Glossary of Terms

Acquirer
A bank that maintains merchant relationships, receives all credit card transactions from the merchant and initiates the data into an interchange system. 


Card Brands
Named companies, such as American Express, Discover Financial Services, JCB International, MasterCard and Visa, that work with acquiring banks to issue credit cards and cardholder services identifiable with their company name and logo on the cards. 


Cardholder
The customer to whom a credit card or debit card has been issued or the individual authorized to use the card.


Cardholder Information
Any personally identifiable data associated with the cardholder. This data could be an an account number, expiration data, name, address, social security number or Card Validation Code (e.g., three-digit or four-digit value printed on the front or back of a payment card).


Credit Card Terminal
Equipment with a magnetic strip reader that captures cardholder information when a credit card is swiped. Generally this is done by sliding the card through a slot on the terminal. There is also a key pad for entering cardholder information manually.


Data Compromise
The exposure of sensitive or personally identifiable information (PII). Data compromises can result from either an intentional security breach (i.e., an "attack") or human error.


Department
Any entity within direct hierarchy of the University (e.g., named school, named department, unit and/or affiliate) that uses University information technology resources to create, access, store or manage University data to perform their business functions.


E-commerce
Business that is conducted over the Internet or cellular connectivity using applications such as websites, e-mail, instant messaging, shopping carts, and others. Common forms of payment include credit cards and electronic checks. Transactions can be initiated through various methods, including a computer, mobile device or point-of-sale terminal.


Electronic Check (Check21)
A paper check that is converted to a legitimate imaged “substitute” check for processing. Check 21 rules are established by a federal law through the Check Clearing for the 21st Century Act and are designed to enable banks to handle more checks electronically with faster and more efficient processing.


Electronic Check (eCheck)
An online payment using checking account related-data to initiate ACH activity between banks.


Encrypt or Encryption
Scrambling or coding of information through the use of algorithms to stop the retrieval and use of information in transit or at rest (i.e., stored on a hard drive or mobile device).


Implementation
The process of building a site from scratch and completing any necessary tasks before taking a site live. This includes everything from setting up your e-commerce platform to placing your installation on a server, ensuring its proper configuration, setting up integration (if needed) and making sure your site is fully operable.


Media Sanitization
Process of wiping equipment clean and purging data in a manner that renders that data unrecoverable or difficult to reconstruct.


Merchant
A department that has been approved to accept and process branded credit cards or debit cards as means of payment for goods and/or services.


Merchant Number (aka Merchant ID)
A number assigned to a merchant by the credit card issuers (e.g., MasterCard, Visa, Discover Card or American Express) to uniquely identify its credit card transactions.


Merchant Services
A company that contracts with the State of Kansas to issue merchant numbers for credit card operations. Merchant Services facilitates the processing, settlement, reporting and billing for credit card activity.


Payment Application Data Security Standards (PA-DSS)
The PCI Council managed program that applies to hardware and software suppliers and others who develop payment applications that store, process or transmit cardholder data and/or sensitive authentication data in accordance with the PA-DSS requirements.


Payment Card
Any credit, debit, or pre-paid credit/debit card linked to the cardholder’s account at a financial institution, including those under the Visa, MasterCard, Discover Card and American Express brands. 


Payment Card Industry Data Security Standards (PCI-DSS)
The result of collaboration between the five major credit card brands to develop a single approach to safeguarding cardholder data, the PCI-DSS defines a series of best practices for handling, transmitting and storing cardholder data. The full text of the standard and other supporting documents are available on the PCI Security Standards Council website.


Payment Gateway
The online equivalent of a cash register. The payment gateway connects websites to credit card carriers so that online credit card transactions can be completed in real time.


Personal Financial Information
Information that can be used to uniquely identify an individual’s relationship with a financial institution, divulging any personal resources to include assets or debt.


Personally Identifiable Information (PII)
Information that can be used to uniquely identify, contact or locate an individual, or that can be used in conjunction with other sources to uniquely identify an individual. In the case of payment card data, PII can be all printed and non-printed information contained on payment card that identifies the customer. For purposes here, PII includes personal financial information, but is not restricted to name, address, credit card number, the card’s expiration date and its security code.


Point-of-Sale (POS) System
A combination of devices and applications in which retail transactions are completed. POS systems are usually comprised of cash registers and some type of debit/credit card reader. Some POS systems can support complex functionality such as inventory management, CRM, financials, warehousing etc.


Processor
Provides payment processing, merchant and related payment services to financial and nonfinancial institutions. Processors communicate to the card issuing entities to validate transactions and work with financial and nonfinancial institutions to settle payment transactions.


Qualified Security Assessor (QSA)
An independent security organization that has been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI-DSS.


Self-Assessment Questionnaire (SAQ)
A validation tool that assists merchants and service providers in self-evaluating PCI compliance each year.


Software License
An agreement, or contract that determines the use and/or redistribution of software. Licenses can be either proprietary or free and open source.


Suppliers
Entities that supply goods and/or services (primarily hardware and/or software) to be used in the e-commerce process. Some suppliers require contracts to be executed to initiate the purchase of goods or services.


System Integration
Automating costly manual business processes by syncing a merchant’s e-commerce platform with other business systems, such as an enterprise resource planning (ERP) system, accounting and inventory management applications.


TouchNet UCommerce Marketplace
A third party web application that provides a secure payment gateway for processing credit card payments online via a website application. This is the main payment gateway approved and supported by the University for KU merchants that accept credit card payments online.


Virtual Terminal
A program accessed over the internet that enables credit card charges to be input online by the merchant.


 


KU E-commerce Do's & Don'ts

DO:

  • Work with the KU E-commerce Committee for all your KU e-commerce needs
  • Allow plenty of time to establish your Merchant ID and e-commerce solutions (min. 1-3 months)
  • Read and comply with all KU e-commerce guidelines and policies

DON'T

  • Use unauthorized e-commerce vendors, including Square, PayPal, etc.
  • Conduct e-commerce at KU without an official Merchant ID
  • Initiate conversations or contracts with external vendors without the assistance of the E-commerce Committee