We don't make payments complicated.
We want to help you unscramble commonly used terms in the payment sector - easy and effortless.
Since more donors are using ACH to set up recurring donations or monthly bill payments, criminals are using bank account and routing numbers to perform fraud attempts.
How do they do that? Through an activity commonly known as phishing. A thief will send out emails with malicious code. Often, these emails appear to be from the individual’s bank; they will have proper logos, addresses, and phone numbers and will seem legitimate. The code within this email tracks the individual’s keystrokes and gives the fraudster access to that person’s financial information.
The acquiring bank is the financial institution that maintains the nonprofit’s merchant account and enables nonprofits to process credit transactions. The acquiring bank sends transactions requests to issuing bank for authorization.
Application program interface (API) is a set of routines, protocols, and tools for building software applications. An API specifies how software components should interact.
An authorization code is the response code from the issuing bank returned to the nonprofit at the time of authorization.
It is the amount that is charged to a merchant account each time a transaction is sent to the bank for authorization.
Authorized signatory is the person who is authorized to sign any form – e.g. bank accounts, contracts - on behalf of the organization (nonprofit).
Batch processing can be done for the credit card and ACH processing. This allows merchant to upload a batch of multiple transactions at once.
Card Verification Code is the three or four-digit security code on the payment card that is used to further authenticate the consumer during a card-not-present transaction. Requiring CVV2 increases the security of credit card donation.
When a credit card account is hacked, the fraudster can use the stolen credit card information to buy large purchases using the victim’s identity. However, hackers must test the card to confirm if it is still active. Since nonprofit donation pages are more donor friendly than online retailer shopping carts, many of these fraudsters will test the stolen credit card by making a small, often random donation (i.e., $2.17).
A chargeback occurs when a donors dispute a charge on their credit card. It can cause a reversal of the donation, and the nonprofit is debited for the chargeback amount.
Deposit schedule is a time and frequency when the payment is being settled and deposited in the bank account of the recipient (nonprofit). For iATS specific deposit schedule, please refer to FAQ #16.
Encryption is a form of fraud protection that uses special algorithms to convert sensitive data into encrypted ciphertext. This text can be unlocked only with an encryption access key. Encryption is used by payment processing companies to ensure that donor and customer data is not put at risk or stolen.
We refer to our pricing as being a “Flat Rate.” To us it means that they will always pay the same rate per card type regardless of the interchange charges associated with it. It’s transparent and protects the client from any surprises from hidden fees.
Fraud protection is a way for a nonprofit to secure its information and donors from any online thieves and social engineers. iATS offers various fraud protection tools – please see the fraud protection tools in the security solutions here.
These are the costs charged by the card brands and issuing banks for processing transactions. These costs vary dramatically dependent on the type of card used, where it is used and how it is used. iATS flat rate pricing absorbs these variances and ensures that you always know what your costs will be per transaction.
The issuing bank is the financial institution that issues credit cards to consumers on behalf of the card networks (Visa, MasterCard, Amex, Discover). The issuer acts as the middle-man for the cardholder and the card network.
A merchant account allows a nonprofit to process and accept donations. You must have a merchant account to accept contributions, which can be set up with your payment processor. All iATS customers have their own individual merchant account provided solely for their use.
When you get a merchant account, you are issued a unique Merchant ID Number (MID) that identifies you to your processor and the banking institutions who authorize transactions.
The payment gateway is the first stop in the payment processing system. It completes the initial checks to determine whether a credit card is valid. If the card is marked as invalid, the payment gateway will stop the transaction and notify the nonprofit.
A payment processor is the company or provider that helps your nonprofit accept and process donations. A payment processor can offer a payment gateway, merchant account, ACH / direct debit options and credit card payments.
The Payment Card Industry (PCI) has set up data security standards (DSS) that any company that processes donations or transactions must follow. These standards keep consumer and donor data safe. Failure to comply can result in fines, penalties, and loss of payment processing capabilities.
Payment processors will usually charge nonprofits a yearly PCI compliance fee in order to keep all of their systems in line with the standards.
Retrieval is a merchant’s opportunity to respond to the cardholder’s dispute. It is time-sensitive and needs the immediate attention of the merchant (nonprofit),
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both frequently referred to as "SSL", are cryptographic protocols that provide communications security over a computer network.
Tokenization takes a donor’s credit card number and other sensitive information and replaces it with a string of alphanumeric characters – called tokens. These tokens can then be used to process the payment without actual credit card details being exposed. The actual credit card numbers are held safe in a secure token vault. Tokenization is primarily designed to fight online or digital breaches, so even if the token is intercepted, it can never be used to compromise a donors payment details.
iATS tokenization ensures that a donors payment details are stored securely on iATS server protecting their card information and reducing the scope of PCI compliance.