In the previous article, we provided Fundamentals of Payment Systems. Let’s take a look at the basic definitions used in payment systems.
Definitions
Acquirer Bank
The bank to which the virtual POS is connected to receive the payment is the bank of the POS.
Issuer Bank
The issuing bank is the bank of the card.
BKM is an association founded in 1990 with the partnership of 13 public and private Turkish banks. The activities of the Interbank Card Center (BKM) are to create, operate, and develop systems, platforms, and infrastructures that enable or support all kinds of payments or money transfers without using cash within payment systems. The main activities of BKM include developing the procedures to be applied among the banks involved in credit card and debit card applications, making decisions by conducting studies to ensure standardization, establishing domestic rules with applications throughout Turkey, conducting the settlement between banks, establishing relations with foreign institutions and commissions and representing its members in these institutions when necessary, conducting the transactions currently carried out by each bank from a single center in a safer, faster and less costly manner.
On-us
On-us payments are made when the issuing and acquiring banks are the same. Another reason merchants want to buy virtual POS from many different banks, besides making installments, is to increase the on-us payment passing rate for single payments and reduce costs.
Not-on-us
When the issuing and acquiring banks differ, these payments are called Not-on-us payments. Since Not-on-us payments are subject to settlement between banks through the BKM clearing system, the cost of clearing commission is determined by the BKM. For this reason, banks generally apply a higher commission rate to merchants for Not-on-us payments.
BIN (Bank Identification Number) / IIN (Issuer Identification Number):
The card’s first 6 or 8 digits, formerly called BIN and now called IIN. There are many card families (e.g., Bonus, Shop&Fly, Paracard, …) of a bank (e.g., Garanti BBVA Bank). Each card family has several BIN/IIN numbers (e.g., Bonus credit card has BIN/IIN numbers 404308, 426886, 52895614, …). Through BIN/IIN, you can determine the following information:
- code and name of the issuing bank (e.g., 62 – Garanti BBVA Bank)
- card family/card brand (e.g., Bonus)
- card issuer [Visa, MasterCard, American Express, Troy, …] (e.g., Visa)
- card type [Credit Card, Debit Card, Prepaid Card] (e.g., Credit Card) and whether the card is personal or commercial.
The BIN/IIN list is essential as this will direct payments to the virtual POS of the relevant bank. In addition, regular BIN/IIN lists can be used to distinguish between credit cards, debit cards, and prepaid cards. In this way, for example, you can understand that the card entered by the user is a bank card, show the type/organization and logo of the card, hide the installment options, and make 3D Secure mandatory for the user (Remember that the installment transactions cannot be made with debit cards, 3D Secure is compulsory primarily). Craftgate regularly receives and updates the BIN/IIN list from BKM and Banks and provides BIN Inquiry Service for you to inquire about the following information.
Cardholder
The person who legally owns the card and whose name is written on the card.
POS (Point of Sale)
Electronic payment-receiving devices which banks provide to the merchants due to their agreements. These devices accept payment by credit card, debit card, and prepaid card.
Virtual POS (VPOS)
The virtual version of the physical POS device. Software that the merchant sends and receives payment requests for online payments.
Provisioning / Authorization (Post-auth)
In the simplest terms, it is an electronic withdrawal of money from a card. The successful conclusion of a withdrawal transaction is when the withdrawal is transmitted to the bank via physical POS or virtual POS, and the bank responds positively.
Pre-Authorization (Pre-Auth)
A transaction that does not withdraw money from the card but blocks the relevant amount. For example, when a provision of 100 TRY is made, 100 TRY is withdrawn from your card, and your card limit decreases by 100 TRY. But, when pre-authorization is made, the money is not withdrawn. It is only blocked, and your limit decreases by 100 TRY. It checks whether the user has sufficient limits for security reasons, pre-orders, etc. If the pre-authorization process succeeds, it can be converted to a post-authorization withdrawal. If no transactions are made after pre-authorization, the block on the amount is removed, and the card limit is restored within 7-10 days, depending on the bank.
Luhn Algorithm
It is a mod-10 algorithm used to determine the correctness of the entered card number. You will not pass this algorithm if you miss even one digit of the card number. Before sending a payment request to the bank, the Luhn algorithm should be checked, and the bank should not be requested unnecessarily for an incorrectly entered card number.
