Payments Glossary
Single-page vocab dump. Cmd-F the term you don't know.
Card economics
| Term | Meaning |
|---|---|
| Interchange | Fee the acquirer pays the issuer on each transaction. Set by the scheme; varies by card type, region, MCC. The biggest single cost component in card payments. |
| Interchange-plus | Pricing model where the merchant pays actual interchange + a transparent acquirer markup. Contrast with blended. |
| Blended | Pricing model where the merchant pays a single average rate (e.g. 2.9% + 30¢). Simpler, but opaque and usually more expensive than interchange-plus at scale. |
| Scheme fees | Fees the scheme (Visa, MC) charges acquirers and issuers; small but rising. Includes assessments, network access, brand usage, cross-border fees. |
| MDR | Merchant Discount Rate — the all-in % the merchant pays = interchange + scheme + acquirer markup. |
| AAR | Average Approval Rate — the fraction of attempted card transactions that get authorized. Big lever for crypto on-ramps (often 60–80%). |
| Decline | Issuer refuses authorization. Hard decline (don't retry: lost card, fraud) vs soft decline (retry: insufficient funds, network error). |
| Authorization vs capture | Auth reserves funds; capture moves them. Two-step common for delayed-fulfillment; one-step (auth+capture) common for digital goods and crypto. |
| MCC | Merchant Category Code — 4-digit ISO 18245 code identifying the merchant's business type. 6051 = Quasi-cash / Foreign Currency / Crypto. 6012 = Financial Institution / Cash Advance. Issuer rules key on MCC. |
| Cross-border fee | Premium when issuer and acquirer are in different countries; typically 1–2% additional. |
| Surcharging | Charging the customer for the cost of using a card. Legal in some markets, banned in others, capped where allowed. |
Card identifiers & tokens
| Term | Meaning |
|---|---|
| PAN | Primary Account Number — the 13–19 digit card number. |
| BIN | Bank Identification Number — first 6–8 digits of PAN. Identifies issuer and card type (debit/credit, region, prepaid). |
| CVV / CVC / CVV2 | 3-4 digit card-verification value. Card-not-present check. |
| Network token | Scheme-issued token replacing the PAN for stored credentials. Updated automatically when the underlying card is reissued. Lifts AAR. |
| PSP token / vault token | Acquirer- or PSP-managed alias for a PAN; used internally to avoid touching PCI scope. |
| Vault | Secure storage for PANs / tokens, typically PCI DSS Level 1 certified. |
| Account Updater (VAU / MABS) | Scheme service that pushes new PANs to merchants when a card is reissued. Visa Account Updater; Mastercard MABS. |
| DPAN | Device PAN — the token on the phone/wearable; what Apple/Google Pay actually transmits. |
Authentication & security
| Term | Meaning |
|---|---|
| 3DS2 | 3-D Secure 2.x — protocol for card-not-present authentication. Risk-based; "frictionless" if low-risk. Sends rich device/behavior data to issuer. |
| SCA | Strong Customer Authentication — PSD2 mandate requiring two-factor for most EU electronic payments. 3DS2 is the primary mechanism. |
| Exemption | Cases where SCA can be skipped: TRA (transaction risk analysis < €500), low-value (< €30), trusted beneficiary, MIT. |
| CIT / MIT | Customer-Initiated vs Merchant-Initiated Transaction. MIT = subscription renewals, top-ups; exempt from SCA when correctly flagged. |
| Liability shift | When 3DS2 auth succeeds, fraud chargeback liability shifts from merchant to issuer. Big deal. |
| PCI DSS | Payment Card Industry Data Security Standard. Tiered (Level 1–4) by volume. Required to store/process PANs. |
| PCI scope | The set of systems that touch cardholder data. Reducing scope (via tokenization, hosted iframes) drops audit cost massively. |
| VoP / Confirmation of Payee | Verification of Payee — recipient-name match check on a payment. UK CoP (since 2020); EU IPR mandates VoP for SCT Inst by Oct 2025. |
Bank-rail vocab
| Term | Meaning |
|---|---|
| RTGS | Real-Time Gross Settlement — each transaction settled individually and finally; for high-value (Fedwire, CHAPS, T2, India RTGS). |
| DNS | Deferred Net Settlement — transactions batched, netted, settled later (legacy ACH, SEPA SCT, BACS). |
| Push vs pull | Push: payer initiates (FPS, UPI, PIX). Pull: payee initiates with mandate (SEPA SDD, ACH debit, BACS DD, card). |
| ODFI / RDFI | Originating / Receiving Depository Financial Institution — ACH terminology for sending vs receiving bank. |
| IBAN / BIC | International Bank Account Number; Bank Identifier Code (SWIFT). Used in SEPA + SWIFT. |
