GLOSSARY Account Data Compromise Event - is an event in which account data may have been compromised that could lead to unauthorized use of the cardholder’s account. An account data compromise event does not mean that account data was wrongfully disclosed or used, but that account data may have been wrongfully disclosed or used. Account Number - is the unique sequence of numbers given to a cardholder’s credit card account and that is embossed on the face of the credit card. Account Testing - is a fraud scam in which criminals verify whether a credit card account number is valid. The perpetrators submit an authorization request but not a sales draft. If the account is valid, it is then used for larger fraudulent transactions. The term “account testing” is also commonly used to refer to transaction testing of cardholder accounts during the examination process and is separate and distinct from account testing as used to refer to the fraud perpetration discussed above. Acquiring Bank - is a bank that contracts with merchants to accept, process, and settle credit card transactions. The acquiring bank is the entity that maintains the merchant relationships and collects cardholder transaction data from those merchants (either directly or via a third party). It then initiates that data into an interchange system, subsequently receives payment from the issuer, and pays the merchants. Acquiring banks typically provide chargeback processing and other back- office services and are also known as acquirers or merchant banks. Address Verification Service (AVS) AVS enables merchants that accept card-not-present transactions to compare the billing address (the address to which the card issuer sends its monthly statement for that account) provided by a customer with the billing address on the card issuer’s file before processing a transaction. After comparing the provided address with the one they have on file for their cardholder, the card issuer responds by issuing an AVS Response code. Address verification and transaction authorization occur simultaneously and, within seconds, the merchant receives both results. Adverse Retention occurs when a bank inadvertently retains a disproportionately high number of potentially bad accounts (for example, unprofitable or overly problematic accounts). Adverse Selection occurs when a disproportionately high number of potentially bad credit risks respond to an offer. Affiliate Member is a type of MasterCard or Visa member that participates indirectly through an association member or a principal member in the activities of Visa or MasterCard (for example, by issuing MasterCard or Visa cards or by accepting transaction records from merchants). Affinity Card are general purpose credit cards offered by two organizations: one the lender and the other usually a non-financial group. The issuer often donates a portion of the fees or charges (sometimes referred to as a royalty) to the non-financial group. Use of the card often entitles the cardholder to special discounts or deals from the non-financial group. Agent In the credit card processing industry, agents is entities that source merchants or cardholders, serve as a payment gateway, or provide other services for the bank. Agent Bank is a bank that, by agreement with an acquirer, participates in that acquirer’s merchant processing program. It may or may not be liable to the acquirer for losses incurred on its merchant accounts. Annual Percentage Rate (APR) is the cost of credit at a yearly rate. It is calculated in a standard way, taking the average compound interest rate over the term of the loan so borrowers can compare loans. Lenders are required by law to disclose a card account’s APR. GLOSSARY Applicant is a physical person or a business that responds to an offer for or requests credit (they typically fill out an application). Application is a form filled out by a consumer or business requesting credit. The form asks for various identifying information as well as credit-related information on which the lender, in part, bases its credit decision. Associations are the organizations (VISA and MasterCard) that provide rules, advertising, and settlement services and that promote the card brand for their member financial institutions. A bank must be a member to offer the applicable Association’s credit card services. Membership rights and obligations are specifically defined by the Associations. Attributes are the possible answers to questions asked about the applicant on an application or items of information taken from the credit bureau report. Attrition is the loss of accounts either involuntarily through charge-offs, or death; or voluntarily, at the option or request of the cardholder. Authentication is the process of ensuring that both the card and cardholder are genuine, before a payment transaction is completed. Authorization is the process by which a card issuer approves or declines a payment card transaction. In a card-present environment, the authorization occurs automatically when a card’s magnetic stripe is swiped through a card reader. In a card-not-present environment, the authorization occurs when the card account’s information is submitted online or over the phone. In both instances, the card information is routed to the card issuer through the respective Credit Card Association’s network and then the card issuer’s response is routed back through the same channel. Authorization Code is six-digit alphanumeric code assigned by the card issuer to identify the approval for a specific authorization request. Also referred to as “issuer’s response code,” “authorization approval code,” or “authorization response code.” Authorization Message Within a payment system, any message between a card acceptor and a card issuer serving to establish whether the card issuer approves for a transaction to proceed, is called an authorization message. Authorization Response is an answer to an authorization request, typically a code that advises the acquiring bank or merchant how to proceed with the transaction. Automated Clearing House System (ACH) is one of the group of processing institutions that have networked together to exchange (clear and settle) electronic transactions. Automated Fuel Dispenser (AFD) is a terminal device used to accept payment for fuel at a petroleum service station. Automated Teller Machine (ATM) is an unattended, self-service electronic machine that enables consumers to withdraw paper money or conduct other banking procedures upon insertion of an encoded plastic card, such as a debit or credit card, and entry of a personal identification number (PIN). Available Credit is the amount of unused credit on an account that is accessible for cardholder transactions. Generally it is the credit line amount less the outstanding balance less pending authorizations (holds). It is sometimes referred to as the “open-to-buy.” Backroom Operations are the operational functions that are performed by the acquirer or issuer to facilitate the day-to-day processing of credit card transactions. GLOSSARY Balance Transfer is the process of moving an unpaid credit card debt from one issuer to another. Bankcard is a payment card issued by a bank or other financial institution, such as a MasterCard or Visa card. Bank Identification Number (BIN) is a unique six-digit number assigned by Visa to its member banks to identify each institution for acquiring and issuing processes. The term ICA is used by MasterCard and is similar to a BIN. VISA BINs start with 4, and MasterCard ICAs start with 5. Batch Processing is a type of data processing operation and data communications transmission where related transactions are grouped together and transmitted for processing, usually by the same computer and under the same application. It is generally regarded as non–real-time data traffic comprising large files, as a type of data traffic where response time is not critical. Behavior Scores are results of statistical scoring systems that are often used to increase collection efficiency and decrease collection costs. The system is usually based on internally-derived