Your Cheat Sheet

Glossary

Confused by payment jargon? Our glossary breaks
down the terms you need to know, helping you
master the language of payments.

  1. Payments 101
  2. Glossary

Search Results:

No Search Results

#
3D Secure (3D-S)
3D Secure payment is a security protocol used to authenticate cardholders during online purchases (often via a pop-up or inline window prompting for an additional password or code). It provides merchants with fraud protection similar to how Chip & PIN reduces liability at the physical point of sale. Examples include Mastercard SecureCode and Verified by Visa. Superseded from 2021 by 3D Secure 2 (3DS2), which employs a more sophisticated, risk-based approach to verification.
Automated Clearing House (ACH)
An account-to-account payment system that clears payments through the Federal Reserve, commonly used for eChecks.
Application Programming Interface (API)
A set of programming instructions and standards that enable software to communicate and integrate with other applications.
Acquirer
Financial institution or other entity that enrolls a merchant for the purpose of presenting transactions to the payment networks and funding merchants for transactions presented to the acquirer. If the acquirer is not a bank, the acquirer must partner with a bank to access the payment networks.
Alternative Payment Methods (APMs)
Non-card payment options, such as digital wallets (e.g., PayPal, Venmo), bank transfers, or Buy Now, Pay Later (BNPL) solutions.
Authorization Code
A unique code provided by an issuer to indicate approval for a transaction.
Attended Payment
Transactions where a sales associate or cashier assists with the payment process.
Acquirer Device Validation Toolkit (ADVT)
Visa’s set of tests used during certification (acquirer testing) of terminals. See also M-TIP (Mastercard).
Address Verification System (AVS)
An additional security feature in e-commerce transactions where parts of the customer’s billing address are checked against the address on file with the card issuer.
Allow-listing
The ability for a solution or terminal to pass through unencrypted data from certain non-EMV cards (e.g., loyalty or closed user group cards) by specified BIN ranges, so these cards can be handled without a dedicated reader.
American Express (Amex)
A major payment card network (card scheme) that issues and processes its own branded cards.
American Express ICC Payment Specification (AEIPS)
Amex’s specification for EMV cards.
A set of procedures, laws, or regulations designed to prevent criminals from disguising illegally obtained funds as legitimate income.
Application Programming Interface (API)
A formalized set of software calls and routines providing programmatic access to a proprietary software application or service.
Automatic Number Plate Recognition (ANPR)
A technology used for reading vehicle license plate numbers in parking, tolling, or security applications. Often called License Plate Recognition (LPR) in the U.S.
Authorization (Auth)
An online payment request made to the cardholder’s bank (issuer) to check availability of funds or credit for a transaction.
B
Bank Identification Number (BIN)
The first six digits of a payment card, used to identify the issuing bank. BINs can help detect fraud by comparing the issuing region to the cardholder’s billing address.
Batch Processing
The aggregation of multiple payment transactions to process them together at a scheduled time.
Biometric Payments
Transactions authorized using unique biological features such as fingerprints or facial recognition.
Buy Now, Pay Later (BNPL)
A payment method allowing consumers to split purchases into interest-free installments without prior credit approval.
Bill of Materials (BOM)
A manufacturing term for a list of parts or components.
Registering a merchant account and terminals on the NMI platform (sometimes called boarding).
Business as usual (BAU)
A term for a standard or non-customized customer scenario, such as a straightforward merchant setup in boarding.
C
Card-Not-Present (CNP)
Transactions where the payment card is not physically present, such as online or phone payments.
Card-Present
Transactions involving a physical payment card, typically occurring at a merchant’s location.
A stored card used for recurring or future transactions.
Card Security Code (CVC, CVV, CID)
A three- or four-digit number on a payment card used to enhance security.
Chargeback
A procedure where a cardholder or issuer disputes a card transaction. The disputed amount is returned (charged back) to the acquirer, which then debits the merchant’s account.
Chargeback Ratio
The percentage of chargebacks relative to the number of transactions processed by a merchant.
Clearing and Settlement
The process of transmitting payment data between banks to transfer funds from the cardholder to the merchant.
Contactless Payment
Transactions made by tapping or waving a card or device near a reader, enabled by NFC technology.
Customer Relationship Management (CRM)
Cross-Border Payments
