3-D Secure is a protocol to allow authentication of cardholders of credit card companies in epayment transactions.

Designed to allow authentication of cardholders by their Issuers at participating merchants, the 3-D Secure protocol was developed by Visa to improve the security of Internet payments. It was adopted and is offered with the service name Verified_by_Visa and MasterCard SecureCode.

The objective is to benefit all participants by providing Issuers the ability to fully authenticate cardholders during an online purchase, reducing the likelihood of fraudulent usage of Visa cards and improving overall transaction performance.

The 3-D Secure protocol is the standard for globally interoperable Authenticated Payments.

An automated system that allows merchants who accept card-not-present (CNP) transactions via the phone, mail order or the Internet to verify the billing address of cardholders

APACS, the UK payments association, is a trade association for institutions delivering payments services to end customers. It provides the forum to address co-operative aspects of payments and their development. It is also the main industry voice on issues such as plastic cards, card fraud, cheques, electronic payments and cash

Biometric methods of identification work by measuring unique human characteristics as a way to confirm identity, for example, finger or iris scanning or dynamic signature verification.

CAP stands for MasterCard’s ‘Chip Authentication Program’ : industry standard for strong authentication in non face-to-face situations. (See also Visa Dynamic Passcode Authentication)

A transaction where the merchant, retailer or other service provider does not have physical access to the payment card. Examples include transactions over the Internet, telephone, fax or by mail order.

Also known as an integrated circuit card (ICC) or smart card.
A chip card holds details on a secure computer chip that can store and process information; chip cards usually also have a magnetic stripe.

A payment card containing a chip that requires the use of a PIN as the preferred method of cardholder verification at the point-of-sale (not only at ATMs).
In this context, 'preferred' relates to the cardholder authentication process demanded by the combination of card and terminal that, in the case of chip and PIN card inserted in a chip and PIN-enabled terminal, requires customers to enter their 4-digit PIN at the point-of-sale.
Chip and PIN card can also be used in non face-to-face situations to secure transactions with a handheld smart card reader.

DPA stands for VISA's 'Dynamic Passcode Authentication’ : industry standard for strong authentication in non face-to-face situations (see also CAP)

A service enabling users to access banking facilities over the Internet or other computer network. Also known as e-banking and, when the Internet is used, Internet banking (see also remote banking).

(e-commerce) Transactions that are conducted over an electronic network where the buyer and merchant are not at the same physical location, e.g. plastic card transactions via the Internet.

EPOS : A terminal or similar device that may be used at the point of sale; e.g. shop, bank etc.

Also known as an e-purse. A stored-value payment card used to pay for goods and services. It is an alternative to cash. The card can be disposable or re-loadable. The stored value is reduced as payments are made.

 EMV : Europay MasterCard and Visa:
The internationally-agreed standards for chip payment cards, originally agreed by Europay, MasterCard and Visa.
EMV standards are maintained by EMVCo, an organisation owned and managed by MasterCard, Visa and JCB.

Faster Payments is a key initiative being driven by the Office of Fair Trading Payments Systems Task Force in conjunction with APACS in the UK.

The Faster Payments service will significantly increase the speed of credit transfer from one account to another:
for internet banking transfers and telephone transfers between banks the movement will be near real time, with standing orders being processed on a same day basis. Currently, it takes 3 working days from the initiation of the payment to the recipient getting the funds for these interbank transfers.

This occurs when someone uses your personal information such as your name, social security number, credit card number, or other identifying information without your permission, to commit fraud or other crimes.
It commonly arises from the interception of mail, by being ‘socially engineered’, or even having your bin raided.

An internet-based secure payments solution developed by MasterCard (more information: www.mastercard.co.uk)

A set of numeric characters, usually a four-digit sequence, used by a cardholder to verify their identity at a point-of-sale (POS) or by a customer activated device, such as a cash machine.
The number is generated by the card issuer when the card is first issued and may be changed by the cardholder thereafter.

Phishing is the name given to the practice of sending e-mails at random purporting to come from a genuine company operating on the Internet, in an attempt to trick customers of that company into disclosing information at a bogus website operated by fraudsters. These e-mails usually claim that it is necessary to "update" or "verify" your customer account information and they urge people to click on a link from the e-mail which takes them to the bogus website. Any information entered on the bogus website will be captured by the criminals for their own fraudulent purposes.

The numeric pad into which a cardholder enters their PIN to authorise a transaction. PIN pads may be fixed or portable.

RCA stands for Remote Card Authentication: the next generation of fraud prevention solutionsto help tackle fraud in non face-to-face transactions (i.e. e-banking and internet and telephone shopping).
A range of security solutions is currently available including smart card readers that generate one-time passwords (OTP). Pocket-sized EMV-compliant smart card readers incorporating a challenge/response capability appear to offer the most promising long-term answer to online authentication problems.(see also: www.xiring.com)

A method employed by fraudsters to obtain PIN details by standing in the vicinity of the cardholder whilst they use the ATM and covertly observing them tap in the details.

Also known as an integrated circuit card (ICC) or chip card.
A smart card holds details on a secure computer chip that can store and process information; chip cards usually also have a magnetic stripe.

Strong authentication, also called 2FA (two-factor authentication) is the combination of at least two authentication factors.
As opposed to single-factor authentication which requires just one piece of information (usually knowledge of a password), two-factor authentication requires at least two factors from the following authentication list:

- Something you know: a password, PIN code,...
- Something you have: a smart card,
- Something you are: fingerprint, retinal scan, other biometric
 
Common implementations of two-factor authentication use 'something you know' as one of the two factors, and either 'something you have' or 'something you are' as the other factor.

A common example of 2FA is a bank card (credit or debit EMV card); the card itself is the physical ‘something you have’ item, and the PIN code is the ‘something you know’ that goes with it. The use of a remote card authentication device to enter the PIN code that is not connected to the PC leaves no room for online fraud.

An internet-based secure payments solution developed by Visa
(more information: www.visaeurope.com )