Introduction
Mercanet is a secure multi-channel e-commerce payment solution that complies with the PCI DSS standard. It allows you to accept and manage payment transactions by taking into account business rules related to your activity (payment on despatch, deferred payment, recurring payment, payment in instalments, etc.).
This document defines all terms, acronyms and expressions specific to the context of the Mercanet solution. Therefore, it lists the reference vocabulary used in all the other "product" documents of our solution.
"0...9"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
3-D Secure | 3-D Secure | Tripartite authentication protocol
(issuer/network/acquirer) for the end customer who identify
themselves online (for example, by means of a password). Each
scheme applies the 3-D Secure protocol in its own programme
("Verified by Visa" for Visa, "MasterCard SecureCode" for
Mastercard). The protocol provides additional transaction
security by requiring cardholder authentication. This programme
offers several advantages:
3-D Secure is not suitable for all payment scenarios
and does not apply to the following cases:
|
3DS | 3DS | Cf. 3-D Secure. |
4DBC | 4DBC | Cf. Card security code. |
"A"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
AAS | SAA | Acquirer Authorisation Server. |
Acceptor | Accepteur | In card scheme, name given to the stakeholder who accepts the card. In the BNP Paribas context, it is the merchant or their PSP. |
Acquirer | Acquéreur | The financial institution (or its agent) that receives financial information pertaining to a transaction from the acceptor (the merchant, its payment service provider) and enters this information into an exchange system. |
ACS | ACS | Access Control Server. Access control server
(3-D Secure) implemented by the issuer and allowing to:
|
ANI | IAN | Cf. Automatic Number Identification. |
Automatic Number Identification | Identification automatique du numéro | Telecommunication networks feature to automatically identify the caller's phone number and thus know whether this number is (for example) a mobile phone number, a toll-free number, etc. |
Anti-carding system | Système anti-carding | Mercanet system to detect carding attacks
and protect your payment system against them. Cf.
Carding. |
Authentication | Authentification | The use of an authentication service (such as 3-D Secure) to check the buyer's identity. |
Authorisation | Autorisation | Checking of the validity of the Internet user's card with the card issuer. The checks carried out include: checking that the card is not a lost or stolen card, that the expiry date has not expired and that the transaction amount presented will be debited (payment limit of the card not exceeded). |
AVS | AVS | Address Verification Code. |
"B"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
BIC | BIC | Bank Identifier Code. International identifier of the
bank. |
BIN | BIN | Bank Identification Number. The leading digits on bank
cards. They identify the card issuer. Following the revision
of ISO-7812, the length of the BIN has been increased from 6 to
8 digits. During the transitional period, both 6 and 8-digit BINs
are allowed. Also called IIN. |
BO | BO | Back Office. |
Buyer | Acheteur | Cf. Final buyer. |
"C"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
Capture | Remise (en paiement) | Cf. Collection. |
Cardholder | Porteur de carte | Natural person holding a bank card. |
Carding | Carding | Illegal techniques for retrieving an individual's financial
data, such as credit card number, bank account number, username or
password, etc. The techniques used are, for example, the sending
of fraudulent e-mails or the illegal use of data reading devices.
The recovered data is then used for fraudulent payments. Cf.
Anti-carding system. |
Card issuer | Émetteur de la carte | Financial institution that issued a card. |
Card range | Card range | Card ranges are basically set on an 8 digits long basis. Nevertheless, to ensure ecosystem readiness, Mastercard has asked all acquirers and their service providers, including processors, support 11-digit BIN ranges and 8-digit BIN standard by April 2022 for its own cards. |
Card security code | Code de sécurité de la carte | Visual card security code: 3 digits printed on the signing bar on the back of the domestic VISA (referred to as CVV2), MASTERCARD (CVC2) and CB (CBN2) cards. This code adds an extra level of security for distance selling. In the case of American Express, the card security code is a 4-digit number and is referred to as 4DBC. |
CB | CB | Bank card used in France ("Carte Bancaire"). |
CBN2 | CBN2 | Verification code for national bank cards. Cf. Card
security code. |
CCV | CCV | Card Code Verification. Cf. Card security
code. |
Chargeback | Impayé | Transaction not paid to the merchant. |
Chargebacks report | Journal de rapprochement des impayés | This report contains transactions made from the merchant's Mercanet webshop that have been credited, and which have then been subject to a credit adjustment (unpaid due to a dispute with the customer for example). This report can be sent to the merchant every day. |
CIT | CIT | Customer Initiated Transaction. Transaction initiated
by the cardholder either :
|
