Acquirer (or acquiring bank)
A member of a card association, for example Mastercard or Visa, who maintains merchant relationships and receives card transactions from merchants.
ACB (Automated Clearing Bureau)
Prior to the establishment of BankservAfrica in the first half of 1993, the banking industry in South Africa jointly owned several companies that provided shared services to the banks through a variety of payment channels. As these companies followed their own direction and operated in separate silos, the need arose to consolidate them into a single structure: the ACB.
ACH (Automated Clearing House)
A group of processing and financial institutions that are linked by a computer network. Various types of electronic payment transactions, including credit card settlements, are routed across this network. The Automated Clearing House network provides a means of exchanging funds electronically. The National Automated Clearing House Association (NACHA) is responsible for maintaining the ACH rules and standards governing the exchange of ACH payments between financial institutions.
AEDO (Authenticated Early Debit Order)
A debit order that enables the account holder to mandate contracted future-dated early debit orders through the use of their bank card (e.g. debit card) and PIN.
- A security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual’s authorisation to receive specific categories of information or transaction approval (in the case of cards or payment orders).
- A security measure designed to protect a communications system against acceptance of a fraudulent transmission or simulation by establishing the validity of a transmission, message, or originator.
- A cryptographic process, performed during a chip-initiated transaction, that is used to validate the integrity of data provided to identify one or more of the following: issuer, card, chip-reading device and message content.
The first of seven stages in processing a bank card transaction. In this stage, the merchant issues a request to charge the amount to the cardholder’s card. The card issuer or an authorised agent, such as an authorising processor or a stand-in processor, references the cardholder’s account status and credit limit and approves or denies the transaction.
Africa’s largest PCH/ACH, which is majority owned by the ‘Big 4’ South African banks with a minority holding of smaller banks. It is a provider of electronic payments technology, including cheque and credit/debit card processing, mobile payments, SWIFT messaging and wire systems for banks.
A collective name for the four largest banks in South Africa, namely Absa, First National Bank, Standard Bank and Nedbank.
Visa and MasterCard are member-based organisations formed to manage the rules, regulations, and process of interchanging card transactions. Their membership consists of issuers, who are responsible for the management and issuance of debit and credit cards, and acquirers, who are responsible for the procurement and management of merchant relationships for card acceptance.
A covering term for the full Primary Account Number (PAN), along with any of the following elements:
- Cardholder name
- Expiry date
- Service code
Sensitive Authentication Data, which must also be protected, includes full magnetic strip data, CAV2, CVC2, CVV2, CID, PINs and PIN blocks.
CCD (Common Core Definitions)
A minimum common set of card application implementation options, card application behaviours and data element definitions that is sufficient to accomplish an EMV transaction. CCD is not a functional application specification.
The return of funds to a consumer, forcibly initiated by the consumer’s issuing bank. Specifically, it is the reversal of a prior outbound transfer of funds from a consumer’s bank account, line of credit, or credit card.
CPA (Common Payment Application)
CPA (Common Payment Application) is a functional description of an application that complies with the CCD requirements. CPA implementations must comply with CCD requirements, whereas CCD implementations may not necessarily comply with CPA.
Visa or Mastercard credit cards jointly sponsored by a bank and a retail merchant such as a department store. Co-branded cards can be issued at less cost than conventional retail private label cards, and give issuing banks access to new customers. Cardholders may be given incentives, such as discounts on merchandise, rebates, or discounts off purchases. A co-branded card has a tie-in with a specific merchant rather than an association or professional group. It can also be used at other merchants.
EFT (Electronic Funds Transfer)
The electronic exchange or transfer of money from one account to another, either within a single financial institution or across multiple institutions, through computer-based systems.
EMV (EuroPay, Mastercard and Visa)
A global standard for interoperation of integrated circuit cards (also called IC cards or chip cards) and IC-card-capable point of sale (POS) terminals and automated teller machines (ATMs), for the purpose of authenticating credit and debit card transactions.
The process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing a key to the cipher.
The Financial Intelligence Centre Act (Act 28 of 2001), a South African law designed to combat money laundering. Money laundering is the abuse of financial systems to hide or disguise the proceeds of crime.
A device or set of devices designed to permit or deny network transmissions based upon a set of rules. Firewalls are frequently used to protect networks from unauthorised access while permitting legitimate communications to pass. Many personal computer operating systems include software-based firewalls to protect against threats from the public internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions.
