Glossary
This page provides a list of glossary terms used in this guide.
-
0100 Message Transaction Identifier (MTID). This is a Token Activation Request (TAR) message, requesting authorisation for the token creation.
-
0620 Message Transaction Identifier (MTID). This is a Token Event Notification (TEN) which indicates the token has been created.
-
3D Secure (3-domain structure), also known as a payer authentication, is a security protocol that helps to prevent fraud in online credit and debit card transactions. This security feature is supported by Visa and Mastercard and is branded as ‘Verified by Visa’ and ‘Mastercard SecureCode’ respectively.
-
Activation Code Network Message. The message sent to Thredd and also the Programme manager via EHI which contains the OTP to verify the cardholder.
-
Banking organisation and licensed scheme member that enables merchants to take card payments and send payment authorisation requests to the issuer using the card scheme’s network.
-
A message over EHI containing the OTP.
-
This includes checks to confirm the cardholder identity, such as PIN, CVV2 and CAVV.
-
Stage where a merchant requests approval for a card payment by sending a request to the card issuer to check that the card is valid, and that the requested authorisation amount is available on the card. At this stage the funds are not deducted from the card.
-
Automatic fuel dispensers (AFDs) are used at petrol or gas stations for customer self-service fuel payments. Typically the customer inserts their card and enters a PIN number and the AFD authorises a fixed amount (e.g. £99). Once the final payment amount is known, the AFD may reverse the authorisation and/or request a second authorisation.
-
The Bank Identification Number (BIN) is the first four or six numbers on a payment card, which identifies the institution that issues the card.
-
Binary Large Object file. A blob is a data type that can store binary data. It can be used to store images or other multimedia files.
-
Card network, such as Mastecard, Visa or Discover, responsible for managing transactions over the network and for arbitration of any disputes.
-
Thredd receive batch clearing files from the card networks, containing clearing transactions, such as presentments and network fees. The card issuer transfers the requested settlement amount to the acquirer and 'clears' the amount on the card, reducing the available card balance accordingly.
-
Card on File token request created by an online merchant.
-
Online Merchant Token Requestors are referred to as Card on File (COF) Token Requestors. These are merchants who tokenise a payment card so that the token can be used for repeat payments or recurring payments on their website.
-
A counter under the PSD2 rules is used to track the number of transactions and cumulative amount before the cardholder is requested to authenticate using Strong Customer Authentication (SCA): for example, via PIN for a card or via 3D Secure authentication for an online transaction.
-
The Card Verification Value (CVV) on a credit card or debit card is a 3 digit number on VISA, MasterCard and Discover branded credit and debit cards. Cardholder's are typically required to enter the CVV during any online or cardholder not present transactions. CVV numbers are also known as CSC numbers (Card Security Code), as well as CVV2 numbers, which are the same as CVV numbers, except that they have been generated by a 2nd generation process that makes them harder to guess.
-
The score applied by the wallet provider defining the level of satisfaction the wallet provider has in the request being a genuine cardholder attempt, based on the wallet providers internal fraud parameters.
-
Device PAN. The PAN value set up on the cardholder’s device. This is not visible to the cardholder, but is the PAN used for the transactions as far as the merchant is concerned.
-
The External Host Interface (EHI) is a Thredd system that enables Thredd customers to receive and respond to real-time transaction data as well as financial messages.
-
EMV is a payment standard for smart payment cards, payment terminals and automated teller machines (ATMs). EMV is an acronym for "Europay, Mastercard, and Visa", the three companies which created the standard.
-
Organisation that facilitates worldwide interoperability and acceptance of secure payment transactions. Created by EuroPay, Mastercard and Visa.
-
The external system to which Thredd sends real-time transaction-related data. The URL to this system is configured within Thredd per programme or product. The Program Manager uses their external host system to hold details of the balance on the cards in their programme and perform transaction-related services, such as payment authorisation, transaction matching and reconciliation.
-
Groups which control the card transaction authorisation fees, and other fees, such as recurring fees and Thredd web service API fees.
-
Funding PAN. The true 16-digit PAN of the card, which Mastercard/Visa converts when authorisations come through to them from Acquirers on the DPAN.
-
This is an Apple term for a Token Provisioning request that is approved.
-
The period of time during which Thredd waits for an approved authorisation amount to be settled. This is defined at a Thredd product level. A typical default is 7 days for an auth and 10 days for a pre-auth.
-
A request for an additional amount on a prior authorisation. An incremental authorisation is used when the final amount for a transaction is greater than the amount of the original authorisation. For example, a hotel guest might register for one night, but then decide to extend the reservation for additional night. In that case, an incremental authorisation might be performed in order to get approval for additional charges pertaining to the second night.
-
The message format for BASE I/Authorisation messages between Thredd and the token service provider (Visa/Mastercard). This is the industry standard for authorisations.
-
Financial organisation and scheme member, licensed by the scheme to issue cards and process transactions using the scheme’s network.
-
This is the host connected directly to Visa/Mastercard for authorisation messages (i.e., Thredd).
-
The MasterCard Digital Enablement Service (MDES) is a data interchange platform for generating and managing secure digital payment tokens. It enables devices such as smartphones, smart watches, as well as merchants, to create a tokenised version of a Mastercard, which is specific to that device or merchant. Then the device/merchant can use the tokenised version of the card to perform transactions. The tokenised version of the card appears as just a normal Mastercard card number to the merchant and acquirer, and Mastercard will map the transactions onto the original cardholder Mastercard.
