Glossary

Treezor documentation’s glossary lists all the terms and acronyms you need to fully grasp the concepts of our embedded finance services.

Tip — Not finding what you're looking for?

This may be because you’re looking for business-oriented content. Don’t hesitate to have a look at the Support Center articles!

3D Secure (3DS)

A protocol designed to add an additional security layer to online card payments.

When the 3D Secure protocol is triggered, the cardholder is required to perform a validation step (such as entering a code received by SMS or validating the operation on an already enrolled device) to authenticate.

The second version (3DS2) facilitates strong customer authentication (SCA) to meet the regulatory technical standards of the EU Revised Payments Services Directive (PSD2).

Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT)

Regulations applying to entities of the financial sector to prevent the illicit use of the money transacting through their system.

AML/CFT regulations focus notably on:

• Money laundering (concealing the source of money acquired illegally to reinvest in legal activities).
• Terrorism financing (e.g., providing funds with the intent of using them in an act of terrorism).

AML/CFT also applies to entities of the non-financial sector (both public and private). It isn’t restricted to the use of licit or illicit funds, but any act participating in terrorism (e.g., lending a car).

The equivalent in French is LCB/FT (“lutte contre le blanchiment des capitaux et le financement du terrorisme”).

Authorization

Step of the card transaction during which:

• The merchant requests the issuer’s approval for the initiated transaction.
• The issuer approves or rejects the payment based on the card status, spending limits and restrictions to be enforced.

See the Transactions life cycle article for more information.

Automated Teller Machine (ATM)

A computerized device that allows the cardholder to perform banking operations such cash withdrawals, balance inquiries, deposits, fund transfers, PIN updates and mini statements.

Available banking operations depend on what is supported by the card issuer.

Balance

The amount available on a Wallet. There are different kinds of Balances to consider:

• Current Balance – The amount of money currently available on the wallet without considering pending operations. This is usually the balance exposed to end users.
• Authorizations – Refers to the pending operations amount.
• Authorized Balance – The simulated balance, which amount takes into account pending operations (i.e., authorizations amount is deducted from the balance).

In other words, Current Balance = Authorized Balance + Authorizations

You can fetch the Balances value using the GET /v1/balances request.

Example

Consider a current balance of €500.00 and an authorized payment of €100.00 (i.e., authorizations) that is not yet settled.

In this case, the values will be as follows:

• Current Balance – €500.00
• Authorized Balance – €400.00 (i.e., the balance minus the pending operation).
• Authorizations – €100.00

Bank Identifier Code (BIC)

The unique international identifier of the bank.

This code can be 8 or 11 alphanumeric characters, which concatenates the following information:

• Bank code or institution code (first 4 characters)
• Country code (next 2 characters), indicating the country the bank is located in
• Location (next 2 characters), indicating the location of the bank
• Branch code or another additional identifier (last 3 characters)

Example

Let's consider the following BIC: "AAAABBCCXXX"

In which:

• AAAA is the bank code
• BB is the country code
• CC is the location code
• XXX is the branch code (or any other optional identifier)

Card Verification Code (CVC)

The 3-digit code usually printed on the back of a physical card.

The CVC aims to enhance security when the card is not physically present (e.g., online payments).

Many acronyms are used to refer to this code, including CVV, CVC2, CSC, CVD, CVN, and SPC.

Chargeback

The cancellation of a financial transaction which occurs when the customer contacts their issuer to dispute a charge made to their account and request a refund.

The chargeback process is designed to:

• Protect consumers from fraudulent or unauthorized transactions.
• Address issues such as non-delivery of goods or services, defective products, or billing errors.

When a user initiates a chargeback, the funds from the disputed transaction are temporarily withdrawn from the merchant’s account. The issuer investigates the claim and determines whether the chargeback is valid. If deemed legitimate, the customer account is credited, and the merchant may incur additional fees or penalties.

Chip

The embedded microchip of the card.

This chip is an integrated circuit that contains encrypted details about the card and securely transmits payment data to the terminal or the ATM during the transaction.

Common Reporting Standard (CRS)

Standard developed by the OECD in 2014 for the automatic exchange of information between partner countries to fight tax evasion. It applies to each country that has committed to the CRS and transposed it into its law.

Contactless

See Near field communication (NFC).

Device Primary Account Number (DPAN)

The tokenized version of the Primary Account Number (PAN) dedicated to a device such as a smartphone. It aims to securely identify a Card. It cannot be used to pay on its own.

The DPAN has to be detokenized by the Card network (e.g., Mastercard) during the payment.

Effective Date

The date on which funds are effectively credited or debited. You may also find the term settlement date or collection date.

This date differs from the date the transaction is requested in the case of a SEPA Credit Transfer (SCT) or a SEPA Direct Debit (SDD) for example.

Example

Consider an SCT requested on February 3^rd, but which is set to be credited on February 7^th. February 7^th is the effective date of the transaction.

Electronic money (e-money)

Monetary value stored electronically and issued upon receiving funds. It is a digital equivalent of cash.

E-money is stored on an electronic device (or remotely on a server) and can be used to pay for goods and services. Specific regulations (e.g., EU’s E-Money Directive) enforce restrictions and limits to e-money usage. E-money also requires an EM approval of your project. See Electronic Money Wallets for more information.

Foreign Account Tax Compliance Act (FATCA)

US extraterritorial regulation (in force since July 1^st, 2014) that aims to identify and report US taxpayers to the US tax authorities.

French Cybersecurity Agency (ANSSI)

The French national security cybersecurity agency (Agence nationale de la sécurité des systèmes d'information), in charge of granting the PVID certification.

Learn more on the ANSSI official website.

JSON Web Token (JWT)

Authentication token which also contains information about the User (e.g., id) and their Scopes. The token claimed information can be verified using a signature mechanism.

You need to provide this Token for any request made to the Treezor API.

Read more about the JWT in the Authentication article.

Mag Stripe

The magnetic stripe found on the back of a card. It is encoded with data, hence providing similar information as the card’s Chip.

Merchant

A business accepting electronic payment transactions.

Merchants are therefore equipped to accept and process card payments. This term applies to both in-person and online transactions.

Merchant Category Code (MCC)

The code categorizing the merchant’s commercial activity (e.g., clothing retailers, restaurants, etc.).

This code is included in any card transaction (withdrawals or payments) and allows you to restrict payments based on the merchant’s activity.

Find the list of MCC in the MasterCard's Quick Reference Booklet.

Merchant Identification Number (MID)

The unique identifier assigned to a merchant by their bank.

This 15-digit identifier is usually included in the card transaction, which:

• Helps identify a merchant.
• Allows you to restrict payments based on the MID.

You may also find the terms Merchant Identifier or Merchant ID to refer to this number.

Near Field Communication (NFC)

Technology that powers contactless payments with credit cards or smartphones for instance.

Nomenclature Activités Française (NAF)

The French coding system categorizing business and merchant activities.

Reading – Additional documentation in French

• CITI-NACE-NAF correspondence table
• Full list of NAF codes on insee.fr

Payment Card Industry Data Security Standards (PCI DSS)

Payment industry security standards to secure the sensitive data of payment cards.

It sets the technical and operational requirements to create a secure environment for sensitive card data, such as the PAN, CVV, and PIN.

PCI DSS was created by the Payment Card Industry Security Standards Council (PCI SSC) and is a contractual obligation adopted by major card schemes (Visa, Mastercard, etc.). It applies to all card payment process actors, including issuers and service providers.

Reading – PCI DSS integration

Find out more in the dedicated PCI DSS integration article.

Personal Identification Number (PIN)

The 4-digit code of the card, entered by the cardholder during a “card present” payment.

Primary Account Number (PAN)

The main card number, made up of 16 to 19 digits displayed on the card.

The first 6 to 8 numbers correspond to the IIN (Issuer Identification Number) or BIN (Bank Identification Number), hence identifying the entity that emitted the card.

Tip – The IIN first number identifies the network

Card schemes are easily identified with the IIN. For instance, 4 stands for Visa, and 5 for Mastercard.

Qualified Electronic Signature (QES)

Electronic signature with the highest level of security.

These electronic signatures are “qualified” because the user’s identity is verified through a selfie at the same time as they electronically sign the document.

QES is therefore eIDAS-compliant and:

• Ensures the signer identification
• Protects the signature against forgery and tampering
• Provides a certificate for electronic signature issued by a certified provider

Refund

The act of requesting a refund after funds have effectively been debited from the cardholder's wallet (due to a previous settlement).

