Glossary

Leader: Evert Fekkes

Members: J-Y Rossi, ...

Tag: [glossary] (all emails related to this work should have this tag in the subject line)

See also Glossary Reference for inclusion in docs.

Description

The aim of this page is to gather Glossary Terms from the Use Cases and Payment Agent and provide a wiki page platform to facilitate consideration of the definitions by the IG. When available, references to external definitions will be listed with the terms.

Status: Initial draft, to discuss the construction of this page

At the Utrecht February 2015 Face to Face meeting, the Context of transactions was discussed. This includes the Parties concerned (an extended three or four corner model) and possible Steps relating to an Economic transaction. A description of these context elements is available at the Context page (experimental)

A second experimental Glossary page is added to set up the Glossary Reference for the Use Cases

Glossary

Authentication

Definition

Establishing the actor (buyer) with Identification and Verification methods using a Token and recording the will to perform the Transaction

Technically, authentication means to prove something is 'real' or 'authentic'. We might want to differentiate two main cases:

1. authentication e.g. of a credential, making sure it's the real thing (e.g. a virtualized card)
2. authentication of the user, whereby the former credential might be used. Typically here 'knowledge' (PIN/ password) or biometry are used.
3. might not appear of importance to some: authenticity of the PoS/ device/ service. In the end very important in every 'remote' situation - as well as being introduced to PoS currently, as a counterfeit PoS equipment can run security attacks or relay communication easily. (MNOs know these e.g. as 'IMSI catchers' as early cellular standards didn't support authentication from the base station to the handset, it became easy to mimic a MNO network and observe communication, eventually even break the existing security over time.)

References

Wiki: Authentication

Authorization

Definition

Requesting acceptance of a payment by a payer from a payment institute or other actor, optional resulting in a payment guarantee according to specific payment scheme rules (Evert)

References

Wiki Authorization

Certificate

Chargeback

Clearing

Coupon

Credential

Definition

An identity is a description of a particular entity such as a person, software agent, or organization. A credential is a qualification, achievement, quality, or information about an identity's background such as a name, government ID, home address, or university degree.

Reference

Credentials Community Group - Working Draft

Definition

Credentials mean the information — generally confidential — provided by a customer or PSP for the purposes of authentication. Credentials can also mean the possession of a physical tool containing the information (e.g. one-time-password generator, smart card), or something the user memorises or represents (such as biometric characteristics).

Reference

European Banking Authority - Guidelines on the security of internet payments (2014)

Definition

A credential is an attestation of qualification, competence, or authority issued to an individual by a third party with a relevant or de facto authority or assumed competence to do so.

Reference

Wiki definition

Currency

Dispute

Escrow

Fee

Identification

Two different notions of identification play a role in payments:

• Identification of a natural or juridical person (e.g. for legal reasons) (implies verification)
• Identification of a person (customer) to relate personal data to a transaction or personalize a services (might imply verification/ authentication in the context of a given service, but not according to a greater legal construct.)

I made these up to avoid us getting into the mess of 'everybody know what Identity is, so we don't need to make sure everybody is on the same page'. There is a big difference between verifying the identity of a person or doing something around some (non-governmental) organization's representation of a person. Numerous websites are good at identifying that it's me on this device and later on an other device or browser. They don't need proof, but the sure know how to identify me. In contrast, a bank might be legally required to use some governmental instrument (a credential, if you will) because they are not allowed to do certain types of business with me otherwise. (The difference might not be in technology at times - but it is in legal terms AFAIK). Any non-government organization may ask you for whatever proofs or credentials, if they do it to carry out their business according to their contract with you as an individual, it's either the same category as the 'guessed identity' above or a new one if you like. It's different because it's just there business in the first instance.

Loyalty

Payment

Definition

Payment is the transfer of value from buyer to seller as part of an economic transaction (Evert)

Wiki: Payment is the transfer of an item of value from one party (such as a person or company) to another in exchange for the provision of goods, services or both, or to fulfill a legal obligation.

References

Wiki Payment

Payment Institute

Definition

regulated market party offering payment instruments to consumers and merchants (Evert)

Payment Processor

Definition

References

Wiki Payment processor

See the entry under Roles on this page

Payment Scheme

EMVco definition for Payment Network:

An electronic payment system used to accept, transmit, or process transactions made by payment cards for money, goods, or services, and to transfer information and funds among Issuers, Acquirers, Payment Processors, Merchants, and Cardholders.

