Glossary of Technical Payment Terms

Acquirer: A company that processes electronic payments, capturing card data and transferring money to the merchant. Example: Dock.
API (Application Programming Interface): A set of tools that enables communication between different systems.
Apple Pay: Apple’s digital wallet.
Authorizer: A system that verifies whether a card is valid and has sufficient funds for a transaction.
Multi-Factor Authentication (MFA): An authentication method that uses two or more factors to verify a user’s identity, such as passwords, biometrics, and tokens.
Security Updates: Software updates that fix vulnerabilities and improve protection against threats.

Back-end: The part of a system that runs on servers, generally responsible for data processing and business logic.
Card Network: A company that manages a card brand, such as Visa, Mastercard, and Elo.
Biometrics: Authentication using physical characteristics such as fingerprints or facial recognition.
Bridge: A feature that enables communication between different programming languages.

Digital Wallet: An application that stores credit and debit cards for contactless payments. Examples: Apple Pay, Google Pay, Samsung Pay.
Certification: A process that ensures a system or device meets specific security standards.
Chip: A small electronic component embedded in payment cards that securely stores card information, enabling safer transactions.
Contactless: Technology that enables payments by simply tapping a card or device on a terminal without physical contact.
Contactless Payments: Payments made by tapping a card or mobile device on a terminal.
COTS (Commercial Off-The-Shelf): Ready-to-use software or hardware that can be integrated into applications to add functionalities, such as card reading and acquirer communication. Examples: mobile phones, external card readers, and receipt printers.
End-to-End Encryption: A cryptographic method that secures data throughout the communication process, ensuring that only the sender and receiver can access it.

Ecosystem: A network of companies and technologies that interact to enable payments.
Electronic Payments: Payments made using cards, digital wallets, or other electronic means.
EMV (Europay, Mastercard, and Visa): A global security standard for chip-based cards.
EMVCo: The organization responsible for EMV specifications.
Reverse Engineering: The process of analyzing software to understand its internal functionality.

Front-end: The part of a system that users interact with directly, such as an app's graphical interface.

Payment Gateway: A system that connects an app to an acquirer to process payments.
Google Pay: Google’s digital wallet.

Hardware: The physical components of a device, such as processors, memory, and NFC chips.

Integration: The process of connecting different systems or software components.

Jailbreak: The process of removing security restrictions on an Android device.

Contactless Payment Kernel: Software that manages contactless communication between a payment device and a terminal, following EMVCo specifications (L2).
Kotlin: A modern programming language for Android development.

Level 1 Testing (L1): Tests that check whether the hardware and software of a payment device comply with EMVCo specifications.
Level 2 Testing (L2): Tests that verify the interoperability of a payment device with cards and terminals from different manufacturers.
Level 3 Testing (L3): Tests that check the integration of a payment device with an acquirer’s system.
LGPD (General Data Protection Law): Brazilian law that regulates the processing of personal data.

Card Machine (POS): A device that reads card data and processes payments.
Mastercard: A credit and debit card brand.
mPOS (Mobile Point of Sale): A mobile payment terminal that allows transactions anywhere.
MPoC (Mobile Payments on COTS): Mobile payments on COTS devices such as smartphones and tablets.
Malware: Malicious software that can damage a device or steal data.

NFC (Near Field Communication): A short-range wireless communication technology that allows data exchange between nearby devices, such as mobile phones and payment terminals, enabling contactless payments.

Onboarding: The process of integrating a new customer or user.
Open Banking: A system that allows the sharing of banking data between different financial institutions.

Contactless Payment: A payment made by tapping a card or mobile device on a terminal.
PCI DSS (Payment Card Industry Data Security Standard): A set of security standards created by major card brands (Visa, Mastercard, American Express, Discover, and JCB) to protect cardholder data, ensuring confidentiality, integrity, and availability.
Phishing: A cyber attack that attempts to deceive users into revealing sensitive information such as passwords and card details.
Pix: Brazil’s instant payment system.

Root: A process that allows Android device users to gain privileged access to the operating system, providing full control but also increasing security risks, such as the installation of malicious applications.

SDK (Software Development Kit): A set of development tools and libraries for building applications.
Samsung Pay: Samsung’s digital wallet.
Sandbox: An isolated environment where applications run to prevent them from accessing data from other apps.
Software: Programs and applications running on a device.
SoftPOS (Software Point of Sale): Software that transforms a mobile device into a payment terminal.

Tap on/to Phone: Technology that turns a mobile phone into a POS.
Tap to Pay: Technology that allows a mobile device, such as a smartphone or tablet, to make contactless payments.
Magnetic Stripe: The black stripe on the back of a card that stores card data.
Tokenization: The process of replacing sensitive card data with unique tokens.
Transaction: An electronic payment operation.

Validation: The process of verifying that data or information is correct and valid.
Visa: A credit and debit card brand.

Last updated 7 months ago