Glossary and Key Terms
Authorization/Capture: The submission of credit card transactions to be processed by the merchant provider. This checks the fund’s availability on the credit card submitted. The authorized transactions are held in the terminal until the terminal is settled.
Batch: A collection of authorized transactions made in a single day or period.
EMV: EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards and IC card capable point of sale terminals and automated teller machines, for authenticating credit and debit card transactions.
Manual Batch: The merchant may initiate a settlement anytime on the terminal. A manual batch settlement will take any transactions in the terminal and submit them for payment into the merchant’s account. The merchant may want to batch after each shift thus sending multiple deposits to the bank in a single day.
Auto Batch: The terminal is programmed to communicate after midnight to the host/mainframe computer at the processing center. The authorized transactions are sent for settlement to the merchant’s bank account. Even if the terminal is set to auto-close a manual batch may be done at any given time to empty the authorized transactions.
Charge Back: This is a charge declined by a customer or credit cardholder. Your customers’ credit card issuer will handle the matter and you must show some proof that the services and/or products were delivered in the manner you both agreed upon. If the cardholder wins, then the money is taken out of your merchant account.
Credit Card Fee (Discount Rate): This is the fee that is charged by Visa, MasterCard, Discover or American Express. The card associations have more than twenty interchange rate structures. We blend the rates into three categories: Qualified, Mid Qualified, and Non Qualified.
Qualified Discount Rate: This is the lowest possible rate. These transactions are swiped and it is the most secure form of transaction as the data is captured from the magnetic strip on the back of the card and sent with the transaction.
Mid Qualified Discount Rate: This transaction will occur when it is hand entered (non-swiped, but with AVS/address verification service), settled after 24 hours of authorization, or a swiped level II corporate card.
Non-Qualified Discount Rate: All non-swiped corporate cards, paper-based merchants, or transactions not settled within 48 hours of authorization.
Interchange: This is the rate that the processors are charged from the networks to actually process transactions.
PCI DATA
PCI compliance refers to meeting the requirements established by the Payment Card Industry Security Standards Council (PCI SSC), an alliance of the five major credit card companies — Visa®, MasterCard®, Discover®, American Express®, and JCB International®. The PCI SSC established and enforces the PCI Data Security Standards (PCI DSS), which lays out for all merchants who process, store, or transmit credit, debit, or prepaid card information the steps to take to maintain a secure transaction environment.
COCARD® supports and promotes PCI compliance. Our PCI program provides services that help merchants become and remain compliant, even as PCI DSS requirements change. Listed below are comprehensive components of the program.
Our online Self-Assessment Questionnaire (SAQ) is an intuitive and easy-to-use tool with picture-driven qualification steps that help merchants easily determine their Validation Type. It is supplemented with expert help text and real-life examples.
External scanning detects network vulnerability for merchants with external-facing IP addresses and finds holes in web-based applications. COCARD then issues easy-to-understand reports detailing the results and prioritizing vulnerabilities while offering hands-on assistance for remediation.
A set of custom security policies, powered by the Unified Compliance Framework (UCF), and policy templates that are automatically generated based on how merchants process payment cards provide an individualized approach to compliance.
On-demand security awareness training prepares merchants to handle sensitive information, satisfies PCI DSS requirements, and eliminates the need to purchase a costly training program from a third-party provider.
A data breach occurs when an unauthorized party accesses a merchant’s network and steals cardholder data. There are various types of breaches including network (hacking and skimming), malware and spyware, the physical loss of the card, paper records or a device like a computer or CD, and physical losses from employee dishonesty.
Regardless of how it plays out, a potential result is always the same: unencrypted personal identifying information or card data is compromised by fraudsters and thieves.
With fraudulent payment card transactions continually on the rise, it’s more important than ever that merchants protect themselves from potentially huge financial losses associated with a data breach. COCARD® offers a unique Data Breach Security Program specifically designed to help merchants meet the expenses resulting from a suspected or actual breach of payment card data.
The Data Breach Security Program offers peace of mind to merchants during an extremely vulnerable time with:
A forensic audit is required by the Payment Card Industry Data Security Standard (PCI DSS) whenever a data breach is suspected to confirm whether a breach has occurred and to pinpoint vulnerabilities in the system.
Industry fines and assessments met as required by PCI DSS in the event of an unintended breach of confidential customer information, regardless of how it happens.
Issuer-related expenses that cover card replacement costs, credit monitoring, and other expenses related to a breach.
Expenses from an actual or suspected data breach are met regardless of the business’s PCI compliance status as long as the owner is not involved in the breach.