An access control server is a system which enables a business to control access to areas and resources, specifically card and transaction data. It's used in authenticating payments made online.


This is the database of all enrolled cardholders. It's maintained by the card issuer and contains all the details used to authenticate a cardholder.


Card acquirers, such as Barclaycard, are banks or financial institutions which are members of card schemes such as Visa or MasterCard, processing card transactions on behalf of merchants.


APR shows the overall cost of the credit, shown as an annual rate of charge. It's a valuable tool that allows you to compare how much different offers of credit will cost before you decide whether to enter into an agreement. It's calculated to include interest payable on the credit, various charges (such as arrangement fees) and other associated costs.


An Approved Scanning Vendor is a security firm using a scanning solution to determine Payment Card Industry Data Security Standard (PCI DSS) compliance of their customers.


Authentication refers to checks carried out during the authorisation process. They check that the cardholder is genuine by requesting a secure password that the card holder has registered, which is then verified with the database to confirm that their identity.


This is a server that provides a transaction audit of all authentication requests and subsequent results for transactions processed and authorised online.


Auto Auth is a facility available on some PDQ terminals and other electronic point of sale equipment. The terminal is connected to a telephone line and when authorisation is required the terminal automatically makes a call to the relevant authorisation centre.


The Address Verification Service works by checking the numerics of the address automatically when a transaction is processed. The data check response helps you decide whether or not to proceed with the transaction.




A Card Security Code (CSC) is made of the last 3 digits on the signature strip, on the reverse of a card. It's used to verify the authenticity of the card and authorise transactions.

A charge card can be used in the same way as a credit card, to pay for goods or services, but unlike a credit card, no interest is charged as balances are settled in full each month by Direct Debit.


A chargeback happens when a cardholder disputes a transaction shown on his or her statement with their card issuer. If the cardholder's complaint is valid and the acquirer has been unable to substantiate the transaction, the amount of the transaction may be charged back to the retailer. Processing irregularities and incomplete documentation can also result in a chargeback.



DEFRA stands for Department for Environment, Food and Rural Affairs – and is a UK government department.


A directory server is a software system that stores, organises and provides access to information in a directory for purposes of authenticating a card user's details as being genuine.



This is the server that runs the cardholder enrolment service. It used outside the actual payment process and can be used to enrol cardholders at any time


This is an industry term that covers a range of business management activities. An ERP system can be used for managing product planning, parts purchasing, inventories, interacting with suppliers, providing customer service and tracking orders. It can also include application modules for the finance and human resources aspects of a business.


ePDQ means electronic process data quickly – and is our online solution for accepting cards over the internet, and by phone, fax or mail order.


Electronic Point of Sale systems give businesses a convenient way of recording purchase transactions. A computerised till system can be an EPOS system as long as it includes some sort of store inventory database, which is updated automatically when a purchase is made.



Fall back processing refers to when you have to revert to manual/imprint card transactions in the event that your electronic system is out of action.


Floor limits are set by Barclaycard and other card schemes, and will be set according to the type of business, fraud risk, and the average spend per customer transaction. When a transaction is above your floor limit (which may also be called a fallback limit), it is vital the transaction is authorised. If it isn't, you risk receiving a chargeback or losing money if it turns out to be fraudulent.




A hotel booking agent may is a third party used by some businesses to book hotel accommodation for their staff.



Interchange is the fee paid by acquirers to card issuers for each transaction. This fee is determined by the nature of the business and the processing procedures followed. Rates are determined by the card schemes who assess the level of risk and expense involved in processing a transaction.


An issuer is a bank, building society or financial institution which issues plastic account-based cards like credit, charge and debit cards.






Allows you to see detailed breakdowns of spending across your business, helping you keep track of your employees' purchasing activity and identify cost savings.


The merchant service charge is a fee payable by businesses (merchants) for each transaction processed. This fee is agreed individually between the business and Barclaycard.





PETG is a type of sustainable plastic, used to manufacture our Sustain card. It's chlorine-free and carbon-neutral.


Payment Card Industry Data Security Standard (PCI DSS) refers to a set of guidelines that businesses that process payments and handle customer data must comply with. View all PCI DSS glossary terms.


PDQ stands for Process Data Quickly and refers to the electronic processing system used to process credit and debit card transactions.


PIN stands for Personal Identification Number and is used to verify a cardholder's authenticity and authorise payment, if requested. If a card is reported lost or stolen, a new PIN will be issued. In order to prevent fraud and theft cardholders should never disclose their PIN number or keep a record of it with their card.


Overnight, provided you have completed the 'end of day' procedure correctly, details of card payments will be collected via your equipment through a phone line – this is called polling.


PSP stands for payment service provider and refers to a company that offers merchants online services for accepting electronic payments by a variety of methods including credit card, bank-based payments such as direct debit and bank transfer.



The term QSA is used to identify an individual qualified to perform PCI DSS compliance auditing and consulting.



An authorisation request results in a referral when the card company's computer recognises that there is something wrong. For example, the card is stolen or the cardholder has exceeded their credit limit.


A retrieval is a request for information that has been issued by an acquirer because a card issuer has disputed a transaction that one of their cardholders has raised with them.


A Request for Information (RFI), also known as a retrieval request, is raised by a credit card issuer when a cardholder disputes a transaction on their statement.



A self assessment questionnaire is a validation tool to assist merchants and service providers in self-evaluating their compliance with the Payment Card Industry Data Security Standard (PCI DSS).


SET stands for Secure Electronic Transaction and is a system for ensuring the security of financial transactions on the Internet.


The SDK is hosted on your web server and communicates with a hosted Merchant Service to authenticate internet transactions.


SSL stands for Secure Socket Layer (SSL) and refers to the way data is securely transferred between the browser and the database.



A travel management company is a third party supplier who books travel arrangements on behalf of another company.


They oversee and manage payment clearing and money transmission services within the UK as well as setting industry standards which members must conform to when processing data.