Glossary

The following terms are used in Elavon Gateway products and are included in Fusebox and Elavon software applications.

AC - Application Cryptogram. Cryptogram returned by the ICC in response to the Generate AC command.

AAC - Application Authentication Cryptogram. The type of AC that is generated by the chip when declining a transaction.

AID - Application Identifier. A unique identifier that tells you the card brand (ex: Amex, Discover, MasterCard, Visa, etc.) and the type of card within the brand (ex: Maestro vs. MasterCard Credit). Identifies the application as described in ISO/IEC 7816-5.

Application File Locator (AFL): Identifies the records available to the application and the reference to their location in files in the chip card’s memory.

Application Interchange Profile (AIP): Indicator of the capabilities of the chip card to support specific functions.

ARPC - Application Response Cryptogram. Cryptogram generated by the issuer during an online transaction authorization. It secures the response data integrity and is used by the chip to validate the issuer host authenticity.

ARQC - Application Request Cryptogram. A type of AC that requests an online transaction. It secures the request transaction data integrity and is used by the issuer to validate the chip authenticity.

Application Transaction Counter (ATC): A mechanism for tracking the transactions done using a specific account; used to prevent fraudulent use or cloning of a card or device.

Authorization Process: Authorization approves the use of a credit card, debit card, private label card, stored value card, or electronic check (e-check).

  • Authorization code is returned to the POS system and retained by the card association, card issuer, and transaction processor.

  • No money changes hands.

  • Authorization code must accompany the transaction when settled to prevent the merchant from being charged a higher processing fee.

  • Card issuer sets cardholder spending limit. The open-to-buy is the remaining credit limit on the cardholder account.

BAU - Business as Usual. Refers to normal magstripe processing flow.

Card Authentication Method (CAM): Method used to verify that a card or device is genuinely the one issued to the consumer.

Card Verification Code 3 (CVC3): Value used in place of CVC1 in the discretionary data field of the Track 1 and 2 data for MasterCard PayPass transactions; usually a dynamic cryptogram generated by the card or device.

Contactless Chip: The RF chip found inside a card or device; when connected to an antenna, it permits card or device transactions without swiping the magnetic stripe.

CVM - Cardholder Verification Method. Strongest verification method supported by both the ICC chip and the EMV Kernel’s terminal capabilities configuration.

Elavon Gateway applications: Elavon Gateway applications enable your application to process transactions with any transaction processor for which the Elavon Gateway has written a third party interface. The Elavon software applications provide the communication and services technology and optional high-speed Payment Delivery Services (PDS) for a one-to-many link between your POS system and the transaction processors that the Elavon Gateway supports.

  • SofTrans Interface Modules and their availability can be obtained from your Elavon Gateway Relationship Manager and differ on Fusebox. Additional certification requirements may exist for some TPPs.

Elavon Gateway: Defines the Elavon Gateway Message or the API fields in a specific way and requires that certain data elements be included in the Input Request. The POS or PMS can be used with most credit card transaction processors supported by our TPP Processor Interface.

Fusebox: The Fusebox UI or Batch Management User Interface (BMUI) is an online portal that is used to review, research, and process transactions after they have been sent to the Elavon Gateway. Cardholder data is protected behind a secure data center and firewall.

JNetSend: A JAVA XML parser that accepts an XML message from the integrated POS or PMS, performs message translation, and then passes transactions to JNetServ.

Merchant Bank: Works with various transaction processors to process electronic payment transactions on their behalf. Some merchant banks contract with several transaction processors, allowing them to offer more services to their customers. Larger banks may do their own transaction processing.

Online Content Management (OCM): Core product distributed by Elavon and considered the client-facing Dispute Management response tool. Acquiring merchants access Payments Insider and use the tool to view, manage (up to 2 years of data), and respond to their chargeback and retrieval activity.

