A set of regulations followed by financial institutions which require them to actively monitor transactions and report any suspicious activities to prevent money laundering, fraud and terrorist financing.
API [Application Program Interface]
A custom-built link between two data programs which allows data to flow between them.
Account
A record of a person’s or company’s details, as well as a history of their financial activity related to their accounts.
Account Fees
An amount paid by the account holder which goes towards maintaining the account, and/or towards certain add-ons (i.e. products) which might come with the account.
Account Holder
The individual or company (sometimes called the customer) whose details are linked to the account and the card.
Activity
Any actions initiated by a cardholder, such as balance transfers, purchases, or credit taken out.
Admin Portal
A website log-in provided by the issuance platform, in this case Carta Worldwide, for companies to review their customer accounts, data, and products.
Agreement
A contract which is accepted by all parties it concerns.
Applicant
An individual or entity which has applied for an account but has not yet been accepted to be an account holder.
Audit Specification
A document which outlines what data needs to be audited.
Authorization
The process an issuer undergoes to verify an amount a cardholder wishes to pay. This includes checking they have enough funds to make the payment.
B
BIN Sponsorship
An alternative to joining a card scheme directly, this allows a company to gain access to major international card schemes, such as American Express, JCB, Mastercard, Visa and UnionPay. The BIN sponsor can process card transactions on a company’s behalf if they are a direct member of these schemes.
BIN [Bank Identification Number]
The first six to eight digits of a cardholder’s primary account number that identify the card issuer – i.e. the bank.
BNPL [Buy Now, Pay Later]
The option to pay for an item or service across several instalments rather than in one big lump sum, either interest-free or with interest applied.
Baas [Banking-as-a-Service]
White-label products companies can use to offer banking services to end customers without having to be a bank themselves.
Blocked Account
A previously active account which has had its status changed to prevent any further activity.
C
CNP [Card Not Present]
This happens when the card is not physically presented to the merchant, e.g. when a cardholder makes a purchase online, or over the phone.
CVV [Card Verification Value]
This is made up of two codes on the back of a card. One is in a magnetic strip and can be recovered by sliding the card through a magnetic stripe reader, while the other is a visible 3-4-digit number (called CVV2 by Visa and CVC2 by Mastercard). They are used to verify a cardholder’s identity.
Cardholder
An individual or company which has a debit, credit, or prepaid card.
Change Request Process
Once submitted, a change request is reviewed. It is then either rejected, altered or implemented, depending on the outcome of the review.
Change Request
A request to alter a product or system.
Change of Control
When 50% or more of a company’s voting shares are transferred to a new party.
Chargeback
The return of funds to a buyer due to a disputed or fraudulent transaction. The chargeback can be initiated either by the merchant or the cardholder’s issuing bank.
Closed Account
An account which has either been classed as ‘blocked’, ‘lost’ or ‘stolen’.
Closed Loop vs Open Loop
A payment which can only be made in one system, e.g. a gift card or prepaid card at one retailer. Conversely, an open loop payment can be processed anywhere which accepts the network that card is a part of, e.g. Visa, MasterCard.
Confidential Information
Any subject matter relating to account holder data, details within a signed agreement, or to Carta’s program specifications, business or financial matters.
Contactless Payment
A purchase made with a card but without the need to type in a 4-digit pin in the POS machine. This method uses a contactless chip in the card – or phone if you’re using a digital wallet – and then either radio frequency or Near Field Communication (NFC) to complete the payment.
Corporate Card
A card which business owners give their employees so they can make purchases using their company’s money, rather than their own. Employees are usually expected to track purchases on a card like this in a separate or linked expenses system.
Country of Issuance
Where a card was first given to its holder, usually in their home country.
Credit Card
A card which pays for goods and services using funds from a line of credit, rather than using funds from a current or checking account – which is what a debit card does.
D
Data Controller
The entity which exercises overall control over processing personal data.
Data Security Standard
A set of rules for products or processes that provides consistency, accountability, and efficiency. Like policies govern the actions of people, standards are designed to provide a repeatable way of doing things.
Debit Card
A card which pays for goods and services using pre-existing funds from a current or checking account, rather than using funds from a line of credit – which is what a credit card does.
Digital Wallets
An online application – usually an app – which stores digital versions of your debit and credit cards so you don’t have to carry around the physical cards. These include Google, Apple and Samsung Pay, as well as PayPal and Venmo.
Dispute Management
When a purchase is disputed by a cardholder, they can file a claim. This claim will then be validated or denied. While the dispute is managed on the card acquiring side, the burden-of-proof is on merchants to dispute chargeback claims made by cardholders.
