Table of contents

Heading 2
Precium API Docs
Precium Server-to-Server API
Glossary

Glossary

A

3D Secure (3DS)

A security protocol that provides an additional layer of authentication for online card transactions. 3DS 2.0 supports risk-based authentication, allowing frictionless flows for low-risk transactions while challenging high-risk ones.

3DS Challenge

The authentication step where the cardholder must verify their identity, typically through an OTP, biometric, or password sent by the issuing bank.

Acquirer

A financial institution that processes card payments on behalf of merchants. The acquirer maintains the merchant relationship and routes transactions to the appropriate card networks.

ACS (Access Control Server)

The issuing bank's server that handles 3DS authentication. It generates and validates authentication requests during the 3DS flow.

AoC (Attestation of Compliance)

A formal declaration confirming that a merchant or service provider meets PCI DSS requirements. Required annually for S2S integrations.

API Key

A unique identifier used to authenticate API requests. Precium uses two types: Standard API Key (for general operations) and S2S API Key (for card data submission).

Authorization

The process of verifying that a cardholder has sufficient funds or credit and obtaining approval from the issuing bank to proceed with a transaction.

B

BIN (Bank Identification Number)

The first 6-8 digits of a card number that identify the issuing bank and card type. Used for routing decisions and fraud detection.

Brand ID

A unique identifier assigned to each merchant brand within the Precium platform. Used in API calls to route transactions correctly.

Browser Fingerprint

A collection of browser and device attributes (screen size, timezone, language, etc.) used for 3DS risk assessment and fraud detection.

C

Callback URL

A URL Precium sends to the customer after 3DS authentication. The URL receives authentication results for further processing.

Capture

The process of finalising a pre-authorized transaction to transfer funds. Can be full (entire authorized amount) or partial (less than authorized).

Card Network

Organisations such as Visa, Mastercard, and American Express that operate the payment infrastructure connecting issuers and acquirers.

Card-Not-Present (CNP)

A transaction where the physical card is not presented, such as online or phone payments. Requires additional fraud prevention measures.

Card Token

A secure substitute for a card number that can be stored and reused for future transactions without exposing the actual card data.

CAVV (Cardholder Authentication Verification Value)

A cryptographic value generated during 3DS authentication that proves the cardholder was authenticated. Included in authorization requests for liability shift.

Chargeback

A transaction reversal initiated by the cardholder through their issuing bank, typically due to fraud, non-receipt of goods, or disputes.

CIT (Customer-Initiated Transaction)

A transaction where the cardholder is actively participating at the time of payment, requiring their authentication.

Clear PAN

The actual card number (Primary Account Number) as opposed to a tokenized representation.

Cryptogram

A dynamic security value generated by a network token service (MDES/VTS) that provides transaction-specific authentication.

CVC/CVV (Card Verification Code/Value)

The 3 or 4-digit security code printed on a card, used to verify card-not-present transactions.

D

Direct Post URL

A dynamically generated, single-use URL where card data is securely submitted in the S2S flow. Unique to each purchase.

DPAN (Device Primary Account Number)

A network token that represents the actual card number. Used in network tokenization (MDES/VTS).

DS (Directory Server)

A card network component that routes 3DS messages between the merchant and the issuer's ACS.

DS Transaction ID

A unique identifier assigned by the Directory Server in 3DS 2.x authentication, used to link authentication to the transaction.

E

ECI (Electronic Commerce Indicator)

A code returned during 3DS authentication that indicates the level of authentication achieved:

  • 05/02: Fully authenticated (Visa/Mastercard)
  • 06/01: Attempted authentication
  • 07/00: Non-3DS or failed authentication

F

Force Recurring

A flag in purchase creation that signals intent to store card credentials for future recurring transactions. Generates a token when enabled.

Fraud Score

A numerical value representing the risk level of a transaction based on various factors including velocity, geography, device fingerprint, etc.

Frictionless Flow

A 3DS authentication that completes without cardholder interaction because the risk assessment deemed the transaction low-risk.

G

Gateway

A service that securely transmits transaction data between merchants and payment processors.

H

Hard Decline

A permanent decline that should not be retried. Indicates issues like invalid card, stolen card, or closed account.

I

Idempotency

A property where repeating the same request produces the same result, preventing duplicate transactions or charges.

Issuer / Issuing Bank

The financial institution that issued the card to the cardholder and is responsible for authorizing transactions and managing the cardholder's account.

L

Liability Shift

Transfer of fraud liability from the merchant to the issuing bank upon successful 3DS authentication.

Luhn Check

A checksum algorithm used to validate card numbers. The last digit of a card number is a check digit calculated using this algorithm.

M

MCC (Merchant Category Code)

A four-digit code classifying the type of business a merchant operates. Affects interchange rates and transaction permissions.

MD (Merchant Data)

An opaque value passed through the 3DS flow to maintain state between the redirect to the issuer and the callback.

MDES (Mastercard Digital Enablement Service)

Mastercard's network tokenization service that provisions and manages network tokens for secure digital payments.

MIT (Merchant-Initiated Transaction)

A transaction initiated by the merchant when the cardholder is not present, such as a subscription renewal or scheduled payment.

MPI (Merchant Plug-In)

A software component that handles 3DS authentication on behalf of a merchant. Can be provided by Precium (internal) or a third-party provider (external).

N

Network Token

A card token provisioned by the card network (Visa, Mastercard) that updates automatically when a card is reissued, providing higher authorization rates.

Network Transaction ID

A unique identifier assigned by the card network to link related transactions (e.g., original CIT and subsequent MITs).