See the Transactions life cycle article for more information.

Remote Identity Verification Providers (PVID)

Standard for robust and reliable remote identity verification processes to minimize fraud risks. Becoming a PVID (Prestataires de vérification d’identité à distance in French) requires passing a certification with the French Cybersecurity Agency (ANSSI).

Reversal

Cancellation of an accepted authorization at the merchant’s request.

There hasn’t been any funds movement when a reversal occurs, so only the Authorized Balance of the cardholder is affected.

See the Transactions life cycle article for more information.

SEPA Creditor Identifier (SCI)

The unique and mandatory reference for SEPA Direct Debit mandates.

It must appear in any direct debit application. Its main purpose is to allow each creditor, who may be located in any SEPA country, and their bank to know the precise identity of the issuer of the direct debit. This facilitates claims for reimbursement or action in the event of a complaint.

Structure of the SCI

The SCI length varies from country to country, but never exceeds 35 characters. Its structure is AABBCCCX, in which:

• AA – ISO country code (e.g., FR for France)
• BB – 2 control numbers
• CCC – Activity code that can be freely used by the creditor
• X – National identifier, which is up to 28 figures. This is the NNE (National Issuer Number), 13 characters long in France, formerly used for national debits.

SEPA Credit Transfer (SCT)

SEPA transfers initiated by the sender; the debtor credits another account.

This feature allows the sender to make Euro-denominated payments to SEPA countries accounts. Learn more from the European Payments Council SEPA Credit Transfers article.

SEPA Direct Debit (SDD)

SEPA transfers initiated by the receiver; the receiver debits another account, allowed to do so by a Mandate.

This feature allows the recipient to collect Euro-denominated payments from SEPA countries accounts. Learn more from the European Payments Council SEPA Direct Debit article.

SEPA Instant Payments

Real-time electronic payment method allowing for rapid and secure fund transfers between bank accounts within the SEPA region. The rapid processing offers a settlement within a matter of seconds, providing users with immediate access to transferred funds.

Learn more about SEPA Instant Credit Transfers from the European Payments Council article.

SEPA Open Banking Days

Days on which operations using the SEPA network are processed.

Operations on the SEPA Network are indeed subject to handling delays and timeframes. Operations aren't processed on closed days, which are the weekends (Saturdays & Sundays) and the following TARGET2 closed days:

• January, 1^st (New Year's Day)
• Good Friday (Vendredi saint)
• Easter day (Monday)
• May, 1^st (Labor Day)
• December, 25^th (Christmas)
• December, 26^th

When a delay or timeframe is indicated as Open Banking Days, these closed days must be excluded.

The list of closed days for the current year is available on the European Central Bank website.

Settlement

Step of the card transaction during which the funds are debited from the cardholder's account and credited to the merchant's account.

See the Transactions life cycle article for more information.

Single Euro Payments Area (SEPA)

Payment integration initiative of the European Union which simplified euro bank transfers (credit transfers and direct debits).

Learn more from the European Central Bank website.

Strong Customer Authentication (SCA)

A regulatory requirement aiming at reducing fraud and making payments more secure.

It enforces two-factor authentication for cardholders to validate online transactions. The factors must be two of the following elements:

• Knowledge – Something only the user knows (e.g., password)
• Possession – Something only the user has (e.g., phone)
• Inherence – Something only the user is (e.g., fingerprint)

Strong Customer Authentication (SCA) was introduced by the EU Revised Directive on Payment Services (PSD2) in 2015.

Learn more about SCA in the dedicated section of the documentation.

Terminal

Electronic device usually found in physical points of sale, allowing merchants to process card transactions.

You may also find the term point of sale (POS); it refers to a more global definition of terminals (including cash registers, for instance).

Top-up

The act of crediting (or recharging) an account. At Treezor, Wallets can be credited with card payments and check cashing for instance.

Unique Mandate Reference (UMR)

The mandatory reference provided by the owner of an account, allowing the account to be debited by SEPA Direct Debit.

At Treezor, the UMR is:

• Obtained by creating a Mandate – For SDDE.
• Provided by the Beneficiary – For SDDR. This value is available in the mandate_id attribute of the sepa.sddr_reception webhook.