information about the consumer’s behavior, such as payment history, card usage patterns, and so forth. Billing Cycle is the time (number of days) between billing statements. It is the period between the previous statement date and the current statement date during which both credit and debit transactions are accumulated for billing, usually about 30 days. Billing Descriptor is the way a merchant’s name appears on a cardholder’s credit card statement. In addition to the merchant’s name, the billing descriptor also shows a customer service number. For example: ABC SERVICES 800-111-2345. Billing Statement is the bill (printed record) sent by a card issuer to the customer. It is usually sent monthly and includes, but is not limited to, itemization of activity on the account, including balance, purchases, payments, credits, finance charges, and other account activity. Brand Mark or Mark is the proprietary combination of names, symbols, and colors that visually conveys a brand’s identity and personality. Bust-Out Scams - are cons in which a seemingly legitimate merchant opens a valid account with an acquirer and, after a brief period of normal sales activity, deposits a large number or high dollar amount of fraudulent transactions. Once payment for the transactions is received, the merchant empties its deposit account and disappears. Merchants in bust-out scams often make applications to several acquirers at the same time. Calibration is the process by which a model’s output is converted into the actual rate of the outcome and includes adjusting or modifying for the difference between the expected rate based on the historical database and the actual rate observed. “Call” or “Call Center” Authorization Response request indicates that the card issuer needs more information about the card or cardholder before a transaction can be approved. The merchant is required to call the card issuer’s voice authorization center. It is also called a referral response. Call Referral is a generic term for the “refer to card issuer” authorization response. A call referral indicates that the acquiring bank or merchant must contact the card issuer for further instructions. The card issuer uses the call referral as a fraud prevention tool when it suspects or is attempting to prevent fraud at the point of sale. See also referral call. GLOSSARY Card Acceptance Procedures are the procedures that merchants must follow at a physical point of sale or in a card-not-present environment to ensure that a card and cardholder are valid. Card Acceptor is a merchant or an Automatic Teller Machine (ATM) that accepts a card and presents transaction data to an acquiring bank. Card Acceptor Business Code (MCC) ) is a numerical representation of the type of business in which the card acceptor (merchant) engages. Formerly merchant category code (MCC). Card Account is a credit line for deposit facility accessed by a card issued to a cardholder that enables the cardholder to purchase goods and services or obtain cash. Card Expiration Date is the date after which a payment card is no longer valid. The card expiration date is embossed on the front of all valid payment cards and is one of the card security features that must be checked by merchants to ensure that a card-present transaction is valid. Merchants operating in a card-not-present environment must always ask for the card expiration date and include it in the authorization request. See also: Good Through Date. Cardholder is a person to whom a payment card is issued. Upon the issuance of the card, the cardholder enters into a contract with the card issuer whereby the card issuer agrees to finance the purchases the cardholder has made with the card and to issue a monthly statement with a summary of the transactions that the cardholder has participated in during the billing period. The cardholder, for his or her part, agrees to pay to the card issuer the monthly statement balance or another amount, including all applicable finance charges, as agreed to in the contract. Cardholder Agreement is a written, legal contract between the issuer and the cardholder. It contains the terms of the account and a schedule of various fees. Cardholder Information Security Program (CISP) is a Visa program that establishes data security standards, procedures, and tools for all entities – merchants, service providers, card issuers, and merchant banks – that store Visa cardholder account information. CISP compliance is mandatory. Card Issuer (also called Issuer or an issuing bank) is a financial institution that issues payment cards. The card issuer extends a line of credit to the consumer. Liability for non-payment is then shared by the issuing bank and the acquiring bank, according to rules established by the card association brand. However, the card issuer assumes primary liability for the consumer’s capacity to pay off debts they incur with their card. Card-Not-Present is a merchant, market or sales environment in which transactions are completed without a valid payment card or cardholder being present. Card-not-present is used to refer to mail order, telephone order, and Internet merchants and sales environments. Card Payment System is a payment system supporting payments made by financial transaction cards. Card-Present is a merchant, market or sales environment in which transactions are completed only if both a valid payment card and cardholder are present. Card-present transactions include traditional retail outlets – department and grocery stores, electronics stores, etc. Card-present transactions also include cash disbursements and self-service situations, such as gas stations and grocery stores, where cardholders use unattended payment devices. Card Processor is a party that provides transaction processing and other services for an issuing bank or an acquiring bank. It is an Association member, or an Association-approved non-member acting as the agent of a member, that provides authorization, clearing, or settlement services for merchants and members. Some banks act as their own card processors while other banks use third GLOSSARY parties for card processing (there are card-issuer processors and card-merchant processors, and some third parties are both). Card Security Features The payment card industry defines the card security features as the alphanumeric, pictorial, and other design elements that appear on the front and back of all valid credit and debit cards. It is required that merchants operating in a face-to-face environment check these features when processing a card payment transaction at the point of sale to ensure that a card is valid. Card Utility is the level of a card’s practical usefulness to provide a payment for a product or service. Card Verification Code 2 (CVC2) the three-digit number that is printed on the signature panel on the back of every valid MasterCard card, after the full account number or the last four digits of the account number. The number is generated when the card is issued, by hashing the card number and expiration date under a key known only to the card issuer. The CVC2 is used in card-not- present transactions to ensure that the card is valid. Card-not-present merchants ask the customer for the CVC2 and submit it as part of their authorization request. Card Verification Value 2 (CVV2) is the three-digit number that is printed on the signature panel on the back of every valid Visa card, after the full account number or the last four digits of the account number. The CVV2 is used in card-not-present transactions to verify that the customer has a legitimate Visa card in hand at the time of the order. Card-not-present merchants ask the customer for the CVV2 and submit it as part of their authorization request. Cash Advance is using a credit card to obtain cash (as compared to making a purchase or consuming a service), for instance by using an ATM or a bank branch. There is normally a fee associated with cash advances. Cash Disbursement In the Payment Card Industry cash disbursement is a bankcard transaction involving the payment of cash or travelers checks to a cardholder. In