Client-Side Encryption | Client-Side Encryption | A technique for encrypting data before it is processed by the Office (M2M) payment gateway. This technique ensures that data is visualised only on the client side, since data is intercepted and encrypted during entry using an asymmetric encryption key. |
CNIL | CNIL | Cf. Commission nationale de l'informatique et des libertés. |
CNP | CNP | Card Not Present ou Customer Not Present. As opposed to
the proximity acceptance mode using CP (Card
Present). |
Cobadged | Cobadgé | A cobadged card is a card that covers at least two brands. Most international cards issued in France are cobadged with CB (CB/VISA, CB/MASTERCARD, CB/MAESTRO, etc.). |
Collection | Remise (en paiement) | Collection operation performed to pay for a transaction. It consists of crediting/debiting the merchant's account and debiting/crediting the Internet user's account. |
Commission nationale de l'informatique et des libertés | Commission nationale de l'informatique et des libertés | (French National Commission for Information Technology and
Civil Liberties.) Independant French data protection body
created in 1978 to enforce compliance with privacy during the
computer processing of personal data. |
Credit | Crédit | A transaction in which an amount is transferred from the merchant's account to the buyer's account. |
Credit card | Carte de crédit | Bank card with deferred debit option or linked to a revolving credit. |
CSC | CSC | Card Security Code. Cf. Card security
code. |
CSE | CSE | Cf. Client-Side Encryption. |
CSV | CSV | Comma-Separated Values. A computer file format in which
the data is separated by commas. |
CTC | CTC | Centre de Traitement (des transactions) et Compensation. |
CVC2 | CVC2 | Card Validation Code (MasterCard). Cf. Card security
code. |
CVV2 | CVV2 | Card Verification Value (Visa). Cf. Card security
code. |
"D"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
DB | BDD | Database. |
DCC | DCC | Cf. Dynamic Currency Conversion. |
Debit card | Carte de débit | Immediate debit bank card. |
DS | DS | Cf. Directory Server. |
Directory Server | Directory Server | Platform for securing remote payments, necessary for the implementation of strong cardholder authentication. Each payment scheme acts as a go-between between a merchant and an issuer's bank and therefore has its own platform. |
Dynamic Currency Conversion | Conversion Dynamique des Devises | Service provided to the cardholder allowing them to pay in a currency other than that accepted by the merchant. This service allows the buyer to instantly know the amount paid, which helps to improve customer experience. |
"E"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
ELV | ELV | Elektronisches Lastschrift Verfahren. Direct debit
payment type that is commmon in Germany. It is based on the
following principle: the buyer provides their bank details to the
merchant; once the payment has been accepted, a payment request is
sent to the customer's account. |
EMV | EMV | Europay Mastercard Visa. International security
specifications for payment cards equipped with microprocessors,
which define interoperability between these cards and EMV payment
terminals and aim to improve transaction security. |
EMVCo | EMVCo | International body in charge of creating and publishing EMV specifications. |
Expired cards report | Journal des cartes échues | This report contains information on stored cards that will expire within a time frame of one to three months. |
"F"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
Final buyer | Acheteur final | The final buyer is an Internet user who connects to the merchant's website and pays for a given good or service. |
FO | FO | Front Office. |
Frictionless authentication | Authentification frictionless | Simplified and secure authentication process that minimises the buyer's intervention, for example for mobile phone payments, contactless card payments, one-click payments. |
Frictionless payment | Paiement frictionless | Simplified and secure payment process that minimises the buyer's intervention, for example for mobile phone payments, contactless card payments, one-click payments. |
FTP | FTP | File Transfer Protocol. Communication protocol for file
sharing. |
"G"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
GDPR | RGPD | General Data Protection Regulation. A European Union
regulation which acts as the reference text on the protection of
personal data. It strengthens and unifies data protection for
individuals within the European Union. |
Gift card | Carte cadeau | Card with a face value, usable in one or more times. This card can be single or multi-brand. |
"H"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
Host | Hébergeur | A service provider hosting one or more websites on its own servers connected to the Internet. Sometimes, hosting companies provide website creation/management services. |
Hosted Fields | Hosted Fields | Cf. Hosted Fields. |
"I"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
IAS | SAE | Issuer Authorization Server. |
IBAN | IBAN | International Bank Account Number. |
iframe | iframe | Mercanet HTML page embedded in the merchant's website HTML page. |
IIN | IIN | Issuer Identification Number. The leading digits on
bank cards. They identify the card issuer. Following the
revision of ISO-7812, the length of the BIN has been increased
from 6 to 8 digits. During the transitional period, both 6 and