PIN (Password)
A numeric value stored on the card’s chip or magnetic stripe area and entered by the cardholder to authenticate themselves.
CVC, CVV, CVV2
These codes, abbreviations of Card Validation Code and Card Validation Value (which are named differently by various card companies), have been created to increase the security of cards, primarily when used for online payments. The codes are three digits on the back of the card for Mastercard, Visa, and Troy cards and four digits on the front of the card for American Express cards.
3D Secure
Visa developed this concept under the “Verified by VisaAdd label.” MasterCard later joined the system with the “SecureCode” and was jointly named 3D Secure. 3D Secure is a platform that takes security one dimension further in online payments and regulates the responsibilities between the merchant, bank, and cardholder. After the user enters their card information, unlike the regular payment process we know, during the payment process, an additional screen (with browser redirection) is displayed by the user’s card bank, and the user is asked to enter the SMS password and/or CVC2 information sent to the registered mobile phone. Since the user is also requested for the SMS password and/or CVC2 information, the cardholder’s identity is verified, and the card is prevented from being used by people other than the cardholder. For more detailed information: Everything You Wonder About 3D Secure
SSL (Secure Socket Layer)
A security protocol that enables the card information entered in the internet browser to be encrypted and sent (posted) to the merchant software. The pages you see as HTTP are SSL supported.
End-of-day Transactions
The transactions made during the day are sent to the bank in bulk, and account records are created. While end-of-day transactions are usually between 23:00-midnight, some banks may make more than one.
Installment
The payment process is made from the credit card to the bank month by month. Since the bank receives the money from the cardholder over months instead of a single payment, the bank usually leaves the financing to the merchant, and the merchant funds the customer. For example, while a product’s cash/single shot price is 100 TRY, the cost with three installments maybe 108 TRY. On the other hand, installments at the advance price are exempt. For more detailed information: What You Need to Know About Credit Card Payment and Installments in Advance
Points / Bonus / Chip Money
The banks receive a commission from merchants for card transactions. For example, if the bank gets 2% = 2 TRY commission from the merchant for a single withdrawal when you pay 100 TRY with a card, it gifts some of this to the cardholder with the name of points/bonus/chip money, etc. This way, as you shop with the card, you collect points, which you can use for your next purchase. Note: Banks’ commission rates vary according to the merchant’s transaction volume, number of blocked days, and single withdrawal/installment amount.
Merchant
A natural or legal person who fulfills the necessary responsibilities and owns a physical or virtual POS by contracting with banks.
Fraud
“Fraud,” which means forgery is a crucial term that often leads to financial and reputational loss and can be subject to judicial investigation. You can see different types in almost every sector. Regarding payment systems, fraud is making an unfair gain by the transaction online or at an ATM with someone else’s credit or debit card, thereby causing financial loss to the actual cardholder, merchant, or bank. Such transactions by the fraudster(s) may be carried out physically or virtually.
Chargeback
Chargeback is the cardholders’ objection about the payment transaction made on their card not belonging to them or an error regarding the amount, service, and transaction. Cardholders have this right of objection within the rules of national and international card payment systems organizations such as Visa, MasterCard, American Express, Diners, JCB, and BKM.
EFT (Electronic Funds Transfer)
An electronic payment system allowing depositors to send a payment in Turkish Lira from their bank to another (Example: Sending money from Akbank to Garanti Bank is an EFT transaction). For more detailed information: Establishing Payment System Infrastructure: EFT/Transfer
Wire Transfer
Money transfers between different branches of the same bank. (Example: Sending money from the İşbank Maslak branch to the İşbank Kadikoy branch is a Wire Transfer)
Virman: A money transfer between accounts of the same bank at the same branch. (Example: Transferring money from an account at Vakıfbank Kozyatağı branch to another account at the same branch is a Virman transaction)
Payment Gateway
These solutions provide merchants access to the Virtual POS of all banks, many payment and e-money institutions, alternative payment methods, and foreign payment methods from a single point with a single integration. In addition, they can offer many value-added services such as card storage, closed-loop wallet, marketplace solution, link and QR code payment collection, and proactive monitoring. Thus, they offer financial freedom to companies receiving online payments with a single and centralized integration. The main difference between Payment Gateway from payment and e-money institutions is that they do not give Virtual POS, collect and distribute money. ‘One-Stop Shop’ payment orchestration platform Craftgate, which includes payment gateway technology, allows you to easily manage all banks’ Virtual POS, multiple payments, and e-money institutions from one central location, freeing up your time to focus on growing your business.
