Glossary
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
|
Security protocol for online credit card and debit card transactions used by Visa Secure, Mastercard Identity Check, American Express SafeKey, JCB J⁄Secure, Diners Club ProtectBuy, Discover ProtectBuy, China UnionPay, and Elo. |
|
Account Authentication Value. Unique 32-character transaction token for a 3D Secure transaction. For Mastercard Identity Check, the AAV is named the UCAF. For Visa Secure, the AAV is named the CAVV. |
|
|
The financial institution that accepts payments for products or services on behalf of a merchant. Also referred to as “acquiring bank.” This bank accepts or acquires transactions that involve a credit card issued by a bank other than itself. |
|
|
A 6-digit number that uniquely identifies the acquiring bank. There is a different acquirer BIN for Mastercard (starts with 5) and Visa (starts with 4) for every participating acquirer. |
|
|
Processor that provides credit card processing, settlement, and services to merchant banks. |
|
|
Access Control Server. The card-issuing bank’s host for the payer authentication data. |
|
|
The URL of the Access Control Server of the card-issuing bank that is returned in the response to the request to check enrollment. This is where you must send the PAReq so that the customer can be authenticated. |
|
|
ADS |
Activation During Shopping. The card issuer’s ability to ask the cardholder to enroll in the card authentication service when the merchant posts to the ACS URL |
|
American Express |
A globally issued card type that starts with 3 and which is identified as card type 003 by Cybersource. These cards participate in a card authentication service (SafeKey) provided by 3D Secure. |
|
API |
Application Programming Interface. A specification that can be used by software components to communicate with each other. |
|
authentication result |
Raw data sent by the card issuer that indicates the status of authentication. It is not required to pass this data into the authorization. |
|
authorization |
A request sent to the card issuing bank that ensures a cardholder has the funds available on their credit card for a specific purchase. A positive authorization causes an authorization code to be generated and the funds to be held. Following a payer authentication request, the authorization must contain payer authentication-specific fields containing card enrollment details. If these fields are not passed correctly to the bank, it can invalidate the liability shift provided by card authentication. Systemic failure can result in payment card company fines. |
|
Standard encoding method for data transfer over the Internet. |
|
|
Bank Identification Number. The 6-digit number at the beginning of the card that identifies the card issuer. |
|
Cardholder Authentication Verification Value. A Base64-encoded string sent back with Visa Secure-enrolled cards that specifically identifies the transaction with the issuing bank and Visa. Standard for collecting and sending AAV data for Visa Secure transactions. See AAV. |
|
|
A one-digit response passed back when the PARes status is a Y or an A. If your processor is ATOS, this must be passed in the authorization, if available. |
|
|
Compra Segura |
Trademarked name for the Elo card authentication service. |
|
CVV |
Card Verification Value. Security feature for credit cards and debit cards. This feature consists of two values or codes: one that is encoded in the magnetic strip and one that is printed on the card. Usually the CVV is a three-digit number on the back of the card. The CVV for American Express cards is a 4-digit number on the front of the card. CVVs are used as an extra level of validation by issuing banks. |
|
Diners Club |
A globally issued card type that starts with a 3 or a 5. Cybersource identifies Diners Club cards with a card type of 005. These cards participate in a card authentication service (ProtectBuy) provided by 3D Secure. |
|
The Visa and Mastercard servers that are used to verify enrollment in a card authentication service. |
|
|
Discover |
Primarily, a U.S. card type that starts with a 6. Cybersource identifies Discover cards with a card type of 004. These cards participate in a card authentication service (ProtectBuy) provided by 3D Secure. |
|
The numeric commerce indicator that indicates to the bank the degree of liability shift achieved during payer authentication processing. |
|
|
Alpha character value that indicates the transaction type, such as MOTO or INTERNET. |
|
|
Elo |
A globally issued card type that starts with a 5. Cybersource identifies Elo cards with a card type of 054. These cards participate in a card authentication service (Compra Segura) provided by 3D Secure. |
|
Cybersource transaction type used for verifying whether a card is enrolled in the Mastercard Identity Check or Visa Secure service. |
|
Japan Credit Bureau. A globally issued card type that starts with a 3. Cybersource identifies JCB cards with a card type of 007. These cards participate in a card authentication service (J/Secure) provided by 3D Secure. |