O

OTP (One-Time Password)

A temporary code sent to the cardholder during 3DS authentication, typically via SMS or an authenticator app.

P

PaReq (Payer Authentication Request)

A message sent to the issuer's ACS containing transaction details for 3DS authentication.

Partial Capture

Capturing less than the pre-authorized amount. Used when the final transaction amount is lower than the original authorisation.

Partial Refund

Returning only a portion of the original transaction amount to the customer.

PCI DSS (Payment Card Industry Data Security Standard)

A set of security standards designed to ensure all companies that accept, process, store, or transmit credit card information maintain a secure environment.

Pre-Authorization

An authorization request that reserves funds on a cardholder's account without immediate capture. Also called "auth-only" or "authorize-only."

Purchase

In Precium's API, a purchase object represents a transaction intent including amount, currency, products, and redirect URLs.

Q

QSA (Qualified Security Assessor)

An organisation certified by the PCI Security Standards Council to assess and validate compliance with PCI DSS.

R

RoC (Report on Compliance)

A detailed document created by a QSA documenting an organisation's compliance status with PCI DSS requirements.

Recurring Payment

A series of transactions charged to a customer's card at regular intervals based on prior authorization.

Refund

The return of funds to a cardholder, either full or partial, that reverses a previous successful charge.

S

S2S (Server-to-Server)

An integration pattern where card data is transmitted directly from the merchant's server to Precium's API, requiring PCI DSS SAQ-D compliance.

SAQ (Self-Assessment Questionnaire)

A PCI DSS compliance validation tool. Different types exist based on how card data is handled:

  • SAQ A: Card data never touches merchant systems
  • SAQ A-EP: Card data touches merchant systems via redirect
  • SAQ D: Merchant stores, processes, or transmits card data (required for S2S)

Settlement

The process of transferring funds from the cardholder's issuing bank to the merchant's acquiring bank after transaction authorization.

Soft Decline

A temporary decline that may succeed if retried later. Often due to insufficient funds, velocity limits, or temporary system issues.

T

Token / Tokenization

The process of replacing sensitive card data with a non-sensitive substitute (token) that can be safely stored and used for future transactions.

Transaction ID

A unique identifier assigned to each payment transaction for tracking and reference purposes.

V

Velocity Check

Fraud prevention rules that limit the number or value of transactions within a time period to detect suspicious patterns.

Void

Cancellation of an authorized transaction before settlement occurs. Also used to cancel refunds before settlement.

VTS (Visa Token Service)

Visa's network tokenization service that provisions and manages network tokens for secure digital payments.

W

Webhook

An HTTP callback that Precium sends to your server when specific events occur (payment completed, refund processed, etc.).

Webhook Secret

A cryptographic key provided by Precium used to sign webhook payloads. Used to verify webhook authenticity and prevent spoofing.

Webhook Signature

An HMAC-SHA256 hash of the webhook payload, computed using the webhook secret. Included in the X-Webhook-Signature header for verification.

X

XID (Transaction Identifier)

A unique identifier used in 3DS 1.x authentication to link the authentication to the transaction.

Z

Zero Authorization

A card authorization for zero amount used to validate card details without placing a hold on funds. Often used during card registration or verification flows.

Common Abbreviations Quick Reference

|Abbreviation|Full Term| |---|---| |3DS|3D Secure| |ACS|Access Control Server| |AoC|Attestation of Compliance| |API|Application Programming Interface| |BIN|Bank Identification Number| |CAVV|Cardholder Authentication Verification Value| |CIT|Customer-Initiated Transaction| |CNP|Card Not Present| |CVC/CVV|Card Verification Code/Value| |DPAN|Device Primary Account Number| |DS|Directory Server| |ECI|Electronic Commerce Indicator| |MCC|Merchant Category Code| |MD|Merchant Data| |MDES|Mastercard Digital Enablement Service| |MIT|Merchant-Initiated Transaction| |MPI|Merchant Plug-In| |OTP|One-Time Password| |PAN|Primary Account Number| |PaReq|Payer Authentication Request| |PCI|Payment Card Industry| |QSA|Qualified Security Assessor| |RoC|Report on Compliance| |S2S|Server-to-Server| |SAQ|Self-Assessment Questionnaire| |VTS|Visa Token Service| |XID|Transaction Identifier (3DS1)|

Currency Codes (ISO 4217)

|Code|Currency| |---|---| |ZAR|South African Rand| |USD|United States Dollar| |EUR|Euro| |GBP|British Pound Sterling| |AUD|Australian Dollar| |CAD|Canadian Dollar|

HTTP Status Codes

|Code|Meaning| |---|---| |200|Success| |201|Created (resource successfully created)| |400|Bad Request (invalid input)| |401|Unauthorized (invalid API key)| |403|Forbidden (insufficient permissions)| |404|Not Found (resource doesn't exist)| |422|Unprocessable Entity (validation error)| |429|Too Many Requests (rate limited)| |500|Internal Server Error| |502|Bad Gateway| |503|Service Unavailable|
Subscribe
Join our newsletter to stay up to date on features and releases.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By subscribing you agree to our Privacy Policy and provide consent to receive updates from our company.
Solutions
Payment processingPayment recovery
Use Case
E-commerce
Financial Services
International
Resources
MagazinePayment Glossary
Company
About UsCareers
© current-year Precium. All rights reserved.
Privacy PolicyTerms of ServicePAIA ManualCookie PolicyCookie Preferences
/precium
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept