The world of payments and fraud is full of acronyms and terminology. Here’s our handy guide to find your way through.

3D Secure or “3DS”

3D Secure (3DS) is a way for Issuing Banks to authenticate consumers who use their cards to pay online.

Online payments which have been authenticated do not carry a risk of fraud for the Merchant.

Acquirer or “Acquiring Bank”

The Acquirer or “Acquiring Bank” is a bank which acquires funds for merchants from a cardholder.


Authentication is the process of proving an identity to be valid, typically using a shared secret.

This is commonly an act of “logging in” using a static password, or a One Time Password (OTP) sent over SMS or generated by a 2nd factor device, known only to the two parties.

In payments, Authentication is the process of the consumer proving their identity to an Issuing Bank usually as a precursor to an Authorisation.

Authorisation or Authorization

An Authorisation is the process of an Issuer verifying the payment details provided by a consumer and reserving funds in the consumer’s account.

Once an Authorisation has been granted, the payment is completed by ‘Capturing’ the authorisation.

Issuers subject Authorisation requests to risk analysis based around the consumer’s prior activity and the details of the Authorisation attempt itself.


Once an Authorisation has been granted, the payment is not complete until it has been Captured.

Capturing a payment starts the process of the funds transferring to the merchant from the consumer.

Chargebacks and Disputes

The terms Chargeback and Dispute are used interchangably but collectively refer to the process by which a cardholder seeks a return of funds from a Merchant.

The ‘Dispute Process’ is initiated by a cardholder complaint to their Issuing Bank about a particular transaction.

The Merchant then has an opportunity to Defend the transaction by submitting evidence to support their belief that the transaction was fair.

At the end of the process a decision is reached, at which point the cardholder and merchant will respectively Win or Lose.


The General Data Protection Regulation (GDPR) applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. Read more about Ravelin and the GDPR.

Issuer or “Issuing Bank”

The Issuer or “Issuing Bank” is a bank that issues cards for cardholder to make payments with.

Payment Gateway

A Payment Gateway is a service that allows Merchants to initiate and manage online payments. Payment Gateways are not typically involved in the flow of money. When they offer other ‘bundled’ services they transmogrify into Payment Service Providers.

Payment Service Provider

Payment Service Providers offer a variety of bundled services to Merchants, typically combining the services of a Payment Gateway with an Acquirer either of their own or through multiple connections to different Acquirers and payment networks.

From a regulatory perspective, ‘Payment Service Provider’ also refers to Issuing and Acquiring banks.