A set of regulations followed by financial institutions which require them to actively monitor transactions and report any suspicious activities to prevent money laundering, fraud and terrorist financing.
API [Application Program Interface]
A custom-built link between two data programs which allows data to flow between them.
A record of a person’s or company’s details, as well as a history of their financial activity related to their accounts.
An amount paid by the account holder which goes towards maintaining the account, and/or towards certain add-ons (i.e. products) which might come with the account.
The individual or company (sometimes called the customer) whose details are linked to the account and the card.
Any actions initiated by a cardholder, such as balance transfers, purchases, or credit taken out.
A website log-in provided by the issuance platform, in this case Carta Worldwide, for companies to review their customer accounts, data, and products.
A contract which is accepted by all parties it concerns.
An individual or entity which has applied for an account but has not yet been accepted to be an account holder.
A document which outlines what data needs to be audited.
The process an issuer undergoes to verify an amount a cardholder wishes to pay. This includes checking they have enough funds to make the payment.
An alternative to joining a card scheme directly, this allows a company to gain access to major international card schemes, such as American Express, JCB, Mastercard, Visa and UnionPay. The BIN sponsor can process card transactions on a company’s behalf if they are a direct member of these schemes.
BIN [Bank Identification Number]
The first six to eight digits of a cardholder’s primary account number that identify the card issuer – i.e. the bank.
BNPL [Buy Now, Pay Later]
The option to pay for an item or service across several instalments rather than in one big lump sum, either interest-free or with interest applied.
White-label products companies can use to offer banking services to end customers without having to be a bank themselves.
A previously active account which has had its status changed to prevent any further activity.
CNP [Card Not Present]
This happens when the card is not physically presented to the merchant, e.g. when a cardholder makes a purchase online, or over the phone.
CVV [Card Verification Value]
This is made up of two codes on the back of a card. One is in a magnetic strip and can be recovered by sliding the card through a magnetic stripe reader, while the other is a visible 3-4-digit number (called CVV2 by Visa and CVC2 by Mastercard). They are used to verify a cardholder’s identity.
An individual or company which has a debit, credit, or prepaid card.
Change Request Process
Once submitted, a change request is reviewed. It is then either rejected, altered or implemented, depending on the outcome of the review.
A request to alter a product or system.
Change of Control
When 50% or more of a company’s voting shares are transferred to a new party.
The return of funds to a buyer due to a disputed or fraudulent transaction. The chargeback can be initiated either by the merchant or the cardholder’s issuing bank.
An account which has either been classed as ‘blocked’, ‘lost’ or ‘stolen’.
Closed Loop vs Open Loop
A payment which can only be made in one system, e.g. a gift card or prepaid card at one retailer. Conversely, an open loop payment can be processed anywhere which accepts the network that card is a part of, e.g. Visa, MasterCard.
Any subject matter relating to account holder data, details within a signed agreement, or to Carta’s program specifications, business or financial matters.
A purchase made with a card but without the need to type in a 4-digit pin in the POS machine. This method uses a contactless chip in the card – or phone if you’re using a digital wallet – and then either radio frequency or Near Field Communication (NFC) to complete the payment.
A card which business owners give their employees so they can make purchases using their company’s money, rather than their own. Employees are usually expected to track purchases on a card like this in a separate or linked expenses system.
Country of Issuance
Where a card was first given to its holder, usually in their home country.
A card which pays for goods and services using funds from a line of credit, rather than using funds from a current or checking account – which is what a debit card does.
The entity which exercises overall control over processing personal data.
Data Security Standard
A set of rules for products or processes that provides consistency, accountability, and efficiency. Like policies govern the actions of people, standards are designed to provide a repeatable way of doing things.
A card which pays for goods and services using pre-existing funds from a current or checking account, rather than using funds from a line of credit – which is what a credit card does.
An online application – usually an app – which stores digital versions of your debit and credit cards so you don’t have to carry around the physical cards. These include Google, Apple and Samsung Pay, as well as PayPal and Venmo.