The fee that a merchant’s bank pays a customer’s bank when merchants accept card payments using card networks.
Issuer (or issuing bank)
A bank that offers card association branded payment cards directly to consumers.
Any entity that accepts payment cards, not limited to those bearing the logos of any of the five members of PCI SSC (American Express, Discover, JCB, Mastercard and Visa) as payment for goods or services. Note that a merchant who accepts payment cards as payment for goods or services can also be a service provider, if the services sold result in storing, processing or transmitting cardholder data on behalf of other merchants or service providers. For example, an ISP is a merchant that accepts payment cards for monthly billing, but also is a service provider if it hosts merchants as customers.
A merchant account is set up with a financial institution to allow merchants to accept credit card payments directly from their clients. Unlike most third-party services, money collected through the merchant account is deposited directly into the merchant’s checking account within 2 to 3 business days. Merchants need a merchant account if they want to take credit card payments from their clients using their own business name and have the money deposited directly into their business checking account.
When a business owner sets up a merchant account to enable their customers to pay for products or services using credit cards or debit cards with a Visa or Mastercard logo, they have to pay some fees associated with the credit card transactions. The specific fee amounts depend on the merchant account provider that provides the credit card processing service. However, there is a list of typical fees that the majority of providers charge business owners in exchange for the ability to accept credit cards as payment.
MICR (Magnetic Ink Character Recognition)
A character recognition technology used primarily by the banking industry to facilitate the processing of cheques. The technology allows computers to read information (such as account numbers) off printed documents. Unlike barcodes or similar technologies, however, MICR codes can be easily read by humans.
NAEDO (Non-Authenticated Early Debit Order)
A collection system that allows future-dated collections to take place early in the day, closer to the payment window, to improve collection rates. It is a National Credit Act initiative that strives to prohibit preferential collection systems and to create equal opportunity for creditors to collect funds from debtors. The National Payment Systems Act provides for NAEDO, which dictates that transactions presented for payment from financial institutions and creditors are randomly presented for payment. This ensures a level playing field for priority collections.
NCA (National Credit Act)
The NCA became fully operational in South Africa on 1 June 2007. The NCA replaces the Usury Act (Act 73 of 1968), the Credit Agreements Act (Act 75 of 1980) and the Integration of Usury Laws Act (Act 57 of 1996), which was the primary legislation governing the granting of credit within the South African financial services industry since 1968. In essence, the NCA is designed to promote a fair and non-discriminatory marketplace in South Africa.
NPS (National Payments System)
A system that provides management and administration, operation, regulation and supervision of payment, clearing and settlement in the Republic of South Africa, as well as related matters. It is governed by the National Payments Act (Act 78 of 1998).
‘Not on us’ Transactions
Transactions in which the bank that issued the card is not the same as the one that owns the ATM or POS terminal on which the transaction is made.
‘On us’ Transactions
Transactions in which the bank that issued the card is the same as the one that owns the ATM or POS terminal on which the transaction is made.
PASA (Payments Association of South Africa)
PASA is recognised by the South African Reserve Bank (SARB) as a payment system management body in terms of the NPS Act, which was promulgated in October 1998. PASA performs a crucial function in the South African economy by assisting the SARB in managing the safety and integrity of the NPS, through which all payments between financial institutions must flow.
Payment Service Provider
Payment Service Providers, also known as Payment Gateways, connect a merchant to the bank or processor that is acting as the front-end connection to the card issuing association. They are called gateways because they take many inputs from a variety of different applications and route those inputs to the appropriate bank or processor. Gateways communicate with the bank or processor using dial-up connections, web-based connections or privately-held leased lines. They operate in accordance with security compliance, as set out by the Card Associations, ACH and industry regulators such as PCI and EMVCo.
A payment token is a reversible token generated at the payment issuer level. This means that the token can be securely mapped back to its original account number by the provider of the payment token and authorised entities only. It is used as part of the payment chain and, when submitted in a transaction to the payment system, causes a payment to occur.
The tokenisation process happens in a manner that is typically invisible to the consumer. Such tokens could be used by merchants or digital wallet operators, and can be stored in EMV chip cards and NFC devices. The payment tokens are restricted to specific domains. For example, a token may be usable only within the e-commerce acceptance channel at a specific merchant. An additional capability of payment tokens is that they can be unlinked from the original card account number in case the token is either no longer needed or a mobile device or card has been lost or stolen. Payment tokens are of particular value in card-not-present transactions, as well as with mobile devices and similar form factors.