general, only financial institutions are allowed to make cash disbursements. CEBA Bank The term CEBA comes from the enactment of the Competitive Equality Banking Act of 1987 (CEBA) which established conditions for special-purpose credit card banks. A CEBA bank is a special kind of issuing bank. It may only accept time and savings deposits of $100M or more. It is often affiliated with a retailer and offers private label cards for use at the affiliated organization. It may, however, issue general purpose VISA or MasterCard accounts. Characteristics are questions asked on an application, or an informational category on the consumer’s credit bureau report. Chargeback is a transaction that is returned as a financial liability by the card issuer and / or the cardholder to the acquirer and most often to the merchant for resolution after the sale has been settled. It is generated when a cardholder disputes a transaction or when the merchant does not follow proper card acceptance procedures. The issuer and acquirer research the facts to determine which party is responsible for the transaction. If they cannot agree, the Credit Card Association is the final arbiter. If the chargeback is upheld and the merchant cannot or does not cover it, the acquirer must cover it. Chargeback Process is a dispute resolution process that member banks use to determine the responsible party in a chargeback related dispute. This process has three cycles in which the member banks can resolve the dispute themselves. If the members do not resolve the case within three cycles, they must send the case to arbitration. These three cycles are: GLOSSARY • First chargeback (submitted by the card issuer). • Second presentment (submitted by the acquiring bank). • Arbitration chargeback (submitted by the card issuer). Charge Card is a card product with a line of credit that does not revolve (that is, the balance must be paid off each billing period (typically each month)). Charge-Off is the removal of an account from a creditor’s books as an asset. This usually results from delinquency, death, bankruptcy, or similar circumstances. While it indicates that the creditor does not expect the debt to be repaid, it does not mean that the debt no longer exists (that is, the cardholder still owes the debt) or that there will not be further attempts to collect it. Cirrus System Incorporated, a wholly owned subsidiary of MasterCard International Incorporated, operates the international ATM sharing association known as the “MasterCard ATM network,” accepting MasterCard, Maestro, and Cirrus brands. Clearing (also called clearance) is the process of transmitting, reconciling, and, in some cases, confirming payment orders prior to settlement. Co-Branded Card - is a type of card issued through a partnership between a bank and a retail company, such as a large department store. Usually, the attraction of the card is special deals with the retailer or rebates. The intent is to promote the retailer’s product and increase the bank’s receivables. Code 10 Call is a call made by a sales associate to the merchant’s voice authorization center when he or she is suspicious about the validity of the card or of the legitimacy of the cardholder. The term “Code 10″ is used so calls can be made without arousing suspicion while the cardholder is present. The sales associate will be routed to the card issuer’s call center, where he or she will be asked to answer, with a “yes” or “no”, a series of questions to determine the legitimacy of the transaction. Upon reaching a conclusion, the sales associate will be given instructions on how to proceed. Convenience Checks are instruments that are used like a personal check but are linked to the consumer’s credit card account. They are checks drawn on the issuing institution for the purpose of transferring account balances from another financial institution or for transactional purposes. Convenience Users are cardholders who pay their balance in full on or before each payment due date. This type of user is often referred to a transactor. Credit Bureau (also known as credit reporting bureaus or credit reporting agencies) are companies that collect and sell vital information about how consumers manage their credit. Each bureau issues a credit report that details how the consumer manages his or her debts and makes payments, how much untapped credit the consumer has available, whether the consumer has applied for any loans, whether any financial matters of public record exist, and so forth. Reports are made available to the individuals and to creditors who claim to have a legitimate, permissible purpose to inquire about the creditworthiness of the consumer. The three major credit reporting bureaus in the United States are Equifax, Experian, and Trans Union. Copy Request Transaction copy request, or simply copy request, is a request by a card issuer to a merchant bank for a copy of a sales receipt for a disputed transaction. If the merchant bank stores the transaction receipts that their merchants generate, the bank will fulfill the copy request. If, however, the merchant stores its own transaction receipts, the merchant bank will forward the copy request to the merchant. The merchant then must produce a legible copy of the transaction receipt GLOSSARY and submit it to the merchant bank within a certain time frame. A copy request is also known as a retrieval request. Credit Card is a plastic card bearing an account number assigned to a cardholder with a credit limit that can be used to purchase goods and services and to obtain cash disbursements on credit, for which a cardholder is subsequently billed by the card issuer for repayment of the credit extended at once or on an installment basis. Credit History is a record of a person’s credit profile including debt payments and other relevant financial information such as collections and public records. It is a compilation of a consumer’s use and pay-back of credit. Credit Limit is the dollar amount assigned to an account as the ceiling of credit disclosed to the consumer that the consumer is approved to borrow. Credit Loss is the amount lost (charged off) as a result of failure of the cardholder to pay the amount owed on the account. Credit Receipt is a receipt that documents a refund or price adjustment a merchant has made or is making to a cardholder’s account. A credit receipt is also known as a credit voucher. Credit Report is a full history of information within a consumer’s credit file at the credit bureau that includes identification information, current and historical account performance, collection activity, public records (bankruptcy, tax liens, and so forth), and records of other credit inquiries. Credit Reporting Agencies (also known as credit reporting bureaus or simply credit bureaus) are companies that collect and sell vital information about how consumers manage their credit. Each agency issues a credit report that details how the consumer manages his or her debts and makes payments, how much untapped credit the consumer has available, whether the consumer has applied for any loans, whether any financial matters of public record exist, and so forth. Reports are made available to the individuals and to creditors who claim to have a legitimate, permissible purpose to inquire about the creditworthiness of the consumer. The three major credit reporting agencies in the United States are Equifax, Experian, and Trans Union. Credit Score is the result of a calculation based on a consumer’s credit history that is intended to predict future credit performance for that consumer. It is a numerical estimation of the likelihood that the consumer will meet his or her debt obligations. Cross-Border Transaction - is any transaction on a payment card in which the country code of the merchant differs from the country code of the cardholder. Debit Card is a payment card used to initiate a debit transaction. In general, these transactions are used primarily to purchase goods and services and to obtain cash, for which the cardholder is accessing funds from a personal checking or savings account