Glossary
A
Acquirer (or acquiring bank)
A member of a card association, for example Mastercard or Visa, who maintains merchant relationships and receives card transactions from merchants.
ACB (Automated Clearing Bureau)
Prior to the establishment of BankservAfrica in the first half of 1993, the banking industry in South Africa jointly owned several companies that provided shared services to the banks through a variety of payment channels. As these companies followed their own direction and operated in separate silos, the need arose to consolidate them into a single structure: the ACB.ACH (Automated Clearing House)
A group of processing and financial institutions that are linked by a computer network. Various types of electronic payment transactions, including credit card settlements, are routed across this network. The Automated Clearing House network provides a means of exchanging funds electronically. The National Automated Clearing House Association (NACHA) is responsible for maintaining the ACH rules and standards governing the exchange of ACH payments between financial institutions.
AISP (Account Information Service Provider)
A service provider that, with customer consent, can access account information from multiple banks and financial institutions to provide aggregated financial data. AISPs are important for personal finance management and open banking services.
AML (Anti-Money Laundering)
A framework of laws and regulations designed to prevent criminals from disguising illicitly gained funds as legitimate income. AML processes involve monitoring transactions and reporting suspicious activities to financial authorities to mitigate money laundering risks.
AEDO (Authenticated Early Debit Order)
A debit order that enables the account holder to mandate contracted future-dated early debit orders through the use of their bank card (e.g. debit card) and PIN.
API (Application Programming Interface)
A set of rules that allows different software systems to communicate with each other. APIs are central to fintech, enabling platforms to connect with banks, payment gateways, and other services.
Authentication
- A security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual’s authorisation to receive specific categories of information or transaction approval (in the case of cards or payment orders).
- A security measure designed to protect a communications system against acceptance of a fraudulent transmission or simulation by establishing the validity of a transmission, message, or originator.
- A cryptographic process, performed during a chip-initiated transaction, that is used to validate the integrity of data provided to identify one or more of the following: issuer, card, chip-reading device and message content.
Authorisation
The first of seven stages in processing a bank card transaction. In this stage, the merchant issues a request to charge the amount to the cardholder’s card. The card issuer or an authorised agent, such as an authorising processor or a stand-in processor, references the cardholder’s account status and credit limit and approves or denies the transaction.
B
BankservAfrica
Africa’s largest PCH/ACH, which is majority owned by the ‘Big 4’ South African banks with a minority holding of smaller banks. It is a provider of electronic payments technology, including cheque and credit/debit card processing, mobile payments, SWIFT messaging and wire systems for banks.
BaaS (Banking as a Service)
A model where traditional banks provide banking services to fintech companies via APIs. This allows non-banking businesses to integrate banking products like loans, payment processing, or accounts into their own offerings without becoming fully licensed banks.
Big 4
A collective name for the four largest banks in South Africa, namely Absa, First National Bank, Standard Bank and Nedbank.
C
Card Association
Visa and MasterCard are member-based organisations formed to manage the rules, regulations, and process of interchanging card transactions. Their membership consists of issuers, who are responsible for the management and issuance of debit and credit cards, and acquirers, who are responsible for the procurement and management of merchant relationships for card acceptance.
Cardholder Data
A covering term for the full Primary Account Number (PAN), along with any of the following elements:
- Cardholder name
- Expiry date
- Service code
Sensitive Authentication Data, which must also be protected, includes full magnetic strip data, CAV2, CVC2, CVV2, CID, PINs and PIN blocks.
CBS (Core Banking System)
A centralised system that supports daily banking operations such as account management, transaction processing, and reporting. CBS allows for real-time transaction processing across multiple branches and channels.
CCD (Common Core Definitions)
A minimum common set of card application implementation options, card application behaviours and data element definitions that is sufficient to accomplish an EMV transaction. CCD is not a functional application specification.
