Get in Touch
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
An authentication protocol used to reduce fraud in card not present transactions.
the backend system that connects, manages, and coordinates multiple APIs into unified workflows. EFT Corporation enables banks to manage complex ecosystems through this layer.
refers to when a Switch (like Postilion) directly drives or controls ATM machines, managing their transaction flow and operations through a Source node.
Account takeover fraud (ATO) is a type of identity theft where a fraudster gains unauthorized access to a victim's online account, potentially using their identity for fraudulent activities. Common methods include phishing, malware, and social engineering. Preventing ATO requires robust security measures, continuous user behavior monitoring, and advanced authentication methods.
A financial institution that processes card payments on behalf of a merchant. An acquirer is a bank that serves merchants. It is licensed to provide merchant accounts to qualified businesses, enabling these businesses to process payment card transactions. The acquirer, through a merchant agreement, is tasked with issuing merchant accounts, obtaining funds, assessing fees, monitoring risk, and implementing revenue holds.
The Acquirer Reference Number (ARN) is a unique identifier assigned to credit card transactions, aiding in tracking and tracing payments from the merchant's bank to the cardholder's bank. It's crucial for dispute resolution, compliance with regulations, and efficient payment management.
Address Verification Service (AVS) is an ecommerce tool used to verify identity and reduce unauthorized transactions and chargebacks by comparing a shopper's billing address to the issuers. The system analyses the building number and postal code in the billing address, generating a code that communicates with the merchant to either say it matches, or it doesn't.
Anti-Money Laundering (AML) efforts are laws and procedures designed to prevent criminals from presenting illegal funds as legitimate income. They help businesses and governments detect and prevent money laundering, ensuring compliance with national and international laws and maintaining the financial system's integrity.
APIs are rules and protocols that enable software applications to communicate and interact seamlessly. They are essential for integrating systems and services, enhancing functionality, and streamlining operations. APIs connect payment gateways, fraud detection systems, and customer identity verification tools for secure data exchange.
The card is valid, the account is in good standing, and there are enough funds.
AI simulates human intelligence through processes like learning, reasoning, and self-correction. It’s used in systems like expert systems, NLP, and machine vision. In fraud detection, AI analyzes large data sets in real-time to spot unusual patterns, improving accuracy over time. It also automates tasks like transaction monitoring and reporting, boosting efficiency, ensuring compliance, and reducing human error.
The process of checking with the issuer if a cardholder has sufficient funds and if the transaction can be approved.
Before completing a transaction, the merchant sends an authorization request to the customer's issuer, which responds with an authorization code. This code helps the merchant decide whether to proceed with the transaction. The three possible outcomes are:
Authorized Push Payment (APP) fraud occurs when a fraudster convinces a victim to authorize a payment to their account, often by impersonating trusted entities like banks or government officials. Since the payment is authorized by the victim, recovering the funds is challenging. To combat APP fraud, it's important to educate customers, use behavioral analytics to detect unusual payment patterns, and strengthen verification and monitoring processes. Industry collaboration can help improve fraud prevention and recovery efforts.
The Automated Clearing House (ACH) is a U.S. electronic network for processing bank transactions, such as direct deposits and bill payments. It batches payments for processing the next business day and provides a secure, cost-effective way to transfer funds. ACH transactions follow regulations set by NACHA to ensure safety.
A merchant's average monthly sales volume is calculated by dividing their total annual sales by 12. For new businesses without processing history, an estimate may be required. This metric is used by processors to assess merchant risk and can influence account approval. High sales volume increases risk due to potential chargebacks, so some processors set a maximum monthly sales limit. Exceeding this limit, especially early on, could trigger a risk review and lead to account closure. Merchants are advised to set their own sales thresholds below the processor's limits, and processors may require a reserve to cover potential liabilities.
This volume is a key factor in evaluating merchant risk and can impact account approval or denial. High transaction volumes are risky because they increase the likelihood of chargebacks, for which the processor could be liable. To manage risk, some processors set a maximum monthly volume limit.
The average ticket amount is calculated as the net value of sales divided by the number of transactions processed.
A Bank Identification Number (BIN) uniquely identifies each bank or financial institution within card networks and is used to identify both issuers and acquirers. Since non-bank entities like American Express issue cards, the term Issuer Identification Number (IIN) is also commonly used. Merchants use BINs to identify the card issuer, submit authorization requests, and ensure payment routing. They may also analyze chargeback data by BIN to identify high-risk institutions.
financial technology model that enables licensed banks to deliver core banking capabilities – like cards, wallets, and payments – to fintechs, telcos, retailers and other businesses via APIs.