rather than drawing on credit. Debit Transaction is a transaction initiated when a card is presented as payment for goods and services or at an Automated Teller Machine (ATM) for cash withdrawals. The transaction amount is automatically deducted from the cardholder’s checking or other bank account. Delinquency Bucket is a compartment (usually for reporting purposes) that is identified by a delinquency (past due) stage (for example, 1 to 29 days past due, 30 to 59 days past due, and so forth). Disclosure is the process of conveying information about the merchant’s policies for merchandise returns, service cancellations, and refunds. The procedures vary for card-present and card-not- present merchants, but in general, disclosure must occur before a cardholder signs a receipt to complete the transaction. GLOSSARY Discount Rate is the fee, as a percent of sales volume, that an acquirer charges a merchant for processing sales transactions. This is also referred to as the merchant discount. Be advised that the term “discount rate” is used in banking for other purposes as well (for instance, when referring to a certain borrowing rate from the Federal Reserve Bank). “Doing Business As” (DBA) is a merchant’s legal business name as differentiated from the names of a company’s principals or other entity that owns or manages the business. DBA is the business name that must appear on the merchant’s billing descriptor, which in turn will be the name that will appear on a cardholder’s monthly statement. A DBA that is not clearly recognizable to cardholders can lead to potential transaction copy requests and chargebacks. Dove Hologram The dove hologram is a three-dimensional hologram of a dove in flight that appears on all valid Visa cards. When the card is tilted back and forth, the dove should appear to “fly.” The dove hologram is one of the card security features that merchants should check to ensure a card-present transaction is valid. Dual-Branding is an arrangement in which the payment card offered carries two card brands (for example, Visa and American Express, MasterCard and Diners Club, and so forth). E-commerce Transaction - is a non-face-to-face payment for goods or services by use of electronic media over a public network (such as the internet) or private network (such as an extranet). Electronic Benefits Transfer (EBT) is the electronic delivery of government benefits using plastic cards. Electron Card is a Visa International debit card that is currently accepted, but not issued in the United States and can only be used for card-present transactions. Electron cards have slightly different security features than other Visa cards: the front of the card contains an Electron rather than dove hologram, and the 16-digit account number is printed, not embossed. Electronic Commerce is the exchange of goods and services for payment between the cardholder and merchant when the transaction is performed (completely or partially) via electronic communication. Electronic Data Capture (EDC) is the process when a merchant swipes a credit card through an electronic card reader or terminal. The information (data) on the card’s magnetic stripe is entered into (captured in) the processor’s database electronically, hence the term electronic data capture. Electronic Draft Capture (EDC) is a system in which the transaction data is electronically captured at the merchant location for authorization and clearing processing. Electronic Funds Transfer (EFT) is a paperless transfer of funds initiated from a terminal, computer, telephone instrument, or magnetic tape. Electronic Funds Transfer System (EFTS) is an electronically based system designed to eliminate the paper instruments that are normally associated with fund movement. For example, a cash withdrawal from an ATM that eliminates the check. Electronic Point of Sale is a point-of-sale merchant equipped with electronic equipment for pricing and recording transactions, but not necessarily incorporating functions for electronic funds transfer (EFT). Embossed Number is the 16-digit account number that appears in raised print on the front of all valid major cards. The embossed number is one of the card security features that should be checked by merchants to ensure that a card-present transaction is valid. GLOSSARY Emergency Card Replacement Service (ECR Service) is the MasterCard worldwide service designed to provide temporary cards to all MasterCard cardholders that do not have their cards in their possession. This card is issued to a cardholder that needs a temporary replacement card sooner than the typical five to 10 days that it takes to get a permanent card. Financial Institution is any commercial bank, federal or state savings and loan association, federal or state savings bank, or credit union. Exception are items or occurrences that are outside of the bank’s policy guidelines or that do not fit the established rules or judgment criteria. Exception File is a list of lost, stolen, counterfeit, fraudulent, or otherwise invalid account numbers kept by individual merchants or their third-party payment processors. The exception file should be checked as part of the authorization process, particularly for transactions that are below a merchant’s floor limit. Factoring In the payment card industry, factoring refers to a form of fraud where a merchant creates false sales transactions, inflates the sales amount, or alters the sales drafts to improperly receive funds from the issuer. The acquirer is then responsible for any remaining chargebacks. Fedwire is the Federal Reserve Bank’s (FRB) nationwide, real-time gross settlement electronic funds and securities transfer network. It is a credit transfer system. Each funds transfer is settled individually against an institution’s reserve or clearing account on the books of the Federal Reserve. The issuing bank pays the Associations using Fed wire. To use Fedwire, a bank must hold an account at the FRB and settlement is drawn from the account. The issuing bank makes the payment by sending a message over Fedwire that authorizes the FRB to electronically debit the bank’s FRB account for the net settlement amount and transfer the funds to the settlement bank. The transfers are essentially instantaneous. The settlement bank then pays the merchant bank using Fedwire. Finance Charges In the payment card industry, finance charges are charges for using a credit card that are comprised of interest costs and other fees. Firewall is a security tool that blocks access from the Internet to files on a merchant’s or third- party processor’s server and is used to ensure the safety of sensitive cardholder data stored on a server. First Chargeback is a procedure in which a card issuer charges all or part of the amount of an interchange transaction back to the acquiring bank. First Payment Default occurs when a new cardholder fails to make the first payment due in a timely manner. Floor Limit is per-transaction amount, above which authorization is required. It is a dollar amount set by the acquirer, in accordance with Visa and MasterCard rules, above which the merchant must obtain authorization. There are normally two types of floor limits: • A standard floor limit where transactions above the limit require an authorization request and which varies by merchant type and • A zero-floor limit where all transaction amounts require an authorization request. All card-not- present transactions have a zero-floor limit. Floor limits are stated in the merchant processing agreements. “Flying V” is the stylized, embossed “V” located to the right of the “Good Thru” date on all valid Visa cards. The “flying V” is one of the card security features that should be checked by merchants to ensure that a card-present transaction is valid. GLOSSARY Fraudulent Merchant is a retailer, or any other person, firm, or corporation that agrees to accept credit cards, debit cards, or both, and engages in an unauthorized transaction occurring on any of the cards. Future / Delayed Delivery are sales transactions associated with conveyance of the products or services sometime after the date of