Stancer documentation

English

Français

English

Français

Appearance

Glossary

Our teams endeavour to explain the main terms and concepts associated with card-based payments, so that you have a better understanding of our activity.

  • 3D Secure (3DS):

The term 3D Secure is the primary implementation of the SCA mechanism by the Card Schemes. It reflects the pre-requisites of the SCA mechanism from a technical standpoint and is now widely used by the Card Schemes.
In addition to its qualities in terms of security, the 3D Secure mechanism transfers your liability in the event of fraud: the bank that issued the card becomes liable in the event of established fraud involving the transaction concerned.
This means that the bank in question will have to refund your customer if fraud is confirmed involving the card that was used for the payment.

  • ACPR (French Prudential Supervision and Resolution Authority):

Under the responsibility of the Banque de France, the ACPR’s role is to oversee all the operators in the world of finance and insurance in France. The ACPR issues the mandatory accreditations for Payment Institutions such as Stancer.

  • Acquirer/Acquisition:

Payment acquisition means the transfer to the banking institutions of all the information that is necessary in order to process a transaction. Stancer thus carries out the acquisition of your payments.

  • API (Application Programming Interface):

An API (application programming interface) is a software interface that allows one piece of software or service to “connect” to another piece of software or service in order to exchange data and functionality.

  • Strong Authentication (also known as 3DS or Strong Customer Authentication (SCA)):

This mechanism is designed to make payments secure. It enables the payer to confirm their identity via a second authentication factor (e.g. SMS or confidential code). This mechanism was recently revised (version 2 has now been implemented) by the European revised Payment Services Directive (PSD2). Biometrics can now be used for this authentication (fingerprints, for example). Please note that the SCA mechanism is based on legislation: its technical implementation is reflected in the appearance of a term that is now closely associated with SCA: 3D Secure.

  • BIC (Bank Identifier Code):

This is the acronym for a bank’s international identifier code. It makes up the first characters (8 or 11) of an IBAN.

  • BIN or IIN (Bank Identification Number ou Issuer Identification Number):

This acronym designates the financial organisation that marketed a payment card. It can be found on the reverse of payment cards. Depending on the Card Schemes, it is the first four or five figures of the card primary account number ( PAN).

  • Clearing house:

A clearing house is an organisation that enables financial operators to exchange their transfer orders by means of the clearing mechanism. The clearing house reconciles the exchanges to be made between the operators (banks) and transfers the net balances between them (known as netting). These platforms are used for SEPA payments (SDDs and SCTs).
In France, the most well-known clearing house is the Core system operated by STET.

  • Card Data:

PAN, CVV, CVC, etc. These acronyms refer to the means of identification for payment cards that are present on the cards themselves. The diagram above shows where these are located on the majority of payment cards.

  • PSD2 (revised Payment Services Directive):

This European Directive, which was adopted on 8 October 2015, aimed to revise the European directives concerning payments made in the European Economic Area. PSD2 contains a set of new obligations for payment operators: merchants, financial institutions and regulators. These new provisions include version 2 of the SCA, which has a significant impact on merchants, as the SCA mechanism (and thus its 3DS implementation) must be triggered automatically. The complete text is available here.

  • EMV (Europay Mastercard Visa):

This is a standard for payment cards with which equipment intended to effect transactions on these Card Schemes must comply. The Stancer Terminal is EMV-certified.

  • IBAN (International Bank Account Number):

This is the identifier that enables any financial organisation to identify a bank account. This is a standard European/international format. In France the acronym “RIB” is still used to refer to bank account details.
Nevertheless, each RIB is associated with an IBAN, which is used to effect all the transactions on the account. The nomenclature for IBAN meets international ISO standards: this means that Stancer can debit and credit accounts in numerous countries throughout the world.

  • Interchange:

Interchange is a fee that is charged for a card-based payment. The cardholder’s (i.e., your customer’s) bank charges the bank that acquires the payment (i.e., Stancer’s bank) fees for debiting the account. This fee varies, depending on the Scheme, as well as on the type of card used for the payment. Various European regulations have been adopted in an attempt to reduce and/or remove interchange fees.

  • Mandate:

In order to effect an SDD, the merchant must first have signed a mandate with their customer that authorises the merchant to debit sums from their bank account. Stancer uses this mandate to effect this direct debit and make the funds available to you. A mandate is identified by its UMR (Unique Mandate Reference). It is, in particular, with this identifier that you can ask Stancer to debit your customer.

  • NFC (Near Field Communication):

This is a contactless payment technology for all payment terminals. This term covers a set of hardware and software standards that ensure security of payments without the customer having to enter a PIN. Please note that the Stancer Terminal is compatible with this technology.

  • PCI-DSS (Payment Card Industry Data Security Standard):

PCI DSS is an IT security standard that certifies the computer resources used to store payment data (payment cards, for example). It was created by five payment card networks in 2006. This certification requires significant in-house security and process systems.
Stancer’s compliance with this standard provides you and your customers with assurance that sensitive data is being stored securely. You may be asked to ensure PCI DSS compliance, depending on the method used to integrate our services (only API).

  • PSP (Payment Service Provider):

As the name suggests, this refers to a provider of payment services. As a Payment Institution (PI), Stancer is a PSP. The status of PI is a regulatory status that enables an undertaking to make payments on behalf of a third party (i.e., you).
This status is regulated in France by the ACPR (French Prudential Supervision and Resolution Authority) and Payment Institutions must be accredited by the ACPR. Obtaining accreditation from the ACPR provides you with assurance of the security and reliability of our services.

  • GDPR (General Data Protection Regulation):

The General Data Protection Regulation is a European legislative document that regulates the processing of data, on an egalitarian basis, throughout the European Union. You have the possibility, at any time, of exercising your rights to said data using the forms provided by Stancer.

  • Card Scheme:

This is a network of information exchange for payment cards. These networks make it possible to transmit transactions effected with the payment cards that use them. The most well-known Card Schemes are Carte Bleue, Visa, Mastercard and American Express.

  • SDD (Sepa Direct Debit):

This acronym denotes a direct debit effected within the SEPA.

  • SEPA (Single Euro Payment Area):

The Single Euro Payment Area (SEPA) corresponds to all the countries in which SDDs and SCTs are possible. The list of SEPA member countries is available here.

  • Token:

A token is used to make information anonymous so that it can be designated and used without risk. For recurring card payments, Stancer tokenizes your customers’ payment cards so that they can be debited at a later date at no risk. Tokens must be stored by PSPs in the strictest compliance with PCI DSS standards: Stancer guarantees you the integrity and security of this data throughout the periods defined by the regulations.