Behavioral analytics is the practice of collecting and analyzing data on how users interact with a system, application, or website. This involves tracking user actions, such as clicks, navigation paths, time spent on various sections, and other interactions to gain insight into user behavior.
A billing descriptor helps cardholders identify transactions on their bank statements, but if not understood, a chargeback may be initiated.
Biometric spoofing is the act of forging biometric identifiers (like fingerprints or facial recognition) to bypass security systems. It poses a risk to systems relying on biometric authentication, as fraudsters can exploit vulnerabilities to gain unauthorized access. To combat this, countermeasures such as liveness detection and multi-factor authentication (MFA) are essential for improving security and reliability.
Biometrics uses unique physical or behavioral traits (like fingerprints, facial recognition, or voice) to verify identity. It enhances security by providing a reliable method that's hard to replicate or steal. Common uses include smartphone unlocking, secure access, and financial transactions. Biometrics reduces reliance on passwords, improving security, user access, and compliance with identity verification regulations.
A blacklist is a list of known or suspected malicious entities—like IP addresses or individuals—used to block access and prevent fraud. While effective for stopping known threats, blacklists should be combined with real-time monitoring and adaptive security to address evolving tactics.
Business Email Compromise (BEC) fraud involves cybercriminals accessing company email accounts—often via phishing—to deceive employees into transferring money or sensitive data. By impersonating trusted contacts, fraudsters exploit business relationships, leading to major financial and data losses. Preventing BEC requires strong email security, employee training, and strict verification for financial transactions.
Business verification is the process of confirming a business's legitimacy through checks on legal status, ownership, and compliance. It helps prevent fraud, ensures regulatory compliance (like AML and KYC), and builds trust by supporting secure and reliable partnerships.
Bust-out fraud occurs when a fraudster builds good credit with a card, then maxes it out without intending to repay. They often make small payments at first to avoid suspicion, then suddenly spend heavily and disappear. It causes major financial losses and is hard to detect. Prevention involves advanced analytics, real-time monitoring, and machine learning to spot unusual behavior early.
Card Management Service performs the generation of card data, and authenticates card transactions.
The Card Acceptor ID (CAID) is a unique code given to a merchant by their payment processor to identify them during transactions. It ensures accurate payment routing, supports dispute resolution, helps detect fraud, and provides data for analytics and compliance.
A card network (or card association) facilitates and regulates payment card transactions. Examples include Visa, Mastercard, American Express, and Discover. Visa and Mastercard work with issuing and acquiring banks, while networks like American Express and Discover often operate independently issuing cards directly and handling most transactions themselves.
The card security code is a 3- or 4-digit number used to prevent fraud in card-not-present transactions. It's printed on the card and varies by brand: Visa uses CVV2, Mastercard uses CVC2, and Discover uses CMID—each on the back of the card. American Express uses a 4-digit CID on the front.
The CVV is a 3- or 4-digit security code on credit and debit cards used to confirm the cardholder’s physical possession during card-not-present transactions. It helps reduce fraud but can still be compromised. To strengthen security, businesses use CVV checks alongside tools like address verification, multi-factor authentication, and real-time fraud detection.
The secure storage of cardholder PAN in a database that can be used for future payments.
CNP fraud happens when transactions are made without the physical card, typically in online, phone, or mail orders, using stolen card information. It poses a major risk for businesses due to identity verification challenges. To reduce CNP fraud, companies use tools like multi-factor authentication, real-time fraud detection, and enhanced verification methods.
A Card-Not-Present (CNP) transaction occurs when the physical card isn't used at a POS terminal, and the cardholder provides details remotely—typically online, by phone, or through mail orders (also known as MOTO). While "CNP" is a common industry term, card brands often refer to it more formally as a "card absent" environment.
A Card-Present transaction occurs when a physical card is used at a point-of-sale (POS) terminal, typically in brick-and-mortar stores. Examples include swiping a magnetic stripe, inserting an EMV chip, or using a contactless/NFC reader.
A transaction that is disputed by the cardholder and reversed by the issuer, potentially resulting in a refund to the cardholder. Chargebacks protect consumers from unauthorized or illegitimate transactions by reversing the payment and returning funds to the cardholder. Unlike refunds, chargebacks bypass the merchant and are handled between the customer’s bank, the merchant’s bank, and the card brand, resulting in revenue loss for the merchant.
this type of wallet can only be used within a specific ecosystem or brand (e.g. retail stores, loyalty apps, ride-hailing services).
A credit card allows the cardholder to borrow money from the issuer for purchases. The cardholder must repay the borrowed amount at the end of each billing cycle.
Customer Due Diligence (CDD) involves verifying a customer's identity and assessing risk before starting a business relationship. It helps prevent financial crimes like money laundering and ensures compliance with AML and KYC regulations. CDD promotes transparency, trust, and protection for both businesses and clients.