purchase (that is, in the future). Examples include airline tickets, concert tickets, and travel / tour packages. Good Through Date (also written Good Thru date) is the date after which a payment card is no longer valid, embossed on the front of all valid cards. The Good Through date is one of the card security features that should be checked by merchants to ensure that a card-present transaction is valid. See also: Card expiration date. Grace Period is the interest-free period of time allowed by a lender. The standard grace period is usually between 20 and 30 days. If there is no grace period, finance charges start accruing the moment a purchase is made with the credit card. Consumers who carry a balance on their credit cards generally do not have a grace period for those cards (meaning that finance charges are accrued from the date of the charge, not from the end of the finance charge grace period). Guaranteed Reservation is the use of a card account number to reserve accommodations at lodging merchants. For the cardholder, such reservations include a late arrival provision, penalties if cancellation rules are not met, and a provision for unavailable rooms upon arrival. Guest Folio is a lodging merchant’s guest record that contains the cardholder’s transaction information, including check-in and departure dates, rate, anticipated length of stay at check-in time, applicable charges, and taxes. The check-in date and the dated amount and authorization approval code of each authorization must be included on the folio if not on the sales draft. Hawk Alert is a potential negative indicator on a credit report. There are several types of Hawk Alerts. For example, there is a Fraud Alert type of Hawk Alerts, where the consumer places an alert on his or her credit report, advising that all potential issuers of credit must contact him or her at the phone number on the credit report before extending credit. There are also credit bureau-related Hawk Alerts, such as when the input Social Security Number (SSN) is associated with a deceased person, or the input SSN has not been issued, etc. All must be addressed and resolved. High-Risk Chargeback Monitoring Program (HRCMP) - is a Visa program that notifies merchant banks when a high-risk merchant has a chargeback-to-transaction rate of over one percent. Fines of $100 per chargeback are imposed until the merchant reduces chargebacks to acceptable levels. See also: High-Risk Merchant. High-Risk Merchant - is a merchant that is at a high risk for chargebacks due to the nature of its business. As defined by Visa and MasterCard, high-risk merchants include direct marketers, travel services, outbound telemarketers, inbound tele-services, and betting establishments. High-Side Override - is the declining of credit to an applicant that scores above the cut-off score. Holdback (better known as reserve) is the process by which an acquirer holds back (retains) a certain percentage of the merchant’s sales deposits to serve as a reserve against future chargeback exposure or to cover existing chargebacks. Impairment occurs when, based on current information and events, a bank will likely be unable to collect all amounts (principal and interest) according to the contractual terms of the original loan agreement. GLOSSARY Independent Sales Organization (ISO) is an organization or individual that is not an Association (Visa or MasterCard) member but that has a bankcard relationship with an Association member that involves acquiring or issuing functions such as the ISO soliciting merchant accounts, arranging for terminal purchases or leases, providing customer service, and soliciting cardholders. An ISO is sometimes referred to as a Member Service Provider (MSP), although their definitions are not always synonymous. The acquirer must register all ISO / MSPs with the applicable Association. In-Flight Commerce - are transactions such as shopping or gaming activity that a cardholder initiates during a flight. In MasterCard applications, these transaction types also are referred to as Cardholder- Activated Terminal (CAT) Level 4. Interchange is the exchange of transaction information and money between acquiring and issuing institutions participating in a payment network and in accordance with the Associations’ by-laws and rules. It is the electronic infrastructure that processes financial and non-financial transactions between financial institutions. Interchange Fees are fees paid by one bank to another to cover handling costs and credit risk in a card transaction. Also referred to as the interchange rate, it is usually a percentage of the transaction amount and is derived from a formula that takes into account authorization costs, fraud and credit losses, and the average bank cost of funds. The interchange fee is typically set by the Associations (Visa and MasterCard). It is normally extracted from the merchant discount by the acquiring bank and paid to the separate issuing bank to compensate it between the time of settlement with the acquiring bank and the time of payment from the cardholder. Interchange Program is a program that reimburses card issuers for specific costs related to an incoming interchange transaction. These costs include processing costs, financial carrying costs, and risk costs. Interchange fees are payable to the card issuer by the acquiring bank. Internet Protocol Address (IP) is a unique number that is used to represent individual computers in a network. All computers on the Internet have a unique IP address that is used to route messages to the correct destination. Introductory Rates Introductory rates are short-term, temporary interest rates that are also known as a promotional rates or teaser rates. Issuers are financial institutions that supply (issue) cards to cardholders for use in payment transactions. They hold and maintain the cardholder relationship. Key-Entered Transaction is a transaction that is manually keyed into a point-of-sale (POS) device. Laundering In the payment card industry, laundering is a form of merchant fraud that occurs when a merchant submits drafts for another merchant. The merchant account holder typically is compensated for submitting the unauthorized merchant’s business by receiving a percentage of their sales volume. Laundering is a federal offense. In addition, several states’ criminal statutes and Association operating regulations prohibit laundering. Layering is the inappropriate practice of recording more than one amount for the same probable loan loss in the allowance. Loss Contingency is an existing condition, situation, or set of circumstances that involves uncertainty as to possible loss that will be resolved when one or more future events occur or fail to occur. Loss Seasoning Curves is a term used to describe the normal migration of losses on accounts as they age. This curve assumes losses remain minimal from origination to a few months after GLOSSARY origination, steadily increase in volume, and then eventually level off. The loss seasoning curve varies between products, such as between prime and sub-prime products. Low-Side Override - is the approving of credit to an applicant that scores below the cut-off score. Magnetic Stripe is a strip of magnetic tape on the back of all payment cards that is “read” when a card is swiped through a point of sale (POS) terminal. The stripe is encoded with account information. On a valid card, the account number on the magnetic stripe matches the embossed number on the front of the card. Mail Order / Telephone Order (MO / TO) is a merchant, market, or sales environment in which mail or telephone sales are the primary or a major source of income. Such transactions are frequently charged to customers’ payment card accounts. MasterCard Payment Gateway (MPG) is a gateway hosted by MasterCard and used for routing and settling commercial electronic payments between buyers and suppliers. MasterCard SecureCode is a program supporting cardholder authentication and guaranteed payments over the internet for MasterCard and Maestro transactions. MATCH is a short name for Member Alert To Control High