Due Diligence
Every company is required to perform background checks on its customers to fulfil ‘Know Your Customer’ (KYC) and ‘Know Your Business’ (KYB) requirements. It is also important to perform similar checks on any potential partners before agreements are entered into.
E
Embedded Finance
The integration of payment methods and other banking-related tools to non-financial services, e.g. the ability to pay for credits in gaming.
F
Faster Payments
A UK payments system built back in 2008 which facilitates real-time payments of up to £1m, depending on a cardholder’s bank. The scheme is used to process payments day and night, 365 days per year.
Fees
The payments due for a company like Carta’s services, together with any third-party costs and mark-up.
Financial Inclusion
A global initiative adopted by companies and countries to ensure no community is left behind by an evolving financial system.
Foreign Exchange (Forex or FX)
The process of exchanging one country’s currency to another country’s currency using exchange rates which can fluctuate daily.
I
ISO 8583
ISO stands for International Organisation for Standardisation. A data message format that is used when credit and debit card data is exchanged, typically between point-of-sale devices and card issuers. The message can include data such as the value of the transaction, the card account number, and where the transaction originated.
Interchange Fee
Interchange is a small fee typically paid by acquirers (merchant’s bank) to issuers (cardholder’s bank), to recognise the value delivered to merchants, governments and consumers by accepting electronic payments. This transaction fee happens every time a customer makes a purchase using their card.
Issuer
The financial institution – usually a bank, fintech or payment firm – which issues debit, credit, and/or prepaid cards to account holders.
Issuer Agreement
The Agreement between Company and the Issuer for the issue of Accounts.
Issuer Processor
The issuer processor is a crucial cog in making and receiving payments, but can sometimes be forgotten as it works invisibly in the backend and isn’t customer-facing.
In simple terms, an issuer processor connects an issuer – which is usually a bank, fintech or payment firm – directly with the networks to provide the systems of record, manage the issuance of cards, authorize transactions, and communicate with settlement entities.
J
JSON
JavaScript Object Notation. A text-based format for storing and transporting data between a server and a user, e.g. { “name”: “Jess”, “age”: 33, “gender”: “female” }.
K
KYC/KYB [Know Your Customer / Know Your Business]
A standard companies follow to verify the identity of a customer – be that an individual, or a business. The standard is designed to protect financial institutions against fraud, money laundering and terrorist financing.
L
Ledger Balance
An account holder’s balance at the beginning of a business day.
Live Program
There are two important ways to define a live program. First is when the program is live after being built, this is when it has been activated in the production environments of both the isuser processor (like Carta Worldwide) and the card scheme. It is live, whether it is being used by customers or not.
The second stage of it being live is when funds are being credited or debited to/from an associated bank account as a result of activity triggered by the cardholder.
Load
The amount an account balance increases by after new funds are added to it.
M
MCC [Merchant Category Codes]
4-digit numbers used by card companies to classify a merchant by the types of goods or services they sell, according to ISO 18245.
Material
Any information (including confidential information), software, platforms or documentation passed between two parties.
Merchant
An individual (e.g. shopkeeper) or company (e.g. retailer) which buys and sells goods and utilises different payment methods to accept payments.
Multi-Currency Account
An account that can send and receive money in different currencies, avoiding the need to pay exchange fees.
N
Negative Balance
When an issuer processor refers to a negative balance, it relates to an outstanding balance that an account holder has to their issuer or program manager.
Non-Financial Institution
A company which is not primarily a financial services provider, e.g. a supermarket accepts payments for food and drink, but it does not provide payment solutions as a service.
Non-Financial Transaction
An exchange of data only, rather than of money, such as a balance enquiry or a change of personal details.
O
OSFI [Office of the Superintendent of Financial Institution]
An independent agency of the Canadian government which acts as the country’s financial regulator, regulating firms like Carta Worldwide.
One-Time Use Virtual Card
A single-use card attached to an account holder which generates a unique number so a customer never has to share their main account number with a merchant.
Open Account
An account which has been activated and is actively being used by a cardholder, as opposed to one which has been blocked, locked, or not yet activated.
Open Banking
An initiative spearheaded by governments requiring banks to share their customers’ data, with their consent to third-parties in order to give them access to new services, such as spend management apps and bank-initiated payments.
Open Loop Payment
A payment which can be processed anywhere which accepts the network that card is a part of, e.g. Visa, MasterCard. Unlike a closed loop payment, which can only be made in a closed system, e.g. a gift card or prepaid card spent at one retailer.