CFT (Combating the Financing of Terrorism)
Measures implemented to identify and disrupt the funding networks of terrorist organisations. CFT regulations often overlap with AML policies, as both are aimed at preventing illegal activities through financial channels.
Chargeback
The return of funds to a consumer, forcibly initiated by the consumer’s issuing bank. Specifically, it is the reversal of a prior outbound transfer of funds from a consumer’s bank account, line of credit, or credit card.
Co-branded Cards
Visa or Mastercard credit cards jointly sponsored by a bank and a retail merchant such as a department store. Co-branded cards can be issued at less cost than conventional retail private label cards, and give issuing banks access to new customers. Cardholders may be given incentives, such as discounts on merchandise, rebates, or discounts off purchases. A co-branded card has a tie-in with a specific merchant rather than an association or professional group. It can also be used at other merchants.
CPA (Common Payment Application)
CPA (Common Payment Application) is a functional description of an application that complies with the CCD requirements. CPA implementations must comply with CCD requirements, whereas CCD implementations may not necessarily comply with CPA.
CRS (Common Reporting Standards)
An international standard for the automatic exchange of financial account information between governments. It helps fight tax evasion by requiring financial institutions to report data on non-residents to their home countries’ tax authorities.
Cryptocurrency
A digital or virtual currency secured by cryptography, making it nearly impossible to counterfeit. Cryptocurrencies operate on decentralized networks based on blockchain technology, with Bitcoin and Ethereum being well-known examples.
D
DeFi (Decentralised Finance)
A blockchain-based form of finance that does not rely on traditional intermediaries like banks. DeFi platforms offer financial services (lending, borrowing, trading) through smart contracts.
Digital Wallet
A software-based system that stores users’ payment information and passwords for numerous payment methods and websites. Digital wallets allow users to make transactions quickly without needing physical cards.
E
EFT (Electronic Funds Transfer)
The electronic exchange or transfer of money from one account to another, either within a single financial institution or across multiple institutions, through computer-based systems.
EMV (EuroPay, Mastercard and Visa)
A global standard for interoperation of integrated circuit cards (also called IC cards or chip cards) and IC-card-capable point of sale (POS) terminals and automated teller machines (ATMs), for the purpose of authenticating credit and debit card transactions.
Encryption
The process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing a key to the cipher.
EVD (Electronic Value Distribution)
The system of distributing and managing electronic currencies, vouchers, or stored value such as prepaid airtime or e-money. EVD platforms allow businesses and consumers to exchange electronic value seamlessly across various applications.
F
FCA (Financial Conduct Authority)
A UK regulatory body responsible for overseeing the financial markets and protecting consumers. The FCA ensures that financial products and services are fair, transparent, and operate in a competitive environment.
FICA
The Financial Intelligence Centre Act (Act 28 of 2001), a South African law designed to combat money laundering. Money laundering is the abuse of financial systems to hide or disguise the proceeds of crime.
Firewall
A device or set of devices designed to permit or deny network transmissions based upon a set of rules. Firewalls are frequently used to protect networks from unauthorised access while permitting legitimate communications to pass. Many personal computer operating systems include software-based firewalls to protect against threats from the public internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions.
I
Interchange
The fee that a merchant’s bank pays a customer’s bank when merchants accept card payments using card networks.
Issuer (or issuing bank)
A bank that offers card association branded payment cards directly to consumers.
K
KYC (Know Your Customer)
A regulatory requirement that financial institutions verify the identity of their customers to prevent fraud, money laundering, and other illegal activities. It typically involves collecting personal information, proof of identity, and sometimes proof of address.
M
Merchant
Any entity that accepts payment cards, not limited to those bearing the logos of any of the five members of PCI SSC (American Express, Discover, JCB, Mastercard and Visa) as payment for goods or services. Note that a merchant who accepts payment cards as payment for goods or services can also be a service provider, if the services sold result in storing, processing or transmitting cardholder data on behalf of other merchants or service providers. For example, an ISP is a merchant that accepts payment cards for monthly billing, but also is a service provider if it hosts merchants as customers.
Merchant Account
A merchant account is set up with a financial institution to allow merchants to accept credit card payments directly from their clients. Unlike most third-party services, money collected through the merchant account is deposited directly into the merchant’s checking account within 2 to 3 business days. Merchants need a merchant account if they want to take credit card payments from their clients using their own business name and have the money deposited directly into their business checking account.
Merchant Fee
When a business owner sets up a merchant account to enable their customers to pay for products or services using credit cards or debit cards with a Visa or Mastercard logo, they have to pay some fees associated with the credit card transactions. The specific fee amounts depend on the merchant account provider that provides the credit card processing service. However, there is a list of typical fees that the majority of providers charge business owners in exchange for the ability to accept credit cards as payment.
MICR (Magnetic Ink Character Recognition)
A character recognition technology used primarily by the banking industry to facilitate the processing of cheques. The technology allows computers to read information (such as account numbers) off printed documents. Unlike barcodes or similar technologies, however, MICR codes can be easily read by humans.
MNO (Mobile Network Operator)
A provider of wireless communication services that owns and operates infrastructure for mobile networks, including telecommunications towers and services like SMS, mobile data, and voice calling.
M/S (Merchant Services)
A suite of financial services designed to help businesses accept and process payments from customers, primarily involving credit and debit card transactions. Merchant services can also include payment gateways, point-of-sale systems, and fraud prevention.
N
NAEDO (Non-Authenticated Early Debit Order)
A collection system that allows future-dated collections to take place early in the day, closer to the payment window, to improve collection rates. It is a National Credit Act initiative that strives to prohibit preferential collection systems and to create equal opportunity for creditors to collect funds from debtors. The National Payment Systems Act provides for NAEDO, which dictates that transactions presented for payment from financial institutions and creditors are randomly presented for payment. This ensures a level playing field for priority collections.
NCA (National Credit Act)
The NCA became fully operational in South Africa on 1 June 2007. The NCA replaces the Usury Act (Act 73 of 1968), the Credit Agreements Act (Act 75 of 1980) and the Integration of Usury Laws Act (Act 57 of 1996), which was the primary legislation governing the granting of credit within the South African financial services industry since 1968. In essence, the NCA is designed to promote a fair and non-discriminatory marketplace in South Africa.
Neobank
A digital-only bank that operates without physical branches. Neobanks provide a variety of financial services such as savings accounts, payments, and loans, typically through mobile apps.
NPS (National Payments System)
A system that provides management and administration, operation, regulation and supervision of payment, clearing and settlement in the Republic of South Africa, as well as related matters. It is governed by the National Payments Act (Act 78 of 1998).
‘Not on us’ Transactions
Transactions in which the bank that issued the card is not the same as the one that owns the ATM or POS terminal on which the transaction is made.
O
‘On us’ Transactions
Transactions in which the bank that issued the card is the same as the one that owns the ATM or POS terminal on which the transaction is made.
P
PaaS (Platform as a Service)
A cloud computing model that provides businesses with a platform to develop, run, and manage applications without worrying about underlying infrastructure. PaaS includes infrastructure such as servers, storage, and networking resources.
PASA (Payments Association of South Africa)
PASA is recognised by the South African Reserve Bank (SARB) as a payment system management body in terms of the NPS Act, which was promulgated in October 1998. PASA performs a crucial function in the South African economy by assisting the SARB in managing the safety and integrity of the NPS, through which all payments between financial institutions must flow.
Payment Service Provider
Payment Service Providers, also known as Payment Gateways, connect a merchant to the bank or processor that is acting as the front-end connection to the card issuing association. They are called gateways because they take many inputs from a variety of different applications and route those inputs to the appropriate bank or processor. Gateways communicate with the bank or processor using dial-up connections, web-based connections or privately-held leased lines. They operate in accordance with security compliance, as set out by the Card Associations, ACH and industry regulators such as PCI and EMVCo.
Payment Token
A payment token is a reversible token generated at the payment issuer level. This means that the token can be securely mapped back to its original account number by the provider of the payment token and authorised entities only. It is used as part of the payment chain and, when submitted in a transaction to the payment system, causes a payment to occur.
The tokenisation process happens in a manner that is typically invisible to the consumer. Such tokens could be used by merchants or digital wallet operators, and can be stored in EMV chip cards and NFC devices. The payment tokens are restricted to specific domains. For example, a token may be usable only within the e-commerce acceptance channel at a specific merchant. An additional capability of payment tokens is that they can be unlinked from the original card account number in case the token is either no longer needed or a mobile device or card has been lost or stolen. Payment tokens are of particular value in card-not-present transactions, as well as with mobile devices and similar form factors.
PCI-DSS (Payment Card Industry Data Security Standard)
A set of specific security standards developed by the PCI payment brands to help promote the adoption of consistent data security measures that are needed to protect sensitive payment card information. The standard applies to all organisations who hold, process or exchange cardholder information from any card branded with the logo of the payment brand companies.
PCI: The Payment Card Industry Data Security Standard is a set of security protocols designed to protect sensitive account data during and after transactions. It is vital for any organization that handles card payments.
PA-DSS: This standard applies specifically to software applications that store, process, or transmit cardholder data as part of payment processing. Compliance ensures that the software does not introduce vulnerabilities in payment security.
PCH/ACH (Payment Clearing House/Automated Clearing House)
An electronic network for financial transactions, processing large volumes of credit and debit transactions in batches. In South Africa, a network established by bilateral, legally binding arrangement by two or more settlement system participants (excluding the designated system operator) that governs the clearing of payment instructions to be settled by the South African Reserve Bank’s settlement participants.
PIN (Personal Identification Number)
A secret numeric password shared between a user and a system that can be used to authenticate the user to the system. PINs are most often used for automated teller machines (ATMs), but are increasingly used at the point of sale for debit cards and credit cards. Throughout Europe and Canada the traditional in-store credit card signing process has increasingly been replaced with a system where the customer is asked to enter their PIN instead of signing. In the UK and Ireland, this system is called chip and PIN, since PINs were introduced at the same time as EMV chips on the cards. In other parts of the world, PINs have been used before the introduction of EMV chips. Apart from financial uses, GSM mobile phones usually allow the user to enter a PIN of between 4 and 8 digits. The PIN is recorded in the SIM card.
PISP (Payment Initiation Service Provider)
A service provider under PSD2 that initiates payments on behalf of customers, directly from their bank account. PISP services allow users to make payments without needing to rely on card networks or other traditional payment mechanisms.
POS (Point of Sale)
A hardware payment device used to swipe debit and credit cards for payment. This device enables payments to be authorised through the acquiring bank.
PSD2 (Revised Payment Services Directive)
A European Union regulation designed to increase competition and innovation in the payments industry. PSD2 allows for secure and transparent online payments while opening the door for new players like fintechs to access customer data (with consent) to offer financial services.
R
Real-Time Payments
Payment systems that enable the immediate transfer of funds between bank accounts, providing instant confirmation to both payer and payee. Real-time payments are increasingly used for P2P, B2B, and consumer transactions.
RegTech (Regulatory Technology)
Technologies developed to help companies comply with regulatory requirements more efficiently and cost-effectively. RegTech solutions use automation, machine learning, and blockchain to manage compliance processes.
RTC (Real-time Clearing)
An online service that enables customers to move single credit payments to beneficiaries, such as account payments, in real time. In this context, real time means within 60 seconds, 24 hours a day, 7 days a week, 365 days a year. The system is integrated with the Central Bank settlement service, supports multiple settlement windows and includes the ability to force settlement when a participating bank’s daily exposure limit is reached. Access to a web-based transaction look-up facility, management information and intra-day exposure (IDE) values are part of the offering.