Risk Merchants. It is a national database of merchants and their principals that have been terminated for cause or that have made multiple applications for merchant accounts. The file is maintained by the Associations (Visa and MasterCard), based on information reported by acquirers. Member is an organization that is a member of Visa or MasterCard and which issues payment cards or signs merchants, or does both. Member Service Provider (MSP) are entities or individuals that are not Association (Visa or MasterCard) members but are registered with the Association to provide card program services to a member. Merchant are sellers of goods, services, and / or other information who accept credit cards as payment for these items. They have signed a merchant agreement to honor credit cards and display the service mark (logo). Merchant Agreement is the contract between a merchant and a merchant bank under which the merchant accepts payment cards for payment of goods and services, and agrees to abide by certain rules governing the acceptance and processing of payment card transactions. Merchant agreements may stipulate merchant liability with regard to chargebacks and may specify time frames within which merchants are to deposit transactions and respond to requests for information. Merchant Authorization is the sales validation for the merchant, by telephone or authorization terminal, to guarantee payment to the merchant. Merchant Bank is a financial institution that enters into agreements with merchants to accept payment cards as payment for goods and services. Merchant banks are also called acquirers or acquiring banks. Merchant Category Code (MCC) are universal, four-digit numbers that are assigned by the acquiring bank and identify a merchant by its primary line of business. There are several hundred MCCs used. Merchant Chargeback Monitoring Program (MCMP) is a Visa program that alerts merchant banks when one of their merchants has a chargeback-to-transaction rate of over one GLOSSARY percent. Merchants then work with the bank to reduce their chargeback rates to acceptable levels. Failure to reduce chargebacks can result in fines for a merchant. Merchant Identification (ID) Number is unique number assigned by the acquirer to identify the merchant. Merchant Processing is the routing of electronic transmissions from merchants through the payment network for clearing and settlement. It is a separate and distinct business line from credit card issuing. Merchant processing activity is, for the most part, off-balance sheet and involves gathering sales information from the merchant, collecting funds from the issuing bank, and paying the merchant. Various third parties may be involved. Migration Analysis is a common method used by management to evaluate the adequacy of allowances for loan losses. It segregates the credit card portfolio into delinquency buckets in order to determine the amount of receivables that roll through each delinquency bucket and progress to charge-off. Minimum Payment is the smallest amount a cardholder can pay to meet the terms of the account agreement and keep the account from going into default. Monoline Credit Card Bank are banks that mainly focus on the business of credit cards and don’t have significant other banking operations. Negative Amortization occurs when the cardholder’s account balance grows (excluding purchase activity) despite the cardholder making the minimum payment as agreed to in the cardholder agreement. Non-Delivery exposure (NDX) - is the time frame from when a merchant charges a customer’s credit card, until the point that the customer receives the product or service in its entirety. So, if a customer pays for an annual magazine subscription in full and in advance, the NDX is twelve months. Offline Operating Mode is an operating mode in which a card acceptance device is not connected to a central computer source. Responses are governed by the parameters or guidelines set within the terminal or supporting device as defined by the card issuer. The accessibility of information is not in a live environment, meaning that current active files are not being viewed during the time the transaction is conducted. Online Operating Mode is an operating mode in which a card acceptance device is connected to a central computer system and has access to the database for authorization, inquiry, and file changes. Live files are accessed for each transaction. For authorization, an operating mode in which member banks are directly connected to the card network via a MIP or their host computer. Live files are accessed for each transaction. Over-Limit exists when the account’s balance is beyond its credit limit. One or any combination of purchases, cash advances, fees, and finance charges could cause an account to become over-limit. Override are decisions that are contrary to the decisions recommended by the scorecard or by the usual, approved judgmental evaluation process. Paper-Based Transaction - is a cardholder transaction for which the merchant imprints the credit card and submits a paper sales draft to the acquirer for collection. The paper draft is sent to the processing center where it is processed and transferred to magnetic tape for transmission through interchange. GLOSSARY Pay-Ahead Program - programs allow cardholders to skip a payment or payments based on the excess of the remitted payment in one month being applied to one or more future months. They are also known as pre-payment programs. Payment Gateway is an eCommerce application that provides services to Internet merchants for the authorization and clearing of online payment card transactions. It is the equivalent of a physical point-of-sale (POS) terminal located in most retail outlets. Payment gateways encrypt sensitive information, such as credit card numbers, to ensure that information passes securely between the customer and the merchant. Payment Hierarchy is the order in which the cardholder’s payment is applied to fees, purchases, and other charges. Payment Holiday Program enable cardholders to defer their minimum monthly payments. These programs are normally used during high purchasing periods such as holidays or peak vacation periods and are also known as skip payment programs. Penalty Pricing is pricing that is higher than a card’s standard rate and that goes into effect as a result of adverse activity, such as for late payment or for otherwise not abiding by the cardholder agreement. Personal Identification Number (PIN) is a four- to 12-character alphanumeric code that enables a card issuer to authenticate the cardholder to approve an ATM or terminal transaction occurring at a point-of-sale (POS) terminal. Pick-Up Response - is an authorization response instructing a card-present merchant to refuse a transaction and recover the card. In all circumstances, card recovery should only be attempted if it can be done by reasonable and peaceful means. Point of Interaction (POI) is the location where a transaction occurs (also known as point of sale or point of service). Point of Sale (POS) is the location where a transaction occurs (also known as point of interaction or point of service). Point-Of-Sale (POS) Terminal is an electronic device used for authorizing and processing payment card transactions at the point of sale. Point-of-Sale System - is an electronic system that accepts financial data at or near a retail location and transmits that data to a computer or authorization network for reporting activity, authorization, and transaction logging. Point-of-Sale Transaction - are face-to-face transactions in which the cardholder uses the physical card at a merchant’s physical place of business. Prepaid Card Prepaid card is a card that stores value and is used instead of cash to pay for a single service, such as pay telephones or public transportation. It cannot be reloaded and is a throw- away or collector card. Pre-Payment Program - allow cardholders to skip a payment or payments based on the excess of the remitted payment in one month being applied to one or more future months. They are also known as pay-ahead