Warning:
This wiki has been archived and is now read-only.
Glossary
Leader: Evert Fekkes
Members: J-Y Rossi, ...
Tag: [glossary] (all emails related to this work should have this tag in the subject line)
See also Glossary Reference for inclusion in docs.
Contents
- 1 Description
- 2 Glossary
- 2.1 Authentication
- 2.2 Authorization
- 2.3 Certificate
- 2.4 Chargeback
- 2.5 Clearing
- 2.6 Coupon
- 2.7 Credential
- 2.8 Currency
- 2.9 Dispute
- 2.10 Escrow
- 2.11 Fee
- 2.12 Identification
- 2.13 Loyalty
- 2.14 Payment
- 2.15 Payment Institute
- 2.16 Payment Processor
- 2.17 Payment Scheme
- 2.18 Pre-authorization
- 2.19 Pull Payment
- 2.20 Purchase
- 2.21 Push Payment
- 2.22 Refund
- 2.23 Settlement
- 2.24 Transaction
- 2.25 Token
- 2.26 Tokenization
- 2.27 User Payment Agent
- 2.28 Verification
- 2.29 Wallet
- 3 Roles
Description
The aim of this page is to gather Glossary Terms from the Use Cases and Payment Agent and provide a wiki page platform to facilitate consideration of the definitions by the IG. When available, references to external definitions will be listed with the terms.
Status: Initial draft, to discuss the construction of this page
At the Utrecht February 2015 Face to Face meeting, the Context of transactions was discussed. This includes the Parties concerned (an extended three or four corner model) and possible Steps relating to an Economic transaction. A description of these context elements is available at the Context page (experimental)
A second experimental Glossary page is added to set up the Glossary Reference for the Use Cases
Glossary
Authentication
Definition
- Establishing the actor (buyer) with Identification and Verification methods using a Token and recording the will to perform the Transaction
- Technically, authentication means to prove something is 'real' or 'authentic'. We might want to differentiate two main cases:
- authentication e.g. of a credential, making sure it's the real thing (e.g. a virtualized card)
- authentication of the user, whereby the former credential might be used. Typically here 'knowledge' (PIN/ password) or biometry are used.
- might not appear of importance to some: authenticity of the PoS/ device/ service. In the end very important in every 'remote' situation - as well as being introduced to PoS currently, as a counterfeit PoS equipment can run security attacks or relay communication easily. (MNOs know these e.g. as 'IMSI catchers' as early cellular standards didn't support authentication from the base station to the handset, it became easy to mimic a MNO network and observe communication, eventually even break the existing security over time.)
References
- Wiki: Authentication
Authorization
Definition
- Requesting acceptance of a payment by a payer from a payment institute or other actor, optional resulting in a payment guarantee according to specific payment scheme rules (Evert)
References
- Wiki Authorization
Certificate
Chargeback
Clearing
Coupon
Credential
Definition
- An identity is a description of a particular entity such as a person, software agent, or organization. A credential is a qualification, achievement, quality, or information about an identity's background such as a name, government ID, home address, or university degree.
Reference
Definition
- Credentials mean the information — generally confidential — provided by a customer or PSP for the purposes of authentication. Credentials can also mean the possession of a physical tool containing the information (e.g. one-time-password generator, smart card), or something the user memorises or represents (such as biometric characteristics).
Reference
Definition
- A credential is an attestation of qualification, competence, or authority issued to an individual by a third party with a relevant or de facto authority or assumed competence to do so.
Reference
- Wiki definition
Currency
Dispute
Escrow
Fee
Identification
Two different notions of identification play a role in payments:
- Identification of a natural or juridical person (e.g. for legal reasons) (implies verification)
- Identification of a person (customer) to relate personal data to a transaction or personalize a services (might imply verification/ authentication in the context of a given service, but not according to a greater legal construct.)
I made these up to avoid us getting into the mess of 'everybody know what Identity is, so we don't need to make sure everybody is on the same page'. There is a big difference between verifying the identity of a person or doing something around some (non-governmental) organization's representation of a person. Numerous websites are good at identifying that it's me on this device and later on an other device or browser. They don't need proof, but the sure know how to identify me. In contrast, a bank might be legally required to use some governmental instrument (a credential, if you will) because they are not allowed to do certain types of business with me otherwise. (The difference might not be in technology at times - but it is in legal terms AFAIK). Any non-government organization may ask you for whatever proofs or credentials, if they do it to carry out their business according to their contract with you as an individual, it's either the same category as the 'guessed identity' above or a new one if you like. It's different because it's just there business in the first instance.
Loyalty
Payment
Definition
- Payment is the transfer of value from buyer to seller as part of an economic transaction (Evert)
- Wiki: Payment is the transfer of an item of value from one party (such as a person or company) to another in exchange for the provision of goods, services or both, or to fulfill a legal obligation.
References
- Wiki Payment
Payment Institute
Definition
- regulated market party offering payment instruments to consumers and merchants (Evert)
Payment Processor
Definition
References
- Wiki Payment processor
See the entry under Roles on this page
Payment Scheme
EMVco definition for Payment Network:
- An electronic payment system used to accept, transmit, or process transactions made by payment cards for money, goods, or services, and to transfer information and funds among Issuers, Acquirers, Payment Processors, Merchants, and Cardholders.