Transactions where the payer and payee are in different countries, often involving currency conversion.
Capital Expenditure (Cap Ex)
Setup or installation costs (initial, up-front expenses).
Card Activated Terminal (CAT)
Refers to both “Card Activated Terminal (Card Present)” and “Cardholder Activated Transaction,” often seen in unattended/self-service contexts like kiosks or vending machines.
Card Ease Mobile (CEM)
NMI’s mobile card-acceptance application, now known as ChipDNA iOS/Android.
Card Not Present (CNP)
A transaction where the card is not physically presented, such as online or by phone.
Card Scheme
A payment network directly connected to a payment card brand (e.g., Visa, Mastercard, Amex).
Cardholder Data Environment (CDE)
The environment (systems, devices, and networks) in which cardholder data is captured, processed, transmitted, or stored.
Cardholder Verification Method (CVM)
Methods for verifying the cardholder, such as PIN, signature, or biometric authentication.
Card Security Code (CSC)
Also known as CVV or CVV2. Typically the 3-digit code on the back of most cards or the 4-digit code on the front of Amex cards.
Card Verification Value (CVV)
Another term for the card security code (CSC).
CardEaseXML (CeXML)
NMI’s payment protocol for authorization messages between a card terminal and NMI’s platform. Now part of ChipDNA and ChipDNA Direct.
Chip & PIN (C&P)
A point-of-sale method where the card’s EMV chip is used and a PIN is entered for authentication.
ChipDNA
An NMI SDK that enables integrators to connect card acceptance terminals to the NMI gateway. Available for Windows, Linux, and mobile (iOS/Android).
Credit Card Guarantee (CCG)
A program or policy in which certain transactions may be guaranteed by a card issuer or third party under specified conditions.
Cross-border
Refers to international e-commerce where consumers purchase online from merchants in other countries.
D
Deferred Authorization
Processing transactions offline at the merchant's risk when internet connectivity is unavailable.
Digital Wallet
Applications that store digital copies of payment and loyalty cards, enabling payments online or in person via smart devices.
Dispute
A formal disagreement initiated by a cardholder over a charge, often leading to a chargeback.
Direct Carrier Billing (DCB)
A payment method that charges purchases to a mobile phone account (e.g., selecting carrier billing at checkout).
Dynamic Currency Conversion (DCC)
Allows a foreign-issued cardholder to choose paying in either local currency or their home currency, typically involving a markup on the exchange rate.
Deferred Auth
A method of handling authorization when communications are unavailable (e.g., in-flight sales). The card is authorized offline at the merchant’s risk, then fully authorized online once communication resumes.
Dynamic Link Library (DLL)
A Windows component or library. ChipDNA is delivered as a DLL on Windows platforms.
Domain Name System (DNS)
Translates domain names (e.g., Example Domain ) into IP addresses
Device Primary Account Number (D-PAN)
A tokenized substitute PAN generated by the issuer for mobile wallets (e.g., Apple Pay), replacing the true funding PAN.
Digital Signature Algorithm (DSA)
A standard algorithm used for generating digital signatures.
Derived Unique Key Per Transaction (DUKPT)
An encryption method where the key used to encrypt data is derived uniquely for each transaction.
E
eCommerce
The buying and selling of goods and services online.
Europay, Mastercard, and Visa (EMV)
A global standard for secure card transactions using chip-enabled cards.
Embedded Payments
The integration of payment processing capabilities directly into software or platforms for a seamless user experience.
Electronic Benefit Transfer (EBT)
A U.S. system that delivers state welfare benefits via a debit-like card, typically restricted to approved items like groceries.
European Central Bank (ECB)
The central bank for the euro, tasked with maintaining price stability in the euro area.
European Payments Council (EPC)
Represents payment service providers in Europe and supports the Single Euro Payments Area (SEPA) and broader EU payment integration.
Europay, Mastercard, Visa (EMV)
A global standard for chip-based payment cards and acceptance devices, created by Europay, Mastercard, and Visa.
End of Life (EOL)
The final phase of a product’s lifecycle, after which it is no longer sold or maintained.
End of Service (EOS)
Electronic Point of Sale (EPoS)
A point-of-sale system that handles electronic payments, often shortened to POS.
F
Funding Primary Account Number (F-PAN)
G
General Data Protection Regulation and California Consumer Privacy Act (GDPR and CCPA)
Regulations that ensure the protection of consumer data under these frameworks.
Gateway
A service that takes authorization requests from a merchant device or site and routes them to an acquirer or processor.
Graphical User Interface (GUI)
A visual interface allowing users to interact with software via icons, windows, and menus.
H
Hosted Payment Page
