Purchasing Cards Glossary


The following provides a glossary of industry used terms and acronyms to help you understand all aspects of the payment process.


A financial institution where a merchant holds an account to process transactions and credit payments.


Authorisation is not a guarantee of payment. It is the process where a transaction is approved or declined by a card issuer or an acquirerA financial institution where a merchant holds an account to process transactions and credit payments. on behalf of a card issuer, confirming the funds were available at the time of the transaction.

AVS (Address Verification Service)

A fraud-prevention mechanism that verifies a customer address against a card. The data check response helps you to decide whether or not to proceed with the transaction.


A collection of transactions held at a single terminal or outlet. A batch may contain several days' data.

Bespoke Data

Specialist supplementary data specific to a particular organisation that is captured and delivered outside of the standard Level 1-3 banking data. ITS is able to provide detailed management information reports that complement this elevated level of service.

CC (Commodity Code)

Visa-specified code for categorising the actual commodity sold (e.g. nuts and bolts). There are approximately 300 codes.

CNP (Cardholder Not Present)

When card details are taken over the telephone, on the internet or by post.

CP (Cardholder Present)

When the cardholder is present at the point of sale.

CSC (Card Security Code)

The code is made up of the last 3 digits on the signature strip, on the reverse of a card. It is used to verify the authenticity of the card and authorize transactions.

CVC2 (Card Validation Code 2)

Fraud prevention mechanism initiated by MasterCard and Visa to protect merchants. These codes are the three digits on the back of a MasterCard or Visa that follow the cardholder’s credit card number – they offer mail order and internet merchants additional security by helping to identify a cardholder in a CNP transaction.

EPOS (Electronic Point of Sale)

These systems give businesses a convenient way of recording purchase transactions. A computerised till system can be an EPOS system as long as it includes some sort of store inventory database, which is updated automatically when a purchase is made.

ERP (Enterprise Resource Planning)

An industry term that covers a range of business management activities. An ERP system can be used for managing product planning, parts purchasing, inventories, interacting with suppliers, providing customer service and tracking orders. It can also include application modules for the finance and human resources aspects of a business.


An issuer is a financial institution which issues payment cards.

Level 1 Data - (Standard)

The standard financial data captured for a credit or debit card transaction.

Level 2 Data - (Summary VAT)

The standard financial data captured for a payment card transaction plus a customer reference code and summarised VAT total.

Level 3 Data - (Line Item Detail or LID)

The standard financial data captured for a payment card transaction plus line item detail descriptions for the goods/services provided with individual VAT amounts.

LID (Line Item Detail)

The individual entries listed in an invoice giving the detail of what has been purchased. LID is also known as Level 3 or enhanced data and specialist providers such as ITS can send this data to the cardholder along with the financial transaction.


A business which accepts card transactions in exchange for goods/services.

MID - Merchant ID

The merchant identification number provided by the Acquirer where a merchant holds an account to process transactions and card payments.

MOTO (Mail Order Telephone Order)

Where a Merchant takes an order via the telephone or by post.

PCI DSS (Payment Card Industry Data Security Standard)

Refers to a set of guidelines with which businesses that process payments and handle customer data must comply.


The overnight collection of card payment transaction information via a telephone line linked to your terminal.

POS (Point of Sale)

Where the transaction between merchant and customer is carried out.

Purchasing Card (P-Card)

Purchasing cards are issued to employees to make purchases on behalf of their organization. The benefit of purchasing cards over other payment cards is that they allow additional transaction information to be sent through to the banks electronically. This removes the need for purchase orders and invoices, thereby saving both the supplier and the purchaser time and money.

TID (Terminal ID)

The unique terminal identification number with the bank acquirer.

VGIS (Visa Global Invoice Specification)

Similar to Level 3 data, VGIS is the Visa equivalent of LID and additionally captures buyer and referencing information for a Visa purchasing card.

XML Format (eXtensible Markup Language)

XML's purpose is to aid information systems in sharing structured data, especially via the internet to encode documents and to serialise data.

Frictionless Authentication (3DS)

A Frictionless Authentication is a seamless 3DS Version 2 authentication where the card issuer authenticates the transaction with no additional input required by the customer. E.g., card holder data provided has passed the card issuers risk evaluation.

Challenged Authentication (3DS)

This will occur when a user is prompted by the card issuer to give further authentication for their purchase e.g., card holder prompted for a One Time Passcode.

Attempted Authentication (3DS)

An Attempted Authentication will occur when authentication is not obtained but proof of an attempt to authenticate is provided to the merchant. Card holder will not have to provide any additional input in this event.

Rejected Authentication (3DS)

Reject Authentication will occur when the Card issuer rejects the authentication. As a result, the session doesn’t proceed.

Failed Authentication (3DS)

Failed Authentication will occur once a user has failed to provide sufficient authentication during their Ecommerce session and as a result, the session doesn’t proceed.