PCI-DSS (Payment Card Industry Data Security Standard)
A set of specific security standards developed by the PCI payment brands to help promote the adoption of consistent data security measures that are needed to protect sensitive payment card information. The standard applies to all organisations who hold, process or exchange cardholder information from any card branded with the logo of the payment brand companies.
PCH/ACH (Payment Clearing House/Automated Clearing House)
An electronic network for financial transactions, processing large volumes of credit and debit transactions in batches. In South Africa, a network established by bilateral, legally binding arrangement by two or more settlement system participants (excluding the designated system operator) that governs the clearing of payment instructions to be settled by the South African Reserve Bank’s settlement participants.
PIN (Personal Identification Number)
A secret numeric password shared between a user and a system that can be used to authenticate the user to the system. PINs are most often used for automated teller machines (ATMs), but are increasingly used at the point of sale for debit cards and credit cards. Throughout Europe and Canada the traditional in-store credit card signing process has increasingly been replaced with a system where the customer is asked to enter their PIN instead of signing. In the UK and Ireland, this system is called chip and PIN, since PINs were introduced at the same time as EMV chips on the cards. In other parts of the world, PINs have been used before the introduction of EMV chips. Apart from financial uses, GSM mobile phones usually allow the user to enter a PIN of between 4 and 8 digits. The PIN is recorded in the SIM card.
POS (Point of Sale)
A hardware payment device used to swipe debit and credit cards for payment. This device enables payments to be authorised through the acquiring bank.
RTC (Real-time Clearing)
An online service that enables customers to move single credit payments to beneficiaries, such as account payments, in real time. In this context, real time means within 60 seconds, 24 hours a day, 7 days a week, 365 days a year. The system is integrated with the Central Bank settlement service, supports multiple settlement windows and includes the ability to force settlement when a participating bank’s daily exposure limit is reached. Access to a web-based transaction look-up facility, management information and intra-day exposure (IDE) values are part of the offering.
SARB (South African Reserve Bank)
The central bank of the Republic of South Africa. The primary purpose of the SARB is to achieve and maintain price stability in the interest of balanced and sustainable economic growth in South Africa. Together with other institutions, it also plays a pivotal role in ensuring financial stability.
BankservAfrica’s SASWITCH service enables clients of any participating bank to draw money from ATMs belonging to any other participating bank. This service is available to holders of credit and debit cards. All domestic transactions with a valid bank identification number (BIN) are switched between acquiring and issuing financial institutions. ATM card transactions bearing an international BIN are not switched via BankservAfrica. Once a transaction is received from an acquiring financial institution, BankservAfrica applies PIN security algorithms, secures the transaction on both the BankservAfrica primary and disaster recovery (DR) processors, and then forwards the transaction to the issuing financial institution. This is followed by the standard authorised/not authorised response to the acquiring financial institution.
The licensed Central Securities Depository (CSD) for the electronic settlement of financial instruments in South Africa. Strate’s core purpose is to mitigate risk, bring efficiencies to the South African financial market and improve South Africa’s profile as an investment destination. Strate is aligned to international best practices and continually strives to ensure operational excellence and provide enhancements for the good of the Southern African financial market. Strate handles the settlement of a number of securities for the Johannesburg Stock Exchange (JSE), including equities and bonds as well as a range of derivative products such as warrants, Exchange Traded Funds (ETFs), retail notes and tracker funds. It has now added the settlement of money market securities to its portfolio of services. It provides services to issuers for their investors in terms of the Companies Act and Securities Services Act (SSA) of 2004.
Third-party Processor (TPP)
Any company that stores, processes, or transmits cardholder data on behalf of another entity. A third-party processor may be mandated to act as a front-end processor on behalf of an acquiring bank, or it may be contracted by a bank or payment service provider to conduct some part of the transaction processing process. In internet credit card processing, the Secure Payment Gateway Provider is another type of third-party processor.
Any event that causes a change in an organisation’s financial position or net worth, resulting from normal activity. Examples include advance of funds, purchase of goods at a retailer, or when a borrower activates a revolving line of credit, as well as any activities affecting a deposit account that are carried out at the request of the account owner. One example of a transaction is the process that takes place when a cardholder makes a purchase with a credit card.
Transaction data includes data related to electronic payment card transactions, token transactions or EFT transactions.