A secure, third-party webpage where customers enter their payment details during online checkout.
Host Card Emulation (HCE)
Enables a smartphone to emulate a contactless payment card (e.g., some Android Pay solutions).
Keyed-Hash Message Authentication Code (HMAC)
A cryptographic function used in certain parking and transit contexts to generate secure tokens from card data.
Hardware Security Module (HSM)
A specialized device that securely generates, stores, and manages cryptographic keys and operations.
I
In-app Payments (IAP)
Transactions made within a mobile application to purchase digital or physical goods or services.
Independent Sales Organization (ISO)
A company that sells merchant accounts and payment services on behalf of acquirers or banks.
A software or SaaS provider that may integrate payment functionality, such as NMI solutions, into its products.
Interchange Fee
A fee paid between banks for the acceptance of card-based transactions, typically by the merchant's bank to the card-issuing bank.
Issuer
A financial institution that issues payment cards (credit, debit, prepaid, etc.) to consumers.
Integrated Circuit Card (ICC)
A chip-based card, such as an EMV payment card or transit smartcard.
IRIS CRM
A SaaS solution for payment processing ISOs and financial services, acquired by NMI in 2021. Now called Merchant Relationship Management (MRM).
Integrated Smartcard Transport Organization (ITSO)
A nonprofit responsible for technical standards for certain regional transportation smartcards.
Interactive Voice Response (IVR)
Automated phone systems where users press keypad numbers to navigate prompts or make payments.
J
K
Know Your Customer (KYC)
The set of due-diligence procedures used by financial institutions to verify a customer’s identity, helping to prevent fraud or money laundering.
Key Injection Facility (KIF)
A secure environment where cryptographic keys are injected into payment devices (PIN pads, card readers).
L
EMV Level 1 (L1)
EMVCo standards applying to the physical hardware and electrical interfaces of a card reader.
EMV Level 2 (L2)
EMVCo standards for the secure software kernel managing interactions among the card, reader, and PIN pad.
L3
A (somewhat informal) term for the acquirer or processor certification of an EMV terminal.
Level 2 and 3 processing
U.S.-specific terms for corporate/purchasing cards in B2B scenarios. Providing extra transaction data can lower interchange rates.
License Plate Recognition (LPR)
U.S. term equivalent to ANPR (Automatic Number Plate Recognition).
M
Merchant
A business or individual that accepts payments for goods or services.
Merchant Category Code (MCC)
Codes used to describe a merchant’s industry, impacting processing fees and transaction categorization.
Merchant Relationship Management (MRM)
NMI’s MRM platform helps ISOs, PayFacs, and other merchant service providers manage the entire merchant lifecycle, from lead management and underwriting to onboarding, risk, and residuals.
Micropayments
Small-value transactions, often used for digital goods or services like online articles or app downloads.
Mobile Payments
Transactions completed using a smartphone or tablet, often through digital wallets or contactless technology.
Mail Order / Telephone Order (MOTO)
Refers to transactions where card details are taken by mail or phone, rather than face-to-face or online.
Mag-stripe Read (MSR)
Reading data encoded on a payment card’s magnetic stripe, typically track 2.
Mastercard – Terminal Integration Process (M-TIP)
Mastercard’s certification tests for terminals (acquirer testing). Compare with ADVT (Visa).
Merchant ID (MID)
An identifier for a merchant account used to accept card payments.
Merchant Services Charge (MSC)
The percentage-based fee (or other structure) charged by an acquirer for processing card transactions.
Mobile Network Operator (MNO)
A carrier or phone company providing mobile voice and data services (e.g., Verizon, AT&T).
Mobile Point of Sale (mPOS)
Smartphones, tablets, or dedicated wireless devices used to accept card payments, often with a separate reader.
MonitorX
An ongoing risk monitoring solution within MRM to detect fraudulent or suspicious merchant activity after onboarding.
N
Near Field Communication (NFC)
A short-range wireless technology (ISO/IEC 18092) enabling contactless communication between devices/cards within a few centimeters.
Network Service Provider (NSP)
An entity that provides network or telecom services.
Network Tokens
Secure digital replacements for credit card numbers issued by payment networks (Visa, Mastercard, Amex) to enhance security, reduce fraud, and improve transaction success rates. They replace sensitive card details with unique tokens that update automatically when a card is reissued, preventing failed payments due to expired or replaced cards.
O
Omnichannel Payments
A seamless payment experience across multiple channels, including online, in-store, and mobile.
Onboarding
Registering a merchant account and terminals on the NMI platform (sometimes called boarding).