When a purchase is disputed by a cardholder, they can file a claim. This claim will then be validated or denied. While the dispute is managed on the card acquiring side, the burden-of-proof is on merchants to dispute chargeback claims made by cardholders.
Every company is required to perform background checks on its customers to fulfil ‘Know Your Customer’ (KYC) and ‘Know Your Business’ (KYB) requirements. It is also important to perform similar checks on any potential partners before agreements are entered into.
The integration of payment methods and other banking-related tools to non-financial services, e.g. the ability to pay for credits in gaming.
A UK payments system built back in 2008 which facilitates real-time payments of up to £1m, depending on a cardholder’s bank. The scheme is used to process payments day and night, 365 days per year.
The payments due for a company like Carta’s services, together with any third-party costs and mark-up.
A global initiative adopted by companies and countries to ensure no community is left behind by an evolving financial system.
Foreign Exchange (Forex or FX)
The process of exchanging one country’s currency to another country’s currency using exchange rates which can fluctuate daily.
ISO stands for International Organisation for Standardisation. A data message format that is used when credit and debit card data is exchanged, typically between point-of-sale devices and card issuers. The message can include data such as the value of the transaction, the card account number, and where the transaction originated.
Interchange is a small fee typically paid by acquirers (merchant’s bank) to issuers (cardholder’s bank), to recognise the value delivered to merchants, governments and consumers by accepting electronic payments. This transaction fee happens every time a customer makes a purchase using their card.
The financial institution – usually a bank, fintech or payment firm – which issues debit, credit, and/or prepaid cards to account holders.
The Agreement between Company and the Issuer for the issue of Accounts.
The issuer processor is a crucial cog in making and receiving payments, but can sometimes be forgotten as it works invisibly in the backend and isn’t customer-facing.
In simple terms, an issuer processor connects an issuer – which is usually a bank, fintech or payment firm – directly with the networks to provide the systems of record, manage the issuance of cards, authorize transactions, and communicate with settlement entities.
KYC/KYB [Know Your Customer / Know Your Business]
A standard companies follow to verify the identity of a customer – be that an individual, or a business. The standard is designed to protect financial institutions against fraud, money laundering and terrorist financing.
An account holder’s balance at the beginning of a business day.
There are two important ways to define a live program. First is when the program is live after being built, this is when it has been activated in the production environments of both the isuser processor (like Carta Worldwide) and the card scheme. It is live, whether it is being used by customers or not.
The second stage of it being live is when funds are being credited or debited to/from an associated bank account as a result of activity triggered by the cardholder.
The amount an account balance increases by after new funds are added to it.
MCC [Merchant Category Codes]
4-digit numbers used by card companies to classify a merchant by the types of goods or services they sell, according to ISO 18245.
Any information (including confidential information), software, platforms or documentation passed between two parties.
An individual (e.g. shopkeeper) or company (e.g. retailer) which buys and sells goods and utilises different payment methods to accept payments.
An account that can send and receive money in different currencies, avoiding the need to pay exchange fees.
When an issuer processor refers to a negative balance, it relates to an outstanding balance that an account holder has to their issuer or program manager.
A company which is not primarily a financial services provider, e.g. a supermarket accepts payments for food and drink, but it does not provide payment solutions as a service.
An exchange of data only, rather than of money, such as a balance enquiry or a change of personal details.
OSFI [Office of the Superintendent of Financial Institution]
An independent agency of the Canadian government which acts as the country’s financial regulator, regulating firms like Carta Worldwide.
One-Time Use Virtual Card
A single-use card attached to an account holder which generates a unique number so a customer never has to share their main account number with a merchant.
An account which has been activated and is actively being used by a cardholder, as opposed to one which has been blocked, locked, or not yet activated.
An initiative spearheaded by governments requiring banks to share their customers’ data, with their consent to third-parties in order to give them access to new services, such as spend management apps and bank-initiated payments.
Open Loop Payment
A payment which can be processed anywhere which accepts the network that card is a part of, e.g. Visa, MasterCard. Unlike a closed loop payment, which can only be made in a closed system, e.g. a gift card or prepaid card spent at one retailer.