RTGS (Real-time Gross Settlement)
A high-value payment system where transactions are processed individually and immediately, rather than in batches. RTGS systems are used for large-value, time-sensitive payments such as interbank transfers and settlements.
S
SaaS (Software as a Service)
A cloud computing model where software is provided as a service over the internet. Customers can access applications via a web browser without the need for installations or managing infrastructure. Examples include CRM systems, collaboration tools, and payment gateways.
SADC (Southern African Development Community)
An inter-governmental organisation consisting of 16 southern African countries, aimed at promoting socio-economic cooperation and integration. In fintech, SADC member countries often collaborate on financial policies and standards for regional economic development.
SARB (South African Reserve Bank)
The central bank of the Republic of South Africa. The primary purpose of the SARB is to achieve and maintain price stability in the interest of balanced and sustainable economic growth in South Africa. Together with other institutions, it also plays a pivotal role in ensuring financial stability.
SASWITCH
BankservAfrica’s SASWITCH service enables clients of any participating bank to draw money from ATMs belonging to any other participating bank. This service is available to holders of credit and debit cards. All domestic transactions with a valid bank identification number (BIN) are switched between acquiring and issuing financial institutions. ATM card transactions bearing an international BIN are not switched via BankservAfrica. Once a transaction is received from an acquiring financial institution, BankservAfrica applies PIN security algorithms, secures the transaction on both the BankservAfrica primary and disaster recovery (DR) processors, and then forwards the transaction to the issuing financial institution. This is followed by the standard authorised/not authorised response to the acquiring financial institution.
SCF (Supply Chain Finance)
A set of financial tools that help optimize cash flow for businesses in a supply chain. SCF allows suppliers to receive payments early at a discount while buyers can extend their payment terms, improving working capital for both parties.
Stablecoin
A type of cryptocurrency that is pegged to a stable asset, like fiat currency (USD, EUR) or commodities (gold), to reduce volatility. Stablecoins are widely used in trading, payments, and as a store of value.
Strate
The licensed Central Securities Depository (CSD) for the electronic settlement of financial instruments in South Africa. Strate’s core purpose is to mitigate risk, bring efficiencies to the South African financial market and improve South Africa’s profile as an investment destination. Strate is aligned to international best practices and continually strives to ensure operational excellence and provide enhancements for the good of the Southern African financial market. Strate handles the settlement of a number of securities for the Johannesburg Stock Exchange (JSE), including equities and bonds as well as a range of derivative products such as warrants, Exchange Traded Funds (ETFs), retail notes and tracker funds. It has now added the settlement of money market securities to its portfolio of services. It provides services to issuers for their investors in terms of the Companies Act and Securities Services Act (SSA) of 2004.
T
TCIB (Transactions Cleared on an Immediate Basis)
A payment mechanism that allows for immediate or near-real-time settlement of transactions between financial institutions or payment systems. TCIB is vital for high-speed clearing and settlement of funds.
Third-party Processor (TPP)
Any company that stores, processes, or transmits cardholder data on behalf of another entity. A third-party processor may be mandated to act as a front-end processor on behalf of an acquiring bank, or it may be contracted by a bank or payment service provider to conduct some part of the transaction processing process. In internet credit card processing, the Secure Payment Gateway Provider is another type of third-party processor.
Transaction
Any event that causes a change in an organisation’s financial position or net worth, resulting from normal activity. Examples include advance of funds, purchase of goods at a retailer, or when a borrower activates a revolving line of credit, as well as any activities affecting a deposit account that are carried out at the request of the account owner. One example of a transaction is the process that takes place when a cardholder makes a purchase with a credit card.
Transaction Data
Transaction data includes data related to electronic payment card transactions, token transactions or EFT transactions.
W
White Label Solution
A product or service created by one company but rebranded and sold by another company as its own. In fintech, white-label solutions are common for digital wallets, payment gateways, and banking software.