programs. GLOSSARY Printed Number is a four-digit number that is printed below the first four digits of the embossed number on all valid MasterCard and Visa cards. The printed number should begin with a “5″ for all MasterCard cards and with a “4″ for all Visa cards and be the same as the first four digits of the embossed number. The printed number is one of the card security features that merchants should check to ensure that a card-present transaction is valid. Processing generally refers to activities that do not involve customer contact or risk management. For example, transaction authorization and cardholder billing are considered part of processing. Activities that generally involve customer contact and risk management (such as customer service and credit review) are considered servicing, not processing. Processing is commonly labeled as front- end processing and back-end processing. Transaction authorization and routing transactions from the point-of-sale to the network are examples of front-end processing while handling the information and payment flows needed to convert the electronic transaction record into cash for the merchant are examples of back-end processing. Processing Fee is a compensation paid by card issuers or acquirers to a financial network organization for processing interchange transactions according to the business agreements established by that financial network. Fees are determined by each transaction type for issuers and acquirers participating within each individual financial network. Processor is a bank member of Visa or MasterCard, or an approved non-member acting as the agent of a member bank, that provides authorization, clearing, or settlement services for merchants and member banks. Promise Kept are the amounts of payments made by cardholders as compared to the amount of payments promised by those cardholders. This could also be measured by number of payments made compared to number of payments promised. Promise to Pay are the amounts of payments that cardholders promise to pay as a result of the bank’s collection activities. This can also be measured as a count (compared to a dollar volume). Promotion Code is a code assigned by the card issuer to identify transactions that apply to a promotional program run by the issuer to encourage card use. Promotional Rate is a short-term, temporary interest rate. It is also known as an introductory rate or teaser rate. Proprietary Card is a type of card that financial institutions or other organizations issue using the logo of the issuer instead of a national service mark or logo (such as MasterCard or Visa). A proprietary card allows the cardholder to access a credit or deposit account using ATM or POS terminals. Purchase In the credit card industry, purchase is a financial transaction, if approved, in which funds are debited from an issuer and credited to an acquirer in payment for goods or services. Purification is the practice of reversing uncollectible accrued fees and finance charges against earnings rather than accounting for them as charge-offs against the ALLL. Purification results in lower charge-off ratios when the accrued and unpaid fees and finance charges are included in the outstanding principal balance (denominator) yet the charged-off uncollectible accrued fees and finance charges are not included in the charge-off number (numerator). Quick Payment Service (QPS) is a MasterCard program targeting cash and convenience- oriented merchant segments, for example, fast food chains, movie theaters, and parking lots. GLOSSARY Re-Aging is the returning of a delinquent, open-end account to current status without collecting the total amount of principal, interest, and fees that are contractually due. Certain requirements must be met to be able to re-age an account. Recourse arises from an arrangement in which a bank retains, in form or in substance, the credit risk in connection with an asset sale, if the credit risk exceeds a pro-rata share of the banks claim on the assets. Examples of recourse include off-balance sheet contractual agreement to repurchase assets, spread accounts, cash collateral accounts, retained subordinated certificates, and retained subordinated IO strips. Recoveries are monies collected on an account after it has been charged-off. Recovery usually results from action taken by the collection department and may include legal action or agency referrals. Recurring Payment Plans exist when multiple transactions are processed at predetermined intervals, as a result of an agreement for the purchase of products or services that are provided over time. A cardholder authorizes a merchant to charge his or her payment card on a regular basis (usually monthly, but it can be at other intervals) for a period of time, however the interval between any two consecutive transactions cannot exceed one year. The transaction amount can be fixed or it can vary. Refreshed Credit Scores are credit scores that have been updated (after origination) to reflect changes in the consumer’s profile that may have occurred since the original credit score was recorded. Refund is the opposite of a purchase transaction, namely, the cardholder returns goods to the merchant and is credited for their value. Positive interchange and merchant service charge are reversed. Reissue is the process of preparing and distributing new credit cards to cardholders whose cards have expired or will soon expire (if the bank has determined that it will renew the relationship). It also encompasses supplying replacement cards to cardholders for lost or stolen cards. Reject Inferencing are specific inferences made by management about rejected applicants in order to determine if the applicants would have been a good or bad credit risk. Re-presentment is a chargeback that is rejected and returned to a card issuer by a merchant bank on the merchant’s behalf. A chargeback may be re-presented, or re-deposited, if the merchant or merchant bank can remedy the problem that led to the chargeback. To be valid, a re-presentment must be in accordance with regulations established by the Credit Card Associations. Residual Interest refers to any on-balance sheet asset that represents an interest (including a beneficial interest) created by a transfer that qualifies as a sale of financial assets, whether through a securitization or otherwise, and that exposes a bank to any credit risk directly or indirectly associated with the transferred asset that exceeds a pro-rata share of that bank’s claim on the assets, whether through subordination provisions or other credit enhancement techniques. Residual interests do not include interests purchased from a third-party, except for credit-enhancing IO strips. Retail Banking is the part of a bank’s operations providing services at its branches for small or individual account holders. Retail Sale Transaction is the purchase of goods, services, or both, generally at a merchant establishment. GLOSSARY Retrieval Request are requests for a copy of the original sales draft from the merchant. Issuers request a copy of the sales draft to verify features of the transactions such as a signature, no imprint, cardholder inquiry, or fraud analysis. Retrieval requests usually precede a chargeback. Failure by a merchant to follow through with the retrieval request may, in and of itself, result in a chargeback. Retrieval requests are also known as inquiries. Revolver are cardholders who roll over part of the outstanding balance to the next month instead of paying the balance in full. Risk-Based Pricing - is the practice of charging different rates on the same type of loan to different consumers, depending on each consumer’s credit score and other factors which are believed to influence the likelihood of repayment. In risk-based pricing, consumers who are more likely to default are priced higher (with the intention that they would then be helping to pay for costs they cause the company), while consumers who have better repayment records get lower interest rates because they are not anticipated to create as many costs to defray. Roll-Rate is the percentage of