-
The shop or store providing a product or service that the cardholder is purchasing. A merchant must have a merchant account, provided by their acquirer, in order to trade. Physical stores use a terminal or card reader to request authorisation for transactions. Online sites provide an online shopping basket and use a payment service provider to process their payments.
-
A unique identifier of the merchant, to identity the type of account provided to them by their acquirer.
-
Mastercard Interface Processor (MIP) The processing hardware and software system that interfaces with Mastercard's Global Payment System communications network.
-
A token requestor connected to a mobile device.
-
Thredd name for the Wallet Provider group, representing Online Merchant Token Requestors. Also referred to as M4M (by Mastercard) and Card on File (by Visa).
-
Near Field Communication (NFC) is a technology that enables a device, such as a mobile phone or payment ring, to transmit data to a Point of Sale (POS) terminal, enabling contactless payments.
-
This is often used in scenarios where the merchant terminal is not required to request authorisation from the card issuer (for example for certain low risk, small value transactions used by airlines and transport networks). The card CHIP EMV determines if the offline transaction is permitted; if not supported, the terminal declines the transaction. Note: Since the balance on the card balance is not authorised in real-time, there is a risk that the card may not have the amount required to cover the transaction.
-
A token requestor that is an e-commerce merchant.
-
A token request for Apple Pay where Apple indicates if the request is high risk. As a result it must be authenticated through either a mobile app authenticator or a call centre with fraud checking.
-
One Time passcode/ Activation code which is sent to the cardholder for use in authenticating during token provisioning, during the setup of Google Pay, Apple Pay or other wallet on their device.
-
The card’s 16-digit primary account number (PAN) that is typically embossed on a physical card.
-
Some acquirers support a partial amount approval for Debit or Prepaid payment authorisation requests. The issuer can respond with an approval amount less than the requested amount. The cardholder then needs to pay the remainder using another form of tender.
-
Thredd term for a MDES/VDEP token. This is used to differentiate between a Thredd public token and a MDES/VDEP token. Thredd use this in EHI and web service calls to identify a particular DPAN
-
The default set of parameters Thredd will use to authorise a TAR.
-
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations that handle credit cards from the major card schemes. All Program Managers who handle customer card data must be compliant with this standard. See: https://www.pcisecuritystandards.org/pci_security/
-
The technical process of marking private data specific to a given card or device. The same terminology is used when putting private data on a chip card or a smart device.
-
A hardware device for processing card payments at retail stores. The device has embedded software that is used to read the card’s magnetic strip data.
-
A Thredd customer who manages a card program. The program manager can create branded cards, load funds and provide other card or banking services to their end customers.
-
Payment Service Directive 2. PSD2 is an EU Directive which sets requirements for firms that provide payment services. It aims to improve consumer protection, make payments safer and more secure, and drive down the costs of payment services.
-
The Thredd 9-digit token is a unique reference for the PAN. This is used between Thredd and clients to remove the need for Thredd clients to hold actual PANs.
-
The process of pre-authenticating the cardholder prior to a token request being sent to Visa.
-
This is an Apple term for a Token Provisioning request that is declined.
-
Secure File Transfer Protocol. File Transfer Protocol FTP) is a popular unencrypted method of transferring files between two remote systems. SFTP (SSH File Transfer Protocol, or Secure File Transfer Protocol) is a separate protocol packaged with SSH that works in a similar way but over a secure connection.
-
Smart Client is Thredd's legacy desktop application for managing your account on the Thredd Platform.
-
Authentication which is a combination of two factors of identification at checkout. Examples include something they know (such as a password or PIN), something they get (such as an OTP in a mobile phone or other device) or something they are (such as their fingerprint).
-
Tokenisation Authentication Value. Used as part of In-app provisioning process and is the encrypted message that contains the PAN details for Mastercard from the Programme Manager.
-
Thredd Portal is Thredd's new web application for managing your cards and transactions on the Thredd Platform.
-
Transport Layer Security (TLS) is a security protocol that provides privacy and data integrity for Internet communications. Implementing TLS is a standard practice for building secure web apps.
-
Tokenisation Authorisation Request messages enable the issuer to provide a real-time decision as to whether the token service provider (MDES/VDEP) can digitise a card and designate a token on their behalf.
-
Tokenisation Complete Notification. Sent from Mastercard/Visa to Thredd and made available via EHI to the Programme Manager to confirm the setup of the token was successful (note: there may be further messages for activation).
-
Tokenisation Event Notification. Informs the issuer of unsuccessful Activation Code entry attempts and subsequent invalidation of an Activation Code or when a token is suspended, resumed or de-activated.
-
The token requestor initiates the request to convert your cardholder’s Permanent Account Number (PAN) into a digital token. Token requestors can be mobile wallets (such as ApplePay) or online merchants (such as Netflix). Mastercard refer to the Token Requestor as the “Wallet Provider”.
-
The entity who stores the mapping between the PAN and the token. With the existing Thredd integration this would be Visa or Mastercard.
-
Triple DES (3DES or TDES), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block to produce a more secure encryption.
-
Checks to confirm the card is valid, such as CHIP cryptograms, mag-stripe data (if available) and expiry date
-
Visa Digital Enablement Programme. Also called the Visa Tokenisation Service (VTS).
-
Online tool provided by Visa to enable card issuers to add artwork and terms & conditions for use on tokenised card images. For more information, see: https://developer.visa.com/capabilities/token-service-provisioning
-
Visa Tokenisation Service – is the Visa product name for tokenisation and equivalent of Mastercard’s MDES (see MDES). Thredd refer to this service as the Visa Digital Enablement Program (VDEP).