Over-the-Air Updates (OTA)
Remote updates for payment terminals or mobile payment apps, improving functionality or security without physical intervention.
Original Credit Transfer (OCT)
A method from Visa or Mastercard for sending funds directly to a card (common in gaming payouts or refunds).
Original Equipment Manufacturer (OEM)
In payments, an entity integrating or branding hardware devices.
Omni-channel
A seamless consumer experience across multiple sales channels, including in-store, online, mobile, and self-service.
Omniplatform
Refers to NMI’s front-end platform and heritage NMI processors, including the Admin, Partner, and Merchant portals, plus APIs.
Operational Expenditure (Op Ex)
Ongoing operational costs, in contrast to one-time capital expenses.
Offline PIN
When the cardholder’s PIN is verified locally by the terminal, rather than sent online to the issuer.
Online PIN
When the cardholder’s PIN is encrypted and verified remotely by the issuer’s host.
The “One” Platform
Describes how the Omniplatform (front end, portals, APIs) and CardEase platform (ChipDNA, etc.) are integrated under a single system for NMI partners.
P
Payouts
The process of transferring funds from a platform or business to its vendors, sellers, or service providers.
Payment Aggregator
A service provider that allows merchants to accept payments without needing to set up their own merchant account.
Payment Facilitator (PayFac)
An entity registered with an acquirer to underwrite sub-merchants without each needing direct underwriting, assuming partial risk.
Payment Gateway
A tool that securely transmits payment data for transaction approvals, essential for online and in-person payments.
Payment Processor
A service that facilitates electronic transactions by verifying payment details, authorizing transactions, and transferring funds securely between customers and businesses.
Payment Service Provider (PSP)
A company like NMI offering merchants payment acceptance (online or in-person) and processing services.
Payment Terminal
A device that reads payment cards and transmits transaction data for approval, either integrated with POS systems or standalone.
Payment Card Industry Data Security Standard (PCI DSS)
A set of requirements for safeguarding cardholder data.
Point of Sale (POS)
The location where a transaction takes place, typically involving a payment terminal.
Pre-Authorization (Pre-Auth)
A form of account verification that checks if a card is valid without committing the transaction.
Payment Account Reference (PAR)
A non-sensitive, 29-character token generated by the issuer to link all cards/tokens for a single account (stays the same if a card is reissued).
Point to Point Encryption (P2PE)
Encrypts card data immediately at the point of interaction and decrypts it only in a secure gateway environment.
Payment Application Data Security Standard (PA-DSS)
A now-retired standard for payment software vendors to prevent improper storage of sensitive data.
Payment Card Industry (PCI)
A collective term for card-brand consortia (Visa, Mastercard, etc.) and their associated security requirements.
PCI P2PE
A point-to-point encryption solution validated by a QSA under PCI SSC rules, simplifying a merchant’s PCI scope if implemented properly.
PCI PIN Transaction Security (PCI PTS)
A security standard setting requirements for PIN entry devices.
Payment Card Industry Security Standards Council (PCI SSC)
An organization formed by the major card schemes to govern PCI standards (PCI DSS, PTS, P2PE).
PIN Entry Device (PED)
A secure keypad or PIN pad for the cardholder to enter their PIN.
P2PE Implementation Manual (PIM)
A document detailing the scope and requirements of a PCI P2PE solution.
Purchase Order (PO)
A commercial document issued by a buyer to a seller specifying products, quantities, and agreed prices.
Proof of Concept (POC)
A demonstration to show a concept or theory’s viability in real-world conditions.
Pay on Foot (PoF)
A parking system where payment is made right before returning to the vehicle, often at a pay station.
Pay & Display (P&D)
A parking system where users buy a ticket from a machine for a set time and display it in their vehicle.
Point of Sale (PoS)
The location or system where a retail transaction is completed (also called EPoS or EFTPOS).
Processor
A U.S. term often used interchangeably with acquirer, though they can be distinct in some contexts.
Payment Scheme Specification (PSS)
A formal set of rules and technical standards from a card network (Visa, Mastercard, etc.).
PIN Transaction Security (PTS)
Security requirements that PIN pads and related payment hardware must meet (also called PCI PTS).
Payment Services Directive (PSD)
EU legislation governing payment services across member states; updated to PSD2 for broader integration and competition.
Q
Quick Response code (QR)
A two-dimensional barcode readable by smartphones, commonly linking to online information or payment options.
Qualified Security Assessor (QSA)
A consultant accredited by the PCI SSC to assess compliance with PCI DSS.