On-Guard: A type of encryption supported on Ingenico terminals only. Simplify using On-Guard can be operated as part of a PCI P2PE-validated solution. Validation is specifically performed through Safe-T Link with P2PE Protect.

PayPass Card: A proximity device containing a PayPass chip and application that has the characteristics of the transaction bankcard. The card is issued by a traditional issuer and contains a contactless chip that uses radio frequency.

Point-to-point encryption (P2PE): Encrypts card data at the earliest point of entry, to protect the data as it travels across various systems and processing networks.

  • Protects card data from the time it enters the environment until it is received by Elavon.
  • Applies advanced encryption that conceals data before it travels through the POS system or network.
  • Format-preserving encryption, removes the need to make changes to the POS system software and message format.

Property Card (PCARD): A premise-based Java application that provides a common interface between multiple POS or PMS merchant systems and the GCS Bank switch process. PCard deploys as a Windows service.

Proximity Device: A consumer device that can be read from a distance (within a specified range) without physical contact; PayPass cards and devices are proximity devices.

SAFE-T Suite: Secure and Flexible Encryption and Tokenization that combines encryption and tokenization technologies to protect cardholder data in use, in transit, and at rest.

  • Secures transactions with encryption and removes card data from the merchant’s environment with tokenization, a process that eliminates fees, fines and costs associated with a breach.
  • Reduces costs associated with PCI compliance.
  • Protects your brand.
  • Removes the risk of storing card data while transferring it to the processor.
  • Allows you to focus on initiatives that contribute to revenue rather than securing cardholder data.

Safe-T Link: Supports two different Verifone devices. These devices use Verifone’s encryption service, Verishield Total Protect (VTP). VTP only supports Verifone devices. It is analogous to OnGuard for Ingenico devices.

Settlement: Involves transactions that are presented for funding and the eventual electronic deposit into the merchant bank account. Common terms within the electronic industry include: settle, deposit, upload, and batching.

Simplify: Elavon’s PIN Pad-based terminal application is designed to process electronic payment transactions from a Point of Sale (POS) or a Property Management system (PMS).

The Simplify application layer runs on Ingenico Telium II PIN Pads using Voltage encryption, and communicates with Elavon’s Fusebox host process. Refer to the Simplify Developer Guide.

TC - Transaction Cryptogram. Approval cryptogram generated by the ICC.

TCP/IP Gateway: A method of interfacing to our Elavon software applications. Instead of a direct system call, an IP Socket Call Interface is written. TCP/IP Gateway Client and Server are included in the Windows Elavon software applications distribution for ease of testing and integration. Integrators can implement directly to the server or use our client.

Token Vault: Enables tokenization to replace actual card data with a randomly generate unique ID (token) to protect data in use and at rest. Tokenization eliminates the possibility of having real card data stolen because the data no longer exists in the merchant’s environment, while allowing the use of the token in place of the PAN for necessary business tasks. Replaces actual card data with a randomly-generated unique ID (token) sent in the response message.

Transaction Processor (TPP): Receives transaction requests from a merchant and approves or declines requests based on parameters set up between the TPP and various financial institutions.

TPPs act as intermediaries between the merchant and the various financial institutions. They allow your customer and the merchant to submit transactions for authorization and settlement to the transaction processor, who processes them for the various card issuers involved.

TPPs operate worldwide and use a variety of methods for communicating and defining requests, including ISDN, asynchronous dial, frame-relay, and ATM.

TVR - Terminal Verification Results. Status of the different terminal risk management and cardholder verification functions as seen from the terminal.

Voltage: Voltage SecureData Payments applications provide a complete Point-to-Point Encryption (P2PE) solution.

note

The Voltage solution is available on Ingenico terminals only. The TEP2 is the only Voltage format supported at this time. TEP2 offers Format Preserving Encryption where the BIN and last 4 of the account number are preserved. Simplify is integrated with TEP2 encryption.

Y Transponder: Radio frequency devices that can be wirelessly transmit a unique ID code to nearby reader.