PSP (Payment Service Provider)
Payment service providers (PSPs) provide processing services, collect and distribute money, and enable merchants to receive payments through various electronic payment methods such as credit cards, debit cards, EFT, money orders, and alternative payment systems, especially over the Internet.
Online/Digital Wallet
It is the general name given to solutions that store card information in their systems in the cloud and enable payment without entering card information, usually for online shopping. In Turkey, BKM Express, PayPal, and iPara are examples of online wallets.
Mobile Wallet
It is the general name given to solutions that store card information on mobile devices, SIM card, or in the cloud and enables payments without entering card information when shopping on mobile devices, usually over the internet.
OTP (One Time Password)
These are passwords generated and sent for one-time use to verify transactions. Examples of this application are the password received from the bank to your mobile phone during the 3D Secure process or the critical passwords generated for Internet banking user logins. It is also used in mobile payments to verify transactions.
Maestro
Maestro is the generic name for MasterCard’s debit cards.
Elektron
Elektron is the generic name for Visa’s debit cards.
PCI (Payment Card Industry)
The authority that sets security and liability policies for debit cards, credit cards, prepaid cards, e-wallets, and related businesses in the card payments industry. The written rules of this council established by card organizations bind merchants.
PCI-DSS (Payment Card Industry – Data Security Standards)
The PCI council sets technical and operational rules and requirements to protect card and cardholder information and data security. Craftgate is a PCI-DSS-1 compliant payment orchestration that covers merchant, payment process, and customer data and provides a global security standard for all parties. This way, Craftgate securely stores its merchants’ customers’ card details. It allows merchants to make one-click and recurring payments for their customers’ subsequent purchases.
Law No. 6493
Law No. 6493 on Payment and Securities Settlement Systems, Payment Services, and Electronic Money Institutions regulates the procedures and principles regarding payment and securities settlement systems, payment services, payment institutions, and electronic money institutions. This law provides for the supervision and licensing of payment institutions and electronic money businesses and, thus, the protection of consumers. Services such as acquiring virtual POS, making payments electronically, and offering prepaid cards can be performed with a license obtained under this law.
Fintech
It is the general name given to companies that develop finance technology (Financial Technologies). Fintech companies conduct studies to provide more accessible, fast, and secure financial services.
Open Banking
Open banking means performing certain banking transactions with third-party software that can access permitted bank information through integrations. Open banking systems aim to provide users a simplified and better banking experience.
Alternative Payment Systems
Alternative payment systems are payment methods developed to make it easier for companies to receive payments that differ from traditional payment methods such as cash and credit card payments. For example, payment via digital/mobile wallets or payment via a link, which allows collection without the need for an intermediary system such as a website, is an alternative payment system.
Card Storage
It is the name given to the service of storing card information in PCI-DSS-1 compliant infrastructures so that customers can make more accessible and faster payments. With its PCI-DSS-1 compliant infrastructure, Craftgate securely stores your customers’ card information. It offers customers of the merchants the opportunity to make one-click payments.
mPOS
mPOS, i.e., mobile POS, is a payment solution that allows you to receive payments via mobile phones and tablets without needing standard POS devices wherever there is internet access.
Infrastructure Provider
Infrastructure providers serve companies easily create e-commerce sites with all the necessary security certificates, payment integrations, and servers.
Prepaid Card
A prepaid card is a card that allows spending up to the amount loaded into it through payment systems and financial institutions without the need for a bank account. It can be used for daily use, but it is also used in shopping gift cards to enable children over 12 years of age to transact with the card.
Marketplace
It is the name given to e-commerce platforms that bring buyers and sellers of products/services together. In marketplaces, sellers can exhibit and sell their products and services in the virtual shops they rent. In this way, they can benefit from marketplaces’ ready-made payment infrastructures, and website features such as comments, etc., and indirect advertising activities.
Sources:
