Merchant Services Definitions

Acquiring Bank

Merchant bank contracted through Financial Services on behalf of all University units and affiliates to perform bank/credit card processing services.

Approved Scanning Vendor (ASV)

Organizations that have been approved by the Payment Card Industry Council to validate adherence to certain Payment Card Industry Data Security Standards requirements by performing external vulnerability scans of Internet facing environments of merchants and service providers.


Process by which a merchant obtains prior confirmation from the acquiring bank that a specific financial transaction will be processed successfully when settlement is completed.

Bank/Credit Card

Unexpired credit card affiliated with a credit card company (e.g., Visa U.S.A., MasterCard International) or branded debit card, ATM cards, and any other card or device other than cash or checks affiliated with recognized banking networks for which a merchant has established card acceptance with the acquiring bank.

Bank/Credit Card Acceptance Fees/Charges

Costs imposed on merchants by the acquiring bank in exchange for the privilege of accepting a card. Fees are assessed in the following categories:

  1. Bank Discount Rate Fee - acquirer bank charge on all bank/credit card transactions for processing card sales and credits.
  2. Interchange - non-negotiable fees established by the credit card associations which are collected from the merchant by the acquiring bank and paid by the acquiring bank to the issuing banks.
  3. Assessments/Access - non-negotiable fees established by the credit card associations which are collected from the merchant by the acquiring bank and paid by the acquiring bank to the credit card associations.
  4. Processor's fee - negotiable cost established by contract which is collected by the acquiring bank on their own behalf. Processor fees are negotiated and contracted through the Request for Proposal (RFP) process and Financial Services.

Cardholder Information

Personally identifiable data associated with the cardholder including account number, expiration date, card validation number (e.g. CVV2, CVC2), transaction information or any other information that may be used to personally identify a bank card account or holder.

Centralized Payment Process

Controlled system of Internet sites, software applications, and communication protocols that interact together for the purpose of capturing and transferring cardholder information to the acquiring bank via the Internet and securely storing the information in a single repository, commonly known as a "gateway".


A reduction of the merchant's cash receipts initiated by the acquiring bank in response to a transaction that has been rejected by the acquiring bank, issuing bank or disputed by the cardholder.

Convenience Fees (a.k.a. surcharge)

Costs imposed on cardholders by the merchant to defray the expense of providing a convenient alternate payment channel (e.g., Internet, self-service kiosks, Interactive Voice Response (IVR)).

Card Verification Value

A 3 or 4 digit code printed on the back or front of a bank card; is an important security feature that protects Internet and phone transactions from fraud. The card verification value ensures that the credit card number is legitimate and that the card is in the possession of the purchaser.


Website based business transaction utilizing electronic payments such as bank/credit cards.

Bursar Banking & Merchant Services

A team of Bursar's Office personnel that provides services, information, merchant account set up, and act as a liaison between the acquiring bank and the merchant units.

Issuing Bank

Financial institution that grants credit to a cardholder by issuing a credit card to the cardholder.

Merchant Unit / Merchant Department

A University department or an affiliate of the University that has received the appropriate prior authorization to accept cards as a form of payment for services performed or for merchandise sold by the department or affiliate. A merchant is assigned a specific merchant account(s) with the acquiring bank. Merchants fall into one of the following three categories:

  1. Retail merchant--conduct the entire card transaction in a face-to-face environment with the card physically present for the transaction.
  2. Phone/mail merchant--generate cardholder information forms either through telephone communication with the cardholder, through the mail, or by standalone facsimile machine not connected to any computer network.
  3. Internet merchant (eCommerce)--conduct all of their card transactions through the Internet within the centralized payment process.

Merchant Account

A unique account established with the acquiring bank that is used to track equipment, transactions, fees, compliance activities, and designated points of contact and all related information of the merchant.

Merchant Agreement

An agreement between Bursar Banking & Merchant Services and the merchant that outlines the responsibilities, rules, regulations and contractual provisions and obligations regarding the handling of bank/credit cards. The agreement must be signed by the head of the unit that is providing the option of accepting bank/credit cards to sell goods and services to their customers.

Merchant Responsible Person (MRP)

A unit's designated individual within that merchant unit who will have primary authority and responsibility for eCommerce and bank/credit card transaction processing.

Operating Guidelines

Rules and procedures published by the acquiring bank that specify the operational parameters that each merchant must adhere to when accepting a card as a form of payment.

PCI-DSS -- Payment Card Industry Data Security Standards

A specific set of technical requirements and business practices published collaboratively by Visa U.S.A. and MasterCard International addressing cardholder information security that each merchant must comply with and demonstrate compliance on a periodic basis. (e.g., Visa U.S.A. Cardholder Information Security Program (CISP), MasterCard International's Site Data Protection Program (SDP), American Express's Data Security Standards (DSS) and Discover's Information Security and Compliance (DISC) Program).

Qualified Security Assessor (QSA)

The Payment Card Industry (PCI) QSA designation is conferred by the PCI Security Standards Council to individuals that meet specific information security education requirements. The primary goal of QSA is to complete PCI compliance assessment, auditing and consulting for merchants to ensure and validate the merchant is meeting PCI standards.


Process by which a merchant presents a single or group of financial transactions to the acquiring bank for the purpose of converting the credit information collected from a cardholder into cash receipts.