Quick Chip
A U.S. feature that speeds up EMV checkout by letting the card be inserted and removed quickly while the transaction completes in the background.
QuickClick
One of NMI’s e-commerce cart solutions, allowing integration into existing merchant websites.
R
Real-Time Payments (RTP)
Instantaneous payment processing systems that allow for the immediate transfer of funds between accounts.
Recurring Payments
Automatic transactions scheduled on a periodic basis, such as subscription services or memberships.
Refund
The reversal of a transaction, returning funds to the customer.
Radio Frequency Identification (RFID)
A technology using electromagnetic fields to identify and track tags/cards, as in contactless payment cards.
Request For Proposal/Quotation (RFP/RFQ)
Formal procurement processes in which an organization solicits proposals or quotes from vendors.
Remote Key Injection (RKI)
A secure means of injecting or updating cryptographic keys in payment terminals without sending them to a secure facility.
S
Software as a Service (SaaS)
A software licensing model in which applications are centrally hosted and accessed on a subscription basis.
Settlement
The process of finalizing a transaction by moving funds from the cardholder’s issuing bank to the merchant’s acquiring bank, typically in batches.
Service Level Agreements (SLAs)
Formal agreements that define the level of service expected between providers and clients.
Soft Decline
A transaction decline caused by temporary issues, such as insufficient funds or incorrect card details.
Strong Customer Authentication (SCA)
Requires at least two factors of authentication (something you know, have, or are) for certain electronic payments.
Subscription Billing
A recurring billing model that charges customers on a periodic basis, often for access to software or services.
ScanX
NMI’s advanced underwriting tool that automates data checks to accelerate merchant approvals and reduce risk, part of the MRM suite.
Software Development Kit (SDK)
A collection of tools, libraries, and documentation enabling developers to integrate specific functionalities (like payments).
Simple Object Access Protocol (SOAP)
A messaging protocol for exchanging structured information among web services over a network.
Secure Reading and Encryption of Data (SRED)
A requirement ensuring card data is encrypted immediately upon reading, preventing it from being exposed in the clear.
Secure Socket Layer (SSL)
An older cryptographic protocol used to secure communications; now replaced by TLS under PCI DSS requirements.
T
Tap to Mobile
Tokenization
Replacing sensitive data (such as a PAN) with a non-reversible token. Merchants can safely store the token for repeat billing without handling raw card data.
Two-Factor Authentication (2FA)
A security process requiring two forms of verification to authenticate a transaction.
Terminal ID (TID)
A unique identifier for a card terminal within the NMI system.
Transport Layer Security (TLS)
A cryptographic protocol succeeding SSL, used to secure network communications. Acceptable versions under PCI DSS are TLS 1.1 and higher.
A system allowing remote updates (firmware, encryption keys, configuration) of a payment terminal.
Train Operating Company (TOC)
In certain regions, entities operating passenger rail services.
Total Quality Management (TQM)
A manufacturing/production practice ensuring no unauthorized modifications compromise device security.
Transaction (Trx)
A purchase or payment event.
U
Underwriting
The process of assessing and approving a merchant for payment processing services.
Self-service transactions where the consumer completes the purchase independently at kiosks or self-checkouts.
Unattended Acceptance Terminals (UAT)
Terminals not staffed by an attendant (e.g., parking meters, vending machines, ticket kiosks).
USA ePay (UeP)
Now called ScanX, this is an e-commerce and card-present payment gateway originally based in Glendale, California. Acquired by NMI in 2021, it has evolved with expanded underwriting automation and risk monitoring capabilities through the Merchant Relationship Management platform.
Unattended Payment Terminal (UPT)
Another term for an unattended terminal, such as parking, vending, or ticketing machines.
V
White Labeling
Customizing a product or service with a company’s branding while using another provider’s underlying technology.
Web Management Information System (WebMIS)
An NMI portal for transaction reporting and management.
White label
A product or service produced by one company but rebranded by another, giving the impression that the reseller created it.
X
Z
Zero-Dollar Authorization
A transaction used to verify card validity without placing a hold on funds.
Ready to get started?

Talk to
Our Team

It’s time to unlock your full growth potential, innovate fearlessly and thrive as an organization with the embedded payments solutions we deliver.

Invalid number

By submitting your information, you agree to NMI's Privacy Policy & Terms and Conditions