Operating Permission
For a standard issuer, these permissions allow an entity to issue prepaid accounts and e-money in line with a country’s regulation.
Security standards governed by the Payment Card Industry Security Standards Council (PCI SSC) – a global forum created by card networks. It is designed to ensure the security of card details, such as encryption and firewalls.
PIPEDA [Personal Information Protection and Electronic Documents Act]
Canadian federal legislation which governs private businesses’ collection, use and disclosure of personal information.
POS Device
A point of sale device (POS) is a system that businesses use to manage sales transactions. In the past, a POS in a shop would have been a big cash register and a ledger to record purchases and sales.
Personal Data
Any information about an identifiable individual or entity which is subject to privacy laws.
Physical Card
An often plastic or metal card that an account holder can use to pay for goods and services in-person, online or over the phone. The materials are evolving all the time and can now be made from many more materials such as cardboard.
Point of Sale
The time and place where a payment occurs, e.g a shopper might pay a merchant for an item at a till, or at an online checkout – both are the points of sale.
Pre-Open
An account which has not yet been activated but may have a balance.
Prepaid Card
A card a customer can buy with money pre-loaded on it. They can treat it like a pay-as-you-go debit card. Often used to pay bills, the card helps to stop people falling into debt.
Privacy Laws
All laws or regulations governing the collection, use, disclosure, retention or other handling of information about an identifiable individual, including PIPEDA.
Processing
Anything which happens to an account holder’s data, such as collection, recording, storage, alteration, or erasure.
Processor
The entity which processes personal data on behalf of the controller, which exercises overall control over data processing.
Product
Products are those marketed by our clients/Program Managers. Carta Worldwide operates the programs to manage their products.
Program Manager
Program Managers are the companies that manage a card program, typically under the supervision of an issuer BIN Sponsor. This entails day-to-day management which could include managing their ecosystem of partners and servicing of customer queries.
Program
A collection of products – or services – on Carta’s systems and platforms which form part of a bigger solution, such as private labelling.
Project Manager
An individual who coordinates multiple projects with the end goal of improving how a company operates.
Project Plan
A schedule which tracks required tasks and deliverables for each product in an ongoing project, estimating dates for completion. Carta will share this schedule with clients for information purposes only, but the document is not intended to create contractual rights or obligations.
R
Reconciliation
A bookkeeping/accounting process that matches bank statements and transaction activity up to an account holder’s balance on a system like Carta Worldwide’s.
Regulations
The laws and rules overseen by a country’s regulator. In Carta’s case, these include our contractual obligations towards an issuer.
Regulatory Body
A body independent of government, tasked with overseeing a certain industry by applying a set of rules. If these rules are broken, it can lead to fines and withdrawals of companies’ permissions.
S
Scheme
A card scheme is a central payment network that is responsible for kickstarting the authorization and/or settlement of a transaction. They provide the network, infrastructure, rules, and net settlement services to allow merchants to accept card payments and issuers to issue cards to their customers. The most common schemes are MasterCard or Visa.
Service Levels
A set of expectations a company agrees to meet for its customers, e.g. the time in which it agrees to process a payment.
Services
The culmination of products created by a company like Carta, which are supplied to clients to meet a particular need.
Settlement
The final step in the payment process. This is when the funds move, leading to the completion of a payment.
Software
Programs or operating systems which have been built and licensed by a company, such as Carta.
Solution Summary Document (SSD)
This document is designed to capture the baseline business requirements for a particular product. It outlines a software’s functionality (specs) and how it can be built.
Switch
Part of Carta Worldwide’s platform that connects to the scheme (Visa/MC) and ‘switches’ and authorization requests to the client’s host System of Record through an External Authorisation interface (either ISO 8583 or JSON).
System of Record
Part of Carta Worldwide’s platform which is used by a company as an authoritative source for client data. It can store details such as a customer’s available balance, or their transaction history. Carta can act as a system of record for balance management, for example.
T
Tokenised Cards
These replace sensitive data with generated numbers to stop sensitive data from being compromised.
Trademark
A unique symbol or brand which is owned or licensed by the company which uses it.
Transactional Data
Data which is attached to a payment made by an account holder.
V
Virtual Card
A digital version of a physical card which can be stored in a digital wallet.
W
Wearable Payments
A device with built-in near-field communication technology, or bluetooth, which can initiate contactless payments.
Webhooks
A mode of communication between web applications. It allows real-time data to be sent from one application to another using HTTP callbacks.