| CLABE | Mexican standardized 18-digit interbank account number used for SPEI. |
| CBU / CVU | Argentine bank / virtual bank account identifier. |
| Sort code / routing number | UK / US bank identifier within the country. |
| VPA | Virtual Payment Address — UPI handle like user@bank. |
| PIX key | Brazilian PIX alias: CPF, CNPJ, email, phone, or random key. |
| PayID / Proxy | Generic term for "address book" identifier in instant rails (PayNow uses NRIC/UEN, DuitNow uses MyKad, etc.). |
| RfP / Request-to-Pay | Payee asks payer to push a payment; payer approves; rides instant rail. RTP RfP (US), SEPA SRTP (EU). |
| Same-Day ACH | Nacha rule allowing ACH transactions to settle the same business day (three windows). Capped at $1M per txn. |
| Direct Participant vs Indirect | Direct = the entity holds an account with the operator. Indirect = rides on a sponsor's account. |
Disputes & reversibility
| Term | Meaning |
|---|---|
| Chargeback | Card-scheme dispute mechanism. Cardholder claims to issuer; issuer claws funds back from acquirer. |
| Reason code | Scheme classification for chargebacks (e.g. fraud, not-as-described, recurring not-cancelled). Determines evidence required. |
| Representment | Acquirer/merchant pushes back on a chargeback with evidence; can re-win the funds. |
| Pre-arbitration / arbitration | Escalation steps after a representment is challenged. |
| Friendly fraud | Customer disputes a legitimate purchase. Crypto on-ramps see lots of this. |
| Recall (SEPA, FPS, SWIFT) | Originator's bank requests beneficiary's bank to return funds. Beneficiary must consent (post-finality). |
| Return (ACH) | RDFI returns a transaction (NSF, account closed, unauthorized). |
| Indemnity claim (BACS DD) | Direct Debit indemnity — customer can claim refund effectively indefinitely if mandate breached. |
| MED (BR) | Mecanismo Especial de Devolução — PIX's special return mechanism for fraud claims. Narrow window, BACEN-governed. |
| APP fraud reimbursement (UK) | Authorised Push Payment fraud — PSR rules (Oct 2024) require sending bank to reimburse the victim up to £85K. |
License acronyms
| Acronym | Meaning |
|---|---|
| MTL | Money Transmitter License — US state license. |
| MSB | Money Services Business — US federal FinCEN registration. |
| EMI | E-Money Institution — UK/EU license to issue e-money. |
| PI | Payment Institution — UK/EU license, no e-money. |
| AISP / PISP | Account Information / Payment Initiation Service Provider — PSD2 Open Banking roles. |
| VASP | Virtual Asset Service Provider — FATF term; jurisdictionally implemented. |
| CASP | Crypto Asset Service Provider — EU MiCA term; passportable across EU. |
| DPT | Digital Payment Token (Singapore MAS PS Act). |
| VATP | Virtual Asset Trading Platform (HK SFC). |
| DAX | Digital Asset Exchange (Malaysia SC). |
| PSAV | Proveedor de Servicios de Activos Virtuales (Argentina CNV). |
| IFPE / IFC | Mexican Ley Fintech: Electronic Payment Fund Institution / Crowdfunding Institution. |
| BitLicense | NYDFS license for virtual currency business in NY. |
Regulator acronyms (quick lookup)
| Acronym | Body | Country |
|---|---|---|
| RBI | Reserve Bank of India | India |
| NPCI | National Payments Corporation of India | India |
| FIU-IND | Financial Intelligence Unit India | India |
| BACEN | Banco Central do Brasil | Brazil |
| CVM | Comissão de Valores Mobiliários | Brazil |
| FCA | Financial Conduct Authority | UK |
| PSR | Payment Systems Regulator | UK |
| PRA | Prudential Regulation Authority | UK |
| EBA | European Banking Authority | EU |
| ECB | European Central Bank | EU |
| ESMA | European Securities and Markets Authority | EU |
| EPC | European Payments Council | EU |
| FinCEN | Financial Crimes Enforcement Network | US |
| OCC | Office of the Comptroller of the Currency | US |
| NYDFS | NY State Dept of Financial Services | US |
| Nacha | National Automated Clearing House Association | US |
| TCH | The Clearing House | US |
| MAS | Monetary Authority of Singapore | SG |
| HKMA / SFC | HK Monetary Authority / Securities and Futures Commission | HK |
| FSA / FSC / FSS | Financial Services Agency (JP) / Commission (KR) / Service (KR) | JP / KR |
| BSP | Bangko Sentral ng Pilipinas | PH |
| BI / OJK / Bappebti | Bank Indonesia / Financial Services Authority / Commodity Futures Trading Regulator | ID |
| BoT | Bank of Thailand | TH |
| BNM / SC | Bank Negara Malaysia / Securities Commission | MY |
| Banxico / CNBV | Banco de México / Comisión Nacional Bancaria y de Valores | MX |