balances or accounts (units) that move from one delinquency stage to the next delinquency stage. They measure the rate that accounts (units) or balances move (roll) to the next level of delinquency and are used in migration analysis. Sales Receipt is the paper or electronic record of a payment card transaction that a merchant submits to a merchant bank for processing and payment. In most cases, paper sales receipts are generated by a merchant’s point-of-sale (POS) terminal. When a merchant fills out a sales receipt manually, it must include an imprint of the front of the card. Scoring is the assignment of points to specific items of information to predict an outcome. The information is normally drawn from the application, internal performance, or a credit report. Scoring usually involves statistical modeling and is intended to help creditors accurately establish business and financial objectives and control levels of risk. Securitizing is the process of packaging a good or product, such as credit card receivables, and transforming it into securities. Segmentation is the process of parceling or stratifying the portfolio into various homogenous groups for closer analysis. Self-Service Terminal - is a customer activated terminal, especially one including the functions both of delivering and paying for goods (for example, in an automatic fuel vending system). Settlement As the card sales transaction value moves from merchant to acquiring bank to issuer, each party buys and sells the sales ticket. Settlement is what occurs when the acquiring bank and the issuer exchange funds during that process. On more technical terms, it is the final, irrevocable transfer of funds between parties in a payment system. (This should not be confused with the term settlement as used to refer to a debt forgiveness situation.) Signature Panel is the panel for cardholders’ signatures on the back of all valid payment cards. Payment cards are not valid without signature. The signature panel is one of the card security features that merchants should check to ensure that a card-present transaction is valid. The different major card companies and associations place various data on the signature panel. Visa, MasterCard and Discover, for example, place their card security codes in or immediately next to the panel. Skimming is the replication of account information encoded on the magnetic stripe of a valid payment card and its subsequent use for fraudulent transactions in which a valid authorization occurs. The account information is captured from a valid card and then re-encoded on a counterfeit GLOSSARY card. The term “skimming” is also used to refer to any situation in which electronically transmitted or stored account data is replicated and then re-encoded on counterfeit cards or used in some other way for fraudulent transactions. Skip Payment Programs enable cardholders to defer their minimum monthly payments. Normally these programs are instituted by management during high purchasing periods such as holidays or peak vacation periods. They are also known as payment holiday programs. Split Sales occur when two or more sales receipts are issued for the purchase of a single item, using a single cardholder account, in order to avoid authorization limits. Split sales are prohibited by the Credit Card Companies and Associations. Split Tender is the use of two forms of payment, or legal tender, for a single purchase. For example, when buying a big-ticket item, a cardholder might pay half by cash or check and then put the other half on his or her credit card. Individual merchants may set their own policies about whether or not to accept split-tender transactions. Store Card is a type of payment card that is associated with a particular retailer or group of retail stores and can be used only for purchases from that retailer or group of stores. Sub-Prime are exhibiting characteristics that indicate a significantly higher risk of default than traditional bank lending customers. Risk of default may be measured by traditional credit risk measures (credit history, debt to income levels, and so forth) or by alternative measures such as credit score. Teaser Rate is an initial offering of an interest rate lower than the normal stated rate charged to a cardholder. The issuer’s strategy is to attract an interest-sensitive borrower and run up the borrower’s balance quickly by offering easy transfer of existing credit card balance from other institutions. A teaser rate is also known as an introductory rate or promotional rate. Third-Party Processor - is an organization that is not a member of Visa or MasterCard and that performs transaction authorization and processing, account record keeping, and other day-to-day business and administrative functions for card issuers and merchant banks. Transaction is the act between a cardholder and merchant that results in the sale of goods or services. Unexpected Loss is the potential for actual loss to exceed the expected loss and is a measure of the uncertainty inherent in the loss estimate. It is this possibility for unexpected losses to occur that necessitates the holding of capital protection. Universal Default occurs when a lender changes the terms of a loan from the original terms to the default terms when it is informed that its borrower has defaulted with another lender. Unsigned Card is a seemingly valid payment card that has not been signed by the legitimate cardholder. Merchants cannot accept an unsigned card until the cardholder has signed it. As an additional fraud prevention measure in a card-present environment, the signature should be checked against a valid government identification, such as a driver’s license or a passport. Usury is the interest charged in excess of the legal rate established by state law. Utilization is the portion of the credit limit that is being used. For example, if a card has a credit limit of $1,000 and its balance is $300, utilization is 30%. Valuation Allowance is, in general, an account established against a specific asset category or to recognize a specific liability, with the intent of absorbing some element of estimated loss. Such allowances are created by charges to expense in the Report of Income, and those established against GLOSSARY asset accounts are netted from the accounts to which they related for presentation in the Report of Condition. Verified by Visa is a Visa payment authentication system that validates a cardholder’s ownership of an account in real-time during an online payment transaction. When the cardholder clicks “Buy” at the checkout page of a participating merchant website, a Verified by Visa screen automatically appears in the cardholder’s browser. The cardholder enters a password that allows the card issuer to verify his or her identity. Vintage is the date (time period) a cardholder’s account originated. Visa ReaderCleaner is a specially treated card that effectively removes dirt, magnetic oxides, and other contaminants from concealed magnetic heads in Point of Sale (POS) terminals. The heads should be kept clean so that Visa cards can be swiped and their magnetic stripes read quickly and easily, thus avoiding key-entered transactions. VisaNet Processor is a processor directly connected to VisaNet. See also: Processor. Voice Authorization is an authorization obtained by calling a voice authorization center. Voice Authorization Center is an operator-staffed center that handles telephone authorization requests from merchants who do not have electronic point of sale (POS) terminals or whose electronic terminals are temporarily not working, or for transactions where special assistance is required. Voice authorization centers also handle manual authorization requests and Code 10 calls. Warehouse Facility is the borrowing of funds by a retail lender on a short-term, revolving basis using the loans as collateral. This form of interim financing is used to raise funds to make the loans and carry the loans until they are securitized (packaged and sold out of the warehouse to the investor). Proceeds from the sale are then used to reduce the warehouse loan.