PCI DSS compliance v4.0: Your requirements checklist
From gold coins to digital wallets, the way people pay and how businesses receive payments have always evolved. But the current payments industry is a particularly complex space, with hundreds of companies offering financial services that carve up the payment process into smaller, more intricate digital parts.
In this article, you’ll find a concise lesson on the key players and biggest changes in the payment processing marketplace in the past four decades. Plus, scroll down for handy definitions of 12 common payments terms.
In 1979, Visa introduced the credit card terminal. By the 1980s, electronic payment platforms were the big hair and shoulder pads of the retail community, gaining rapid adoption across retail and giving rise to hardware manufacturers like Hypercom, Ingenico, and Verifone. The terminal transformed the roles of payment networks and payment processors, who switched from paper voucher logistics companies to electronic communications providers.
In the pre-internet era, this meant constructing a network of telecommunications relays and data management platforms to provide efficient, cheap electronic payment acceptance services worldwide. The terminal ecosystem has developed continuously since then, but the mid-‘90s arrival of the internet and the resulting boom brought an entirely different mindset.
Internet-based businesses demanded a new kind of payment terminal, a virtual one compatible with the needs of online business. A host of new online payment processing companies — including Authorize.net, CyberSource and Bibit — formed to fill those needs to receive payments online.
There were barriers to entry in the processing business, so these companies chose not to compete with big processors. Instead, they focused on creating merchant- and consumer-facing technologies. The companies became known as payment gateways (see definition below).
Gateways were the web-based equivalent of payment terminals, adapting internet-based transactions so that they could be retrofitted and funneled into pre-existing payment processors.
|Year founded||Company||Now part of|
|1994||Authorize.net||CyberSource, a subsidiary of Visa|
|1996||CyberSource||CyberSource, a subsidiary of Visa|
|1996||DataCash Group||Mastercard Payment Gateway Services|
|1997||Bibit||WorldPay, now Vantiv|
In 1994, a startup called Amazon.com opened for business. The next year, eBay launched. As online commerce ballooned, payment gateways began to send an impressive number of transactions to the payment processors to accept payments online.
Rather than build their own, payment processors acquired top-performing gateways. But after buying these payment systems, processors found huge barriers to integration. They had thousands of merchant clients passing billions of transactions, processing payments through their old platforms.
Migrating customers (and their transaction volume) to a new platform was, and continues to be, a complex task. At the same time, gateways flourished. The companies continued to specialize in merchant segments, so that no single gateway could serve the needs of a processor’s entire customer base.
To meet all needs, processors would need to own or partner with multiple gateways. Legacy processors in some cases retrofitted new technology on top of the old. By the 2000s, software developers were integrating directly with payment gateways, routing transactions to a number of different processors.
Innovation also sped up quickly in a number of areas: local data storage and processing power, data encryption, tokenization, mobile payments, and integrating payments into point of sale software.
Today, anyone running a company must choose from a dizzying variety of payment service providers to accept online payments and offer payment terminals. Legacy banks offer payment processing, but often with a pile of disparate technologies, some of which was developed in the 1980s.
Gateway-only startups process payments, but since they play such a small part in the payments value chain, their technology must still plug into the old infrastructure. Plenty of companies offer standalone fraud solutions, but investing separately in payments and fraud reduction technology means a business owner needs more staff to manage separate relationships. If choosing among all these payments options is difficult, integrating them into your business is even harder. But it doesn’t need to be.
The core mission of Adyen is to make the payments choices easy for merchants. Because Adyen encompasses the whole payments value chain, it is an end-to-end solution, managing the entire payment flow from checkout through to final settlement. This includes hundreds of payment methods, with direct connection to card schemes and protection against fraud, in a single platform.
Adyen is a payment gateway, risk management system, and acquirer all rolled into one – so you can streamline your operations, reduce costs, and optimize results.
A bank or financial institution that lets a company accept payments. In other words, this is the company’s bank.
An authorization happens when a card issuer like a bank or credit card company verifies a shopper’s request to purchase something. When approved, the issuer reserves the authorized amount on the cardholder’s account to prepare for the capture (actual funds transfer). An authorization rate is the percentage of transactions that are authorized.
Though the largest card networks are Visa, Mastercard, American Express, Discover, and UnionPay, a card network is not the same as a credit card company. Card networks set the technical infrastructure and rules for payment processing, and they charge for the service.
When a shopper does not agree with a charge on a card, he or she can first ask for a refund. If the merchant refuses, the shopper can ask her bank to raise a chargeback. This is the starting point of a dispute process to define who is liable for the transaction, based on evidence presented by both parties. Reasons for a chargeback can include fraud, defective goods, or goods not delivered.
This means a transaction was either attempted or completed by a malicious agent.
A fee paid by the merchant — through the acquiring bank and to the shopper’s issuing bank — for each card-based transaction. The fee amount can depend on the card type, transaction value, and merchant category.
The issuing bank equips consumers with various types of cards, such as debit and credit cards. In other words, the issuing bank is a shopper’s bank.
Any payment method that is not a major card network. Card payments are not the dominant method of payment in all markets. In some, payments are made through bank transfers, direct debit, digital wallets like Apple Pay or Samsung Pay, or cash-based services.
A point of sale solution is the combination of hardware and software that lets a shopper purchase goods and services in a brick-and-mortar store. Point of sale is an important component of the payments ecosystem especially when it comes to offering convenient contactless payment options.
A service that helps merchants initiate ecommerce, in-app, and point of sale payments for a broad variety of payment methods. The gateway is not directly involved in the money flow; typically it is a web server to which a merchant's website or POS system is connected. A payment gateway often connects several acquiring banks and payment methods under one system.
A company that combines the functions of both a payment gateway and a payment processor, and can connect to multiple acquiring and payment networks.
PCI DSS (Payment Card Industry Data Security Standard) was created by the major card networks to increase the safety of cardholder data and reduce risk of fraud. All organizations involved with payment card processing must be PCI-compliant.
By submitting this form, you acknowledge that you have reviewed the terms of our Privacy Statement and consent to the use of data in accordance therewith.