(TBD: define three and four party scheme models)

Pre-authorization

Pull Payment

Purchase

Push Payment

Refund

Settlement

Settlement is “an act that discharges obligations in respect of funds or securities transfers between two or more parties” (BIS definition)

Transaction

Definition

Economic act between buyer and seller, may be defined in a contract and may require payment (Evert)

An agreement, communication, or movement carried out between a buyer and a seller to exchange an asset for payment

References

Wiki Transaction

Token

Definition

hardware or software carrier of one or more applications enabling identification and authentication (Evert)

References

Wiki Token

Wiki Security Token

Tokenization

Definition

generic definitions

EMV Tokenization Specification

References

Wiki Tokenization

User Payment Agent

Definition

Abstraction for what could take the form of the Wallet

Verification

Definition

Insert Customer Verification Methods here

Also related to Identification & Verification for Payment Tokenization processing

Wallet

Definition

A software (product) or service fulfilling - at least - the requirements and interfaces for a User Payment Agent

Roles

These roles are provided to help control terminology use in the use cases and other documents. These roles may eventually be inserted into the glossary if the task force agrees. There may be some redundancy with the definitions above, but these items are kept in this section for now to provide easy reference.

Acquirer

Is a financial institution recognized by a payment scheme. Holds the only accounts (for merchants) that can receive payments.

Customer

An entity paying to receive goods, services, or other things of value. Abstractly known as "payer."

Issuer

Is a financial institution recognized by a scheme, has a relationship with the customer and holds the customer's account. Has issed a vlid means of payment to the customer, and exposes a payment authorization and clearing interface.

Merchant

An entity receiving payment for good, services, or other things of value. Abstractly known as "payee."

Payer

Entity that provides a source of funds as required by a transaction.

Payee

Entity that receives funds as required by a transaction.

Payment Processor

Operates the payment scheme technical payment network (auth & clearing).

Networks with other processors for international and cross payment scheme payments.

Definition from the EMVco Tokenization Specification:

An entity that provides payment processing services for Acquirers and / or Issuers.

A Payment Processor may in addition to processing provide operational, reporting and other services for the Acquirer or Card Issuer.

Payment Scheme

Regulates liability between banks (for payment).

Sets interchange fees.

Specifies protocols for auth & clearing.

Specifies and certifies valid equipment on both sides of electronic transactions.

Token Service Provider

authorized to provide Payment Tokens to registered Token Requestors

responsible for building and managing their own proprietary Token Requestor APIs, Token Vaults, Token provisioning platforms, and Token registries

Payment Token provisioning

Payment Token generation and issuance

Definition from the EMVco Tokenization Specification:

An entity that provides a Token Service comprised of the Token Vault and related processing.

The Token Service Provider will have the ability to set aside licensed ISO BINS as Token BINs to issue Payment Tokens for the PANs that are submitted according to this specification.

Token Service:

A system comprised of the key functions that facilitate generation and issuance of Payment Tokens from the Token BINs, and maintain the established mapping of Payment Tokens to PAN when requested by the Token Requestor.

It also includes the capability to establish the Token Assurance Level to indicate the confidence level of the Payment Token to PAN / Cardholder binding.

The service also provides the capability to support Token Processing of payment transactions submitted using Payment Tokens by de-tokenising the Payment Token to obtain the actual PAN.

Token Requestor

Token Service Providers and comply with their proprietary registry requirements, systems, and processes

Can be Wallet providers,Card on File Merchants, Card Issuers and Payment enablers

Definition from EMVco Payment Tokenisation Specification:

An entity that is seeking to implement Tokenisation according to this specification and initiate requests that PANs be Tokenised by submitting Token Requests to the Token Service Provider.

Each Token Requestor will be registered and identified uniquely by the Token Service Provider within the Tokenisation system.

Card Issuer

Card Issuers will continue to maintain their current role in terms of owning the account relationship with the Cardholder

Any Card Issuer-implemented Token Service SHOULD consider following EMVCo Tokenization specification

A financial institution or its Agent that issues the Card to Cardholders.

Token Vault Provider

Ongoing operation and maintenance of the Token Vault

Security and API access to secure Vault

back-up/Recovery and Archival of the Vault

can be a function of Token Service Provider

Token Vault definition from the EMVco Tokenisation Specification:

A repository, implemented by a Tokenisation system that maintains the established Payment Token to PAN mapping.

This repository is referred to as the Token Vault. The Token Vault may also maintain other attributes of the Token Requestor that are determined at the time of registration and that may be used by the Token Service Provider to apply domain restrictions or other controls during transaction processing.

Wallet Provider

The publisher of a user payment agent (UPA) software application, if a specific instantiation of such application is registered with the publisher for update and maintenance reasons

The operator of backend software which maintains some kind of a status of a UPA application instantiation

The operator of security measures to restrict access to his UPAs to specific items or item issuers, might grant access to hardware capabilities he or a partner has access to (Secure Element)

Offers services, like backup, synchronization, revocation/ blocking/ remote wiping, re-hosting and other administrative services