Customer fraud involves deceitful actions by customers to gain money, goods, or services illegally—such as using stolen payment info or making false refund claims. It can lead to financial loss and reputational harm. To prevent it, businesses verify identities, monitor transactions, and enforce strong return policies.
A Customer Relationship Management (CRM) system stores information about contacts and customers, such as email addresses and purchase history. It's sometimes used interchangeably with an Order Management System (OMS), though they serve slightly different functions.
Card linked to account on core banking server.
The card is lost/stolen, the account is not in good standing, or there are insufficient funds.
Digital KYC is the process of verifying a user’s identity remotely using electronic means.
a mobile or web-based platform that allows users to store, send, and spend money electronically.
integrating financial services like payments, lending, or wallets into everyday digital platforms.
refers to the final user of the financial products and services delivered through EFT Corp’s BaaS technology. Depending on the use case, the end customer can be an individual consumer, a merchant receiving payments, or an employee accessing a payroll or expense wallet.
this type of wallet allows users to transact with a selected network of merchants or partners, without direct cash withdrawals.
When one Switch (Postilion) connects directly to another Switch (Postilion), e.g. a Sink node of Postilion A connects with a Source node of Postilion B.
Switch infrastructure (Hardware and Software) is hosted by EFT Corporation.
An international standard for electronic data interchange between financial institutions/systems: XML-structured (human-readable), Used in Modern financial messaging systems (e.g. Instant Payment), highly Flexible and Extensible.
An international standard for electronic data interchange between financial institutions/systems: Field-structured, Card-centric, used in Legacy systems (e.g. ATM, POS and Card schemes), Many variations make interoperability difficult.
a software module in the Switch (Postilion) that translates and routes messages between the internal format used by Postilion and the external message formats and protocols used by other financial networks/systems and vice versa.
Processors card payments services by connecting directly with the networks and issuing bank to provide the system to manage issuance of cards, authorize transactions and settlement.
An issuing bank enables their own app to support Tap to Pay.
Merchant Discount rate, which is the rate that the merchant is charged by either the acquirer or PSP to facilitate payments.
Mobile point of sale.
A unique identifier assigned to a merchant account by the acquirer or PSP.
A four-digit code used to classify a business by the type of goods or services it provides.
Online retailers utilize 3D Secure as a fraud prevention solution. It assists in confirming that the customer is the real cardholder. 3D Secure is referred to by network-specific product names such as Mastercard Secure Code and Visa Secure (formerly Verified by Visa).
this type of wallet enables users to make payments anywhere a payment network (like Visa or Mastercard) is accepted.
A set of security standards designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. Developed by the Payment Card Industry Security Standards Council (PCI SSC), PCI-DSS helps protect cardholder data and reduce fraud. Compliance is required for any busine handling payment card transactions.
Point of Sale.
refers to when a Switch (like Postilion) directly communicates with and manages POS terminals through a Source node. The Switch essentially acts as the controller and gateway for all transactions initiated from retail or merchant POS devices.
A service provider that securely transmits payment information from the merchant to the acquirer.
An ACI-supplied payment processing platform commonly used for switching and routing financial transactions.
Prefunded card, linked to a pre-paid card program, such as Gift Card, Payroll Card.
the ability to push a card listed in an app, to be enrolled in a X-Pay wallet, without the need to enter the details within the X-Pay app.
ACI terminology.
Switch infrastructure (Hardware and Software) is hosted by the Owner of the Switch
The daily process of transferring funds to the merchant’s account.
sends or forwards messages out of the Postilion system to a specific destination.
receives or accepts messages into the Postilion system from a specific origin.
refers to the funding source behind a digital wallet. EFT Corp supports wallets backed by bank accounts, internal ledgers (for rewards or loyalty), or third-party sources like crypto exchange platforms.
Using a stored card or token on a phone/device to tap to pay at a contactless terminal, instead of using a physical card.
Problems like invalid account numbers, incorrect PINs, or equipment malfunctions.
a tenant is any fintech, telco, retailer or other business that has partnered with a bank to use EFT Corporation’s BaaS technology to launch financial services.
Storing sensitive data, such as card PAN as a non-sensitive equivalent “Token”. The Token on its own has no value.
The process of masking or de-sensitizing a sensitive card number for use online.
features that enhance the core wallet experience like airtime and data purchases, utility bill payments, voucher redemptions, and digital gift cards.
allows banks to deliver banking-as-a-service under their own brand, using EFT Corp’s BaaS technology.
Generic term to represent all the Tap to Pay wallets, such as Apple Pay, Google Pay, Samsung Pay etc.
