
Single Euro Payments Area (SEPA)¶
A process initiated by European banks supported by the Eurosystem and the European Commission, in order to integrate retail payment systems, in view of transforming the euro area in a true domestic market for the payment industry.
Transport Layer Security (TLS)¶
TLS Is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. TLS is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information without compromising its security. Tokenization has become popular as a means of bolstering the security of credit card and eCommerce transactions while minimizing the cost and complexity of compliance with industry standards and government regulations.
Verified By Visa¶
Verified by Visa is a service offered by Visa that makes it even safer for you to shop online. You simply add a password to the Visa card you are currently using to ensure that only you can use your Visa card to make purchases online.
A web server is a computer programs that delivers (serves) content, such as this web page using the Hypertext Transfer Protocol, through the internet. The term web server may refer to hardware or software.
Web Services are usually APIs or Web APIs that are accessed through Hypertext Transfer Protocol and executed on a remote system hosting the requested services.
Web Services Description Language (WSDL)¶
The WSDL (Web Services Description Language) XML file that describes the format of messages you send and receive from a Web service. Your development environment's SOAP client uses the Worldline Web Service WSDL to communicate with Worldline using the SOAP API.
XID Interface - a Java mapping of the X/Open transaction identifier XID structure. This interface specifies three accessor methods to retrieve a global transaction format ID, global transaction ID, and branch qualifier.