8-digit BINs are allowed. Also called
BIN. |
Internet user | Internaute | Online customer of a merchant. Cf. Final buyer. |
ISP | ISP | Intermediate Service Provider. Entity acting as a
merchant on behalf of other merchants and securing communications
during transactional processing without having to set security
keys for each of the registered merchants (e.g. hosting companies
or webshop management companies). |
Issuer | Émetteur | Financial institution that issued the means of payment. |
iSTI | iSTI | Initial Scheme Transaction Identifier. Reference
identifier that must be provided in subsequent transactions to the
CIT, allowing the MIT/CIT chaining to be performed. |
IVR | SVI | Interactive Voice Response. |
"L"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
LS | LS | Liability Shift. Cf. below. |
Liability Shift | Transfert de responsabilité | Merchants are usually responsible for unpaid e-commerce transactions resulting from fraud. Liability shift means that the loss due to non-payment is transferred from the merchant to the card issuing bank (to accept secured transactions only, please refer to the specific section in the 3-D Secure guide). |
"M"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
Mandate | Mandat | The SEPA direct debit materialises the customer's consent to the merchant. You must assign a Unique Mandate Reference (UMR) for each mandate. |
MCC | MCC | Merchant Category Code. Code designating the merchant's
activity type. |
Mercanet | Mercanet | An international multi-channel secure payment solution provided by BNP Paribas, allowing you to collect the proceeds of your online sales and integrating a set of services to optimise your Internet sales activity. |
Hosted Fields | Hosted Fields | An additional Office (M2M) option, in the form of embedded fields, allowing you to reduce PCI DSS constraints by outsourcing certain security requirements related to sensitive information. |
Office Batch | Office Batch | Allows to provide merchants with Office (M2M) features in batch mode, based on file sharing. |
Office (M2M) | Office (M2M) | Interface that works through a server-to-server dialog. This interface allows the merchant to manage their own payment pages, as well as their own management interface. |
Merchant | Commerçant | A natural person or a legal entity operating a webshop. Merchants using Mercanet are registered with BNP Paribas and can take advantage of the secure online payment service. |
Merchant extranet | Extranet marchand | Mercanet solution extranet. |
MerchantId | MerchantId | The merchant's unique identifier used by BNP Paribas. |
MIF | CMI | Multilateral Interchange Fee. New European legislation
(Regulation 2015/751) on interchange fees for card-related payment
operations. This legislation only applies to consumer payment
cards issued in the EU, not to company cards and American Express
cards. |
MO | MO | Middle Office. |
MOTO | MOTO | Mail Order Telephone Order. Telephone order or regular
mail order (standard method for distance selling). |
MPI | MPI | Merchant Plug-In. In the context of preventing card
fraud, the MPI is a component that allows you to interact with
participants during 3DS checks. It checks whether the cardholder
is enrolled and gives the result of the authentication on the
ACS. |
"N"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
Networks (electronic payment) | Networks (electronic payment) | A group of organisations that issue means of payment after entering into a reciprocal agreement regarding the transfer of funds between the cardholder (issuer) and the merchant (acceptor). |
"O"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
Operations report | Journal des opérations | This report contains operations from the merchant in the Mercanet Back Office interface or using the Office (M2M) and Office Batch connectors (refund, validation, cancellation, etc.) since the previous day's report was sent. This report is usually sent to the merchant every day. |
OPPOTOTA | OPPOTOTA | National register of French or foreign cards blocked and declared by the CB, Visa and MasterCard networks. |
"P"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
PAN | PAN | Primary Account Number. Main account number (card
number, bank account number, supplier account for example for
Paypal). |
Payment capture | Remise (en paiement) | Cf. Collection. |
Payment collection | ||
PCI DSS | PCI DSS | Payment Card Industry – Data Security Standard. Data
securisation standard. The Mercanet solution is
certified compliant with PCI DSS (since 2006, as the first PSP in
France). |
POS | POS | Point Of Sale. |
PSD2 | DSP2 PSD2 |
Cf. Revised Payment Services Directive. |
PSP | PSP | Payment Services/Solutions Provider. |
"R"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
Reconciliations report | Journal de rapprochement des transactions | This report reconciles the transactions accounted for by the merchant in their Mercanet webshop with the transactions actually processed by the processing centre of their banking institution. The result is the amount that will actually be credited/debited to/from their account. In addition, the merchant is notified of any non-reconciled transactions. Thus, the report makes accounting easier for merchants. This report can be sent to the merchant every day. |