(TBD: define three and four party scheme models)
Pre-authorization
Pull Payment
Purchase
Push Payment
Refund
Settlement
- Settlement is “an act that discharges obligations in respect of funds or securities transfers between two or more parties” (BIS definition)
Transaction
Definition
- Economic act between buyer and seller, may be defined in a contract and may require payment (Evert)
- An agreement, communication, or movement carried out between a buyer and a seller to exchange an asset for payment
References
- Wiki Transaction
Token
Definition
- hardware or software carrier of one or more applications enabling identification and authentication (Evert)
References
- Wiki Token
- Wiki Security Token
Tokenization
Definition
- generic definitions
- EMV Tokenization Specification
References
- Wiki Tokenization
User Payment Agent
Definition
- Abstraction for what could take the form of the Wallet
Verification
Definition
- Insert Customer Verification Methods here
- Also related to Identification & Verification for Payment Tokenization processing
Wallet
Definition
- A software (product) or service fulfilling - at least - the requirements and interfaces for a User Payment Agent
Roles
These roles are provided to help control terminology use in the use cases and other documents. These roles may eventually be inserted into the glossary if the task force agrees. There may be some redundancy with the definitions above, but these items are kept in this section for now to provide easy reference.
Acquirer
- Is a financial institution recognized by a payment scheme. Holds the only accounts (for merchants) that can receive payments.
Customer
- An entity paying to receive goods, services, or other things of value. Abstractly known as "payer."
Issuer
- Is a financial institution recognized by a scheme, has a relationship with the customer and holds the customer's account. Has issed a vlid means of payment to the customer, and exposes a payment authorization and clearing interface.
Merchant
- An entity receiving payment for good, services, or other things of value. Abstractly known as "payee."
Payer
- Entity that provides a source of funds as required by a transaction.
Payee
- Entity that receives funds as required by a transaction.
Payment Processor
- Operates the payment scheme technical payment network (auth & clearing).
- Networks with other processors for international and cross payment scheme payments.
Definition from the EMVco Tokenization Specification:
- An entity that provides payment processing services for Acquirers and / or Issuers.
- A Payment Processor may in addition to processing provide operational, reporting and other services for the Acquirer or Card Issuer.
Payment Scheme
- Regulates liability between banks (for payment).
- Sets interchange fees.
- Specifies protocols for auth & clearing.
- Specifies and certifies valid equipment on both sides of electronic transactions.
Token Service Provider
- authorized to provide Payment Tokens to registered Token Requestors
- responsible for building and managing their own proprietary Token Requestor APIs, Token Vaults, Token provisioning platforms, and Token registries
- Payment Token provisioning
- Payment Token generation and issuance
Definition from the EMVco Tokenization Specification:
- An entity that provides a Token Service comprised of the Token Vault and related processing.
- The Token Service Provider will have the ability to set aside licensed ISO BINS as Token BINs to issue Payment Tokens for the PANs that are submitted according to this specification.
Token Service:
- A system comprised of the key functions that facilitate generation and issuance of Payment Tokens from the Token BINs, and maintain the established mapping of Payment Tokens to PAN when requested by the Token Requestor.
- It also includes the capability to establish the Token Assurance Level to indicate the confidence level of the Payment Token to PAN / Cardholder binding.
- The service also provides the capability to support Token Processing of payment transactions submitted using Payment Tokens by de-tokenising the Payment Token to obtain the actual PAN.
Token Requestor
- Token Service Providers and comply with their proprietary registry requirements, systems, and processes
- Can be Wallet providers,Card on File Merchants, Card Issuers and Payment enablers
Definition from EMVco Payment Tokenisation Specification:
- An entity that is seeking to implement Tokenisation according to this specification and initiate requests that PANs be Tokenised by submitting Token Requests to the Token Service Provider.
- Each Token Requestor will be registered and identified uniquely by the Token Service Provider within the Tokenisation system.
Card Issuer
- Card Issuers will continue to maintain their current role in terms of owning the account relationship with the Cardholder
- Any Card Issuer-implemented Token Service SHOULD consider following EMVCo Tokenization specification
- A financial institution or its Agent that issues the Card to Cardholders.
Token Vault Provider
- Ongoing operation and maintenance of the Token Vault
- Security and API access to secure Vault
- back-up/Recovery and Archival of the Vault
- can be a function of Token Service Provider
Token Vault definition from the EMVco Tokenisation Specification:
- A repository, implemented by a Tokenisation system that maintains the established Payment Token to PAN mapping.
- This repository is referred to as the Token Vault. The Token Vault may also maintain other attributes of the Token Requestor that are determined at the time of registration and that may be used by the Token Service Provider to apply domain restrictions or other controls during transaction processing.
Wallet Provider
- The publisher of a user payment agent (UPA) software application, if a specific instantiation of such application is registered with the publisher for update and maintenance reasons
- The operator of backend software which maintains some kind of a status of a UPA application instantiation
- The operator of security measures to restrict access to his UPAs to specific items or item issuers, might grant access to hardware capabilities he or a partner has access to (Secure Element)
- Offers services, like backup, synchronization, revocation/ blocking/ remote wiping, re-hosting and other administrative services