Payment Glossary

The payment industry loves jargon. Here's what it all means.

All (77)Pricing (10)Infrastructure (12)Risk & Compliance (19)Technical (16)Business Models (10)Regulatory (10)

3

3D Secure (3DS)

Risk & Compliance

An authentication protocol that adds a verification step during online card payments. The cardholder authenticates via their bank (password, SMS code, biometrics). 3DS2 is the current version, offering frictionless authentication for low-risk transactions. Mandatory in Europe under SCA/PSD2 requirements. Shifts fraud liability from merchant to issuer for authenticated transactions. Can impact conversion rates but reduces fraud.

A

AML (Anti-Money Laundering)

Risk & Compliance

Regulations and procedures designed to prevent money laundering through the payment system. Acquirers and PSPs must implement AML programs including transaction monitoring, suspicious activity reporting, and sanctions compliance. High-risk verticals (crypto, forex, gambling) face enhanced AML scrutiny. Compliance is non-negotiable; violations result in severe penalties.

AVS (Address Verification Service)

Risk & Compliance

A fraud prevention tool that compares the billing address provided by the cardholder with the address on file at the issuing bank. Returns a match code indicating full match, partial match, or no match. Commonly used for CNP transactions. Not available in all countries. Should be one factor in fraud decisions, not the only one.

C

Chargeback

Risk & Compliance

A transaction reversal initiated by the cardholder's bank after a dispute. Chargebacks return funds to the cardholder and impose fees on the merchant (typically $25-100). Common reasons include fraud, non-delivery, product issues, and billing disputes. Excessive chargebacks trigger monitoring programs and can result in account termination. Prevention is always cheaper than fighting chargebacks.

Chargeback Ratio

Risk & Compliance

The percentage of transactions that result in chargebacks, calculated as chargebacks divided by transactions over a period. Card networks monitor this ratio closely. Visa's threshold for monitoring is 0.9%; Mastercard's is 1.0%. Exceeding thresholds triggers monitoring programs with fines and potential termination. High-risk MCCs often face stricter benchmarks. Ratio calculated monthly, with some lag for dispute timing.

CNP Fraud (Card Not Present)

Risk & Compliance

Fraudulent transactions where the physical card is not present, typically in e-commerce. Includes stolen card credentials, account takeover, and synthetic identities. CNP fraud rates are significantly higher than card-present fraud because the merchant cannot verify physical card possession. Prevention relies on AVS, CVV, 3DS, device fingerprinting, and fraud scoring.

CVV (Card Verification Value)

Risk & Compliance

The 3-4 digit security code printed on payment cards (back for Visa/MC, front for Amex). Used to verify the cardholder has physical possession of the card during CNP transactions. CVV cannot be stored post-authorization per PCI rules, requiring re-entry for subsequent transactions. Validation reduces fraud from stolen card numbers obtained through data breaches.

F

Friendly Fraud

Risk & Compliance

Chargebacks filed by legitimate customers who received goods or services but dispute the charge anyway. Also called first-party fraud or chargeback fraud. Common scenarios include buyer's remorse, family members making unauthorized purchases, or customers not recognizing billing descriptors. Represents 60-80% of chargebacks in some verticals. Prevention requires clear communication, recognizable descriptors, and good customer service.

Fraud Prevention

Risk & Compliance

Tools and strategies to detect and prevent fraudulent transactions before they complete. Includes AVS, CVV validation, 3DS, device fingerprinting, velocity checks, IP geolocation, and machine learning fraud scoring. Balance is critical - too aggressive blocks legitimate sales; too lenient increases fraud. Most PSPs offer built-in fraud tools; specialized providers (Signifyd, Riskified) offer guarantees.

H

High-Risk Merchant

Risk & Compliance

A classification by acquirers for merchants perceived as having elevated risk of chargebacks, fraud, or regulatory issues. Common high-risk verticals: gambling, forex, adult, nutraceuticals, crypto, travel, and subscription billing. Consequences include higher rates (1-3% premium), rolling reserves, volume limits, and limited acquirer options. Classification is risk assessment, not legitimacy judgment.

Holdback

Risk & Compliance

Funds retained by the acquirer from merchant settlements as security. Similar to rolling reserve but may have different release terms. Some holdbacks are permanent until account closure; others release after a fixed period. May be expressed as a percentage of volume or a fixed amount. Common for high-risk merchants and new accounts without processing history.

K

KYC (Know Your Customer)

Risk & Compliance

The process of verifying merchant identity and business legitimacy during onboarding. Required by anti-money laundering regulations. Includes identity verification, business registration checks, beneficial ownership disclosure, and sanctions screening. KYC intensity varies by merchant risk profile and jurisdiction. PayFacs and PSPs perform KYC on behalf of their acquirers.

M

MCC Code (Merchant Category Code)

Risk & Compliance

A four-digit code assigned by acquirers to classify merchants by business type. MCCs determine interchange rates, acquirer appetite, monitoring thresholds, and rewards eligibility. Some MCCs are restricted (gambling 7995, adult 5967) and require specialized acquirers. Misclassification can result in account termination. MCC assignment happens during underwriting based on business description.

P

PCI-DSS

Risk & Compliance

Payment Card Industry Data Security Standard - a set of security requirements for organizations that handle cardholder data. Compliance levels range from SAQ-A (simplest, for merchants using hosted payment pages) to Level 1 (most stringent, for large processors). Non-compliance results in fines and potential loss of card acceptance. Most merchants should minimize PCI scope by using tokenization and hosted payment forms.

R

Rolling Reserve

Risk & Compliance

A percentage of processing volume held by the acquirer as security against chargebacks and refunds. Typically 5-15% held for 6-12 months before release. The reserve 'rolls' as new funds are held and old funds release. Affects cash flow significantly for growing businesses. Reserve terms are negotiable and often reduce after establishing clean processing history. Alternative structures include capped reserves and upfront deposits.

Representment

Risk & Compliance

The process of disputing a chargeback by providing evidence that the transaction was legitimate. Merchants submit documentation (proof of delivery, customer communication, signed agreements) to their acquirer. Win rates vary by reason code and evidence quality - typically 20-40%. Time limits are strict (usually 7-45 days depending on network). Worth pursuing for high-value transactions with good evidence.

S

SCA (Strong Customer Authentication)

Risk & Compliance

A European regulatory requirement under PSD2 mandating two-factor authentication for electronic payments. Authentication must use two of: knowledge (PIN/password), possession (phone/card), or inherence (biometrics). Applies to EEA and UK transactions. Various exemptions exist: low-value transactions, trusted beneficiaries, transaction risk analysis, and recurring payments. 3DS2 is the primary implementation method.

U

Underwriting

Risk & Compliance

The risk assessment process acquirers use to evaluate merchant applications. Examines business model, financials, processing history, chargeback rates, industry risk, and compliance status. Determines whether to approve the merchant and on what terms (rates, reserves, limits). High-risk merchants face enhanced due diligence. Strong applications include clean history, audited financials, and compliance documentation.

V

VAMP (Visa Acquirer Monitoring Program)

Risk & Compliance

Visa's program for monitoring merchants with excessive chargebacks or fraud. Triggered when chargeback ratio exceeds 0.9% or fraud ratio exceeds thresholds. Merchants in VAMP face monthly fees ($25K+), remediation requirements, and potential termination. Program has multiple tiers with escalating consequences. Similar to Mastercard's Excessive Chargeback Program (ECP). Getting into these programs is expensive; staying in is worse.

Still have questions?

The glossary covers the basics. For specific questions about your business, let's talk.

Talk to Us