Regulatory Technical Standards | Normes techniques de réglementation | A set of security measures adopted by the European Commission that better protect customers through higher security requirements for electronic payments (cf. Strong Customer Authentication). |
Remitter | Remettant | The remitter is a partner acting as a technical operator on behalf of several shops. The remitter manages file exchanges with the Mercanet payment platform. A remitter may send several merchant transactions in the same file provided that they are declared in the name of the remitter at the time of registration. |
Revised Payment Services Directive | Directive révisée sur les services de paiement | New European Commission directive that aims to better secure electronic payments and better protect payment data and customers' personal data. |
RTG | RTG | Response Time Guarantee. |
RTS | NTR RTS |
Cf. Regulatory Technical Standards. |
"S"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
SAQ | SAQ | Cf. Self-Assessment Questionnaire. |
SCI | ICS | Sepa Creditor Identifier. Reference needed to implement a direct debit. Replaces the national issuer number ("Numéro National d'Émetteur", or NNE) in France. |
SCT | SCT | SEPA Credit Transfer. Transfer: a euro means of payment
for the execution of fund transfers between accounts located in
the SEPA area. |
SDD | SDD | SEPA Direct Debit. Direct debit: a euro means of
payment for the execution of fund transfers between accounts
located in the SEPA area. It is at the initiative of the creditor
(the merchant), authorised in advance by the debtor (the Internet
user/customer) through the issuing of a mandate. |
SDK | SDK | Cf. Software Development Kit. |
SDPX (library) | (Librairie) SDPX | Mercanet Javascript component used by merchants for their CSE or Hosted Fields integrations. |
Secret key | Clé secrète | Unique value to ensure the confidentiality and integrity of payment through the BNP Paribas payment solution. |
Secure payment | Paiement sécurisé | Transactions recorded on the Internet are protected against unauthorised interception and against any unauthorised editing or modification of the original content of messages. |
Self-Assessment Questionnaire | Questionnaire d'auto-évaluation | PCI DSS questionnaire completed by an organisation or a merchant that/who then forwards this questionnaire to any third party (e.g. acquirer) requesting it to assess the PCI DSS compliance of the said organisation/merchant. |
SEPA | SEPA | Single Euro Payments Area. A European protocol
implemented to create a single market for all citizens and
businesses and to make payments across the European Union as
easily, quickly and reliably as in the most efficient national
payment systems. |
Software Development Kit | Kit de développement logiciel | A set of software tools for developers that facilitate the development of software on a given platform. |
SPS | SPS | SEPA Payment Suite. BNP Paribas's solution
for managing SEPA payments. |
SSP | SSP | Cf. Score & Secure Payment. |
Strong Customer Authentication | Authentification forte du client | Procedure for authenticating card payments made online, aimed at enhancing the security of these payments by requiring the user to meet at least two conditions to prove their identity. |
"T"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
Token | Token | The token is a number shared by the merchant and Mercanet. It replaces the card number (PAN) and is not sensitive data. |
Tokenisation | Tokenisation | Process of substituting the PAN, considered as a sensitive data element, with a non-sensitive equivalent data created by a tokeniser. |
TRA | TRA | Transaction Risk Analysis. As part of the Revised
Payment Services Directive (PSD2), a methodology for analysing
fraud rates, carried out by an issuer (issuer TRA) or an acquirer
(acquirer TRA) to determine whether Strong Customer Authentication
(SCA) is required for a given transaction. |
TRA exemption | Exemption TRA | A Strong Customer Authentication (SCA) specific case
allowing an acquirer, and by delegation its merchant, not to apply
the SCA procedure to a transaction identified as low risk. Please
get in touch with your acquirer to know if you qualify for the TRA
exemption. Cf. TRA. |
Transaction Risk Analysis | Analyse du risque de transaction Transaction Risk
Analysis |
Cf. TRA. |
Transactions Report | Journal des transactions | This report contains the payments (whether accepted or declined) made from the merchant's Mercanet webshop. This report is usually sent to the merchant every day. |
"U"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
UMR | RUM | Unique Mandate Reference. |
"W"
Term, abbreviation or acronym | French terminology | Definition |
---|---|---|
Wallet | Wallet | A virtual storage space in which payment means can be stored in order to be able to pay without re-entering the payment means details (OneClick payment) or to trigger subsequent payments without the holder being present.. |
Wallet Initiated Payment | Wallet Initiated Payment | Service applying to Bancontact cards and allowing:
|
WCAG | WCAG | Cf. Web Content Accessibility Guidelines. |
Web Content Accessibility Guidelines | Web Content Accessibility Guidelines | Recommandations du World Wide Web Consortium (W3C) pour rendre les contenus Web plus accessibles à des personnes en situation de handicap. |
WIP | WIP | Cf. Wallet Initiated Payment |