|
A card brand owned by Mastercard that includes several debit card BINs within the U.K., where it was formerly known as Switch, and in Europe. Merchants who accept Maestro cards online are required to use SecureCode, Mastercard’s card authentication service. Cybersource identifies Maestro cards with the 024 and 042 card types. Note that many international Maestro cards are not set up for online acceptance and cannot be used even if they participate in a SecureCode card authentication program. |
|
|
Mastercard |
A globally issued card that includes credit and debit cards. These cards start with a 5. Cybersource identifies these cards as card type 002 for both credit and debit cards. These cards participate in a card authentication service (Mastercard Identity Check) provided by 3D Secure. |
|
Trademarked name for Mastercard’s card authentication service. |
|
|
Merchant-defined Data that is posted as a hidden field to the ACS URL. You can use this data to identify the transaction on its return. This data is used to match the response from the card-issuing bank to a customer’s specific order. Although payment card companies recommend that you use the XID, you can also use data such as an order number. This field is required, but including a value is optional. The value has no meaning for the bank, and is returned to the merchant as is. |
|
|
Merchant ID |
Data that must be uploaded for the Mastercard and Visa card authentication process for each participating merchant. The Merchant ID is usually the bank account number or it contains the bank account number. The data is stored on the Directory Servers to identify the merchant during the enrollment check. |
|
Merchant Plug-In. The software used to connect to Directory Servers and to decrypt the PARes. |
|
PAN |
Primary Account Number. Another term for a credit card number. |
|
Payer Authentication Request. Digitally signed Base64-encoded payer authentication request message, containing a unique transaction ID, that a merchant sends to the card-issuing bank. Send this data without alteration or decoding. Note that the field name has a lowercase “a” (PaReq), whereas the message name has an uppercase “A” (PAReq). |
|
|
Payer Authentication Response. Compressed, Base64-encoded response from the card-issuing bank. Pass this data into Cybersource for validation. |
|
|
PARes Status |
Payer Authentication Response status. One-character length status passed back by Visa and Mastercard that is required data for Asia, Middle East, and Africa Gateway authorizations. |
|
processor |
Financial entity that processes payments. Also see acquiring processor. |
|
Cybersource field that contains the VEReq and VERes for merchant storage. Merchants can use this data for future chargeback repudiation. |
|
|
Trademarked name for the Diners Club and Discover card authentication services. |
|
Trademarked name for the American Express card authentication service. |
|
|
SCMP API |
Cybersource’s legacy name-value pair API that has been superseded by the Simple Order API. |
|
Cybersource’s current API, which provides three ways to access Cybersource services: name-value pair (NVP), XML, and SOAP. |
|
|
Solo |
A debit card type that was owned by Maestro. It was permanently discontinued March 31, 2011. |
|
Switch |
See Maestro. |
|
Termination URL on a merchant’s website where the card-issuing bank posts the payer authentication response (PARes) message. |
|
Universal Cardholder Authentication Field. A Base64-encoded string sent back with Mastercard Mastercard Identity Check-enrolled cards that specifically identifies the transaction with the issuing bank and Mastercard. Standard for collecting and sending AAV data for Mastercard Identity Check transactions. See AAV. |
|
|
UCAF collection indicator |
Value of 1 or 2 that indicates whether a Mastercard cardholder has authenticated themselves or not. |
|
validate |
Cybersource service for decoding and decrypting the PARes to determine success. The validate service returns the needed values for authorization. |
|
Verify Enrollment Request. Request sent to the Directory Servers to verify that a card is enrolled in a card authentication service. |
|
|
Verify Enrollment Response. Response from the Directory Servers to the VEReq. |
|
|
VERes enrolled |
Verify Enrollment Response enrolled. One-character length status passed back by Visa and Mastercard that is required data for Asia, Middle East, and Africa Gateway authorizations. |
|
Visa |
A globally issued card that includes credit and debit cards. These cards start with a 4. Cybersource identifies these cards as card type 001 for both credit and debit cards. These cards participate in a card authentication service (Visa Secure) provided by 3D Secure. |
|
(VbV) Trademarked name for Visa’s card authentication service. |
|
String used by both Visa and Mastercard which identifies a specific transaction on the Directory Servers. This string value should remain consistent throughout a transaction’s history. |