For a standard issuer, these permissions allow an entity to issue prepaid accounts and e-money in line with a country’s regulation.
Security standards governed by the Payment Card Industry Security Standards Council (PCI SSC) – a global forum created by card networks. It is designed to ensure the security of card details, such as encryption and firewalls.
PIPEDA [Personal Information Protection and Electronic Documents Act]
Canadian federal legislation which governs private businesses’ collection, use and disclosure of personal information.
A point of sale device (POS) is a system that businesses use to manage sales transactions. In the past, a POS in a shop would have been a big cash register and a ledger to record purchases and sales.
Any information about an identifiable individual or entity which is subject to privacy laws.
An often plastic or metal card that an account holder can use to pay for goods and services in-person, online or over the phone. The materials are evolving all the time and can now be made from many more materials such as cardboard.
Point of Sale
The time and place where a payment occurs, e.g a shopper might pay a merchant for an item at a till, or at an online checkout – both are the points of sale.
An account which has not yet been activated but may have a balance.
A card a customer can buy with money pre-loaded on it. They can treat it like a pay-as-you-go debit card. Often used to pay bills, the card helps to stop people falling into debt.
All laws or regulations governing the collection, use, disclosure, retention or other handling of information about an identifiable individual, including PIPEDA.
Anything which happens to an account holder’s data, such as collection, recording, storage, alteration, or erasure.
The entity which processes personal data on behalf of the controller, which exercises overall control over data processing.
Products are those marketed by our clients/Program Managers. Carta Worldwide operates the programs to manage their products.
Program Managers are the companies that manage a card program, typically under the supervision of an issuer BIN Sponsor. This entails day-to-day management which could include managing their ecosystem of partners and servicing of customer queries.
A collection of products – or services – on Carta’s systems and platforms which form part of a bigger solution, such as private labelling.
An individual who coordinates multiple projects with the end goal of improving how a company operates.
A schedule which tracks required tasks and deliverables for each product in an ongoing project, estimating dates for completion. Carta will share this schedule with clients for information purposes only, but the document is not intended to create contractual rights or obligations.
A bookkeeping/accounting process that matches bank statements and transaction activity up to an account holder’s balance on a system like Carta Worldwide’s.
The laws and rules overseen by a country’s regulator. In Carta’s case, these include our contractual obligations towards an issuer.
A body independent of government, tasked with overseeing a certain industry by applying a set of rules. If these rules are broken, it can lead to fines and withdrawals of companies’ permissions.
A card scheme is a central payment network that is responsible for kickstarting the authorization and/or settlement of a transaction. They provide the network, infrastructure, rules, and net settlement services to allow merchants to accept card payments and issuers to issue cards to their customers. The most common schemes are MasterCard or Visa.
A set of expectations a company agrees to meet for its customers, e.g. the time in which it agrees to process a payment.
The culmination of products created by a company like Carta, which are supplied to clients to meet a particular need.
The final step in the payment process. This is when the funds move, leading to the completion of a payment.
Programs or operating systems which have been built and licensed by a company, such as Carta.
Solution Summary Document (SSD)
This document is designed to capture the baseline business requirements for a particular product. It outlines a software’s functionality (specs) and how it can be built.
Part of Carta Worldwide’s platform that connects to the scheme (Visa/MC) and ‘switches’ and authorization requests to the client’s host System of Record through an External Authorisation interface (either ISO 8583 or JSON).
System of Record
Part of Carta Worldwide’s platform which is used by a company as an authoritative source for client data. It can store details such as a customer’s available balance, or their transaction history. Carta can act as a system of record for balance management, for example.
These replace sensitive data with generated numbers to stop sensitive data from being compromised.
A unique symbol or brand which is owned or licensed by the company which uses it.
Data which is attached to a payment made by an account holder.
A digital version of a physical card which can be stored in a digital wallet.
A device with built-in near-field communication technology, or bluetooth, which can initiate contactless payments.
A mode of communication between web applications. It allows real-time data to be sent from one application to another using HTTP callbacks.