| BCRA / CNV | Banco Central de la República Argentina / Comisión Nacional de Valores | AR |
| SFC / UIAF | Superintendencia Financiera / AML unit | CO |
| CMF | Comisión para el Mercado Financiero | CL |
| CBN / SEC NG | Central Bank of Nigeria / Securities & Exchange Commission | NG |
| CBK | Central Bank of Kenya | KE |
| SARB / FSCA | South African Reserve Bank / Financial Sector Conduct Authority | ZA |
| CBUAE / VARA / SCA | Central Bank UAE / Virtual Asset Regulatory Authority (Dubai) / Securities & Commodities Authority | UAE |
| SAMA | Saudi Central Bank | SA |
| CBE | Central Bank of Egypt | EG |
| BDDK / TCMB / MASAK | Banking / Central Bank / AML | TR |
Mandates & recurring
| Term | Meaning |
|---|---|
| Mandate | Authorization a payer gives a payee to pull funds from their account. SEPA SDD, BACS DD, ACH PPD/WEB, UPI AutoPay, Pix Automático. |
| e-mandate (IN) | NPCI-standardized digital recurring authorization for UPI AutoPay and NACH. |
| VRP (Variable Recurring Payment) | UK Open Banking pattern allowing repeated payments up to a customer-set limit without per-payment auth. |
| CORE vs B2B (SDD) | SEPA Direct Debit consumer (CORE; 8-week refund) vs business (B2B; no refund). |
| Standing order | Bank-side recurring fixed-amount push (FPS, SEPA SCT). Customer-controlled. |
| Subscription with network token | Card-rail recurring via stored credential + MIT flag. |
MoR / PayFac / acquiring
| Term | Meaning |
|---|---|
| Acquirer | Bank or licensed entity holding scheme membership to accept card payments on behalf of merchants. |
| PayFac (Payment Facilitator) | Aggregator that operates under a sponsor acquirer and onboards sub-merchants. Stripe, Square, Adyen-for-Platforms. |
| Sub-merchant | End merchant operating under a PayFac's master account. |
| MoR (Merchant of Record) | The legal entity that is the seller from the customer's perspective. Bears tax, compliance, and chargeback liability. Paddle, FastSpring, Lemon Squeezy, MoonPay (for crypto). |
| Marketplace | Two-sided merchant; scheme rules and PayFac rules treat this specially. |
| Card-present (CP) vs card-not-present (CNP) | Physical terminal vs online. Different interchange tiers + different fraud profiles. |
| 3-party vs 4-party scheme | 3-party (Amex, Discover historically): scheme = issuer + acquirer. 4-party (Visa, MC): separate issuer and acquirer. |
| PayFac as a service | Infrastructure to be a PayFac without owning the acquirer relationship (Stripe Connect Custom, Finix, Infinicept). |
Crypto-specific
| Term | Meaning |
|---|---|
| On-ramp / off-ramp | Converting fiat → crypto / crypto → fiat. |
| Travel Rule | FATF Recommendation 16: VASPs must share originator + beneficiary info on crypto transfers above threshold. |
| IVMS-101 | The standardized data model for Travel Rule messages. |
| TRP / TRISA / Sygna | Competing Travel Rule transport protocols; interoperable via gateway vendors. |
| Stablecoin | Token pegged to fiat (USDC, USDT, USDP, EURC, PYUSD). |
| Mint / burn | Issuer creates new tokens against fiat reserves (mint) or redeems and destroys (burn). |
| Custody (custodial vs non-custodial) | Custodial = exchange holds keys. Non-custodial = user holds keys. |
| Qualified custodian | SEC term — entity meeting Custody Rule. Anchorage Digital, Coinbase Custody Trust, BitGo Trust, Fidelity Digital. |
| MPC / multisig | Multi-Party Computation / multisignature — splitting key custody across parties. |
| Chain analytics | Vendors that score on-chain addresses for risk (Chainalysis, TRM, Elliptic). |
| Address screening | Pre-transfer check that the counterparty address is not sanctioned / mixer / known-bad. |
| Self-hosted wallet | User's non-custodial wallet (MetaMask, Phantom, Ledger). Travel Rule treatment differs — see AOPP (Address Ownership Proof Protocol). |
| Reorg | Blockchain reorganization — a block previously thought final is replaced. Rare on Ethereum mainnet post-Merge; affects "wait blocks" policy. |
| Finality | Point at which a transaction cannot be reversed. Differs by chain. Ethereum: ~64s (2 epochs). Solana: ~13s. Tron: ~3s (no formal finality, soft). |
| L1 / L2 | Layer 1 (base chain) vs Layer 2 (rollup atop L1). L2 = cheaper, faster soft finality; L1-level finality takes longer. |
| CBDC | Central Bank Digital Currency (digital euro, e-CNY, eNaira, Drex/BR). |
| Stablecoin sandwich | Cross-border pattern: fiat-in → stablecoin → fiat-out, used to bypass correspondent banking. |
| VASP-to-VASP transfer | Crypto transfer between two regulated entities; full Travel Rule applies. |