While the world of online payments may seem simple on the outside. There’s a lot complexity happening in the background, and with it comes a whole lot of terms you’ve probably never heard of.

During our day-to-day activities we tend to get asked a lot about what these terms mean. So we created this blog post as a short-form glossary for online payments.

But while there are many other terms to talk about which are just as important as the ones here. I narrowed the list down to the most common ones we often get asked.

And if you want to take your knowledge of online payments to a higher level. Check out the PAYMILL Glossary

1. Acquiring bank

An acquiring bank is a financial institution that processes credit and debit card payments for your online business. Acquiring banks are part of a card association such as MasterCard or Visa, and act as middle person between them and issuing banks.

Their main role is to accept (or acquire) credit or debit card payments from card issuing banks, and to verify the transactions made by customer. An acquiring bank either approves or declines a transaction based on information the card association and issuing bank has on the cardholder.

2. Issuing bank

An issuing bank is a financial institution that grants debit or credit cards from the card association directly to customers. You can easily identify who your issuing bank is, by simply looking at your credit or debit card.

3. Merchant account

When entering a contract with an acquiring bank, your business will have a merchant account, which is a bank account where companies are able to process debit or credit card payments.

After an online transaction is completed the acquiring bank accepts capital from the customer and deposits the payment with the deducted fees into the merchant’s account, which it later pays out to the merchant’s business bank account.

4. Chargebacks

A chargeback, also known as reversal, is a customer protection mechanism through which a disputed transaction is reimbursed either to the cardholder or the merchant depending on the case.

The most common reasons chargebacks occur when:

  • Product has not been received
  • The product received was drastically different from what was advertised
  • Credit card used without authorisation of the card holder

Online businesses have to be very careful with chargebacks. Since acquiring banks establish a ratio they should not surpass., which in most cases is 1% (or less) of total sales.

Processing a large number of chargebacks can have serious consequences for a business; where merchants can be subject to a heavy fine or have their merchant account terminated.

An easy way to prevent and protect yourself from chargebacks is with 3-D Secure. You can find out more here: 3 Ways 3-D Secure Builds Trust In Your Checkout

5. 3-D secure

3-D Secure (Three-Domain Secure), is a security protocol to prevent fraud in online credit and debit card transactions. Offered by the credit schemes, it ensures the customer is actually the credit card holder by allowing them to assign a username and password to their card.

3-D Secure

You’ve probably already seen 3-D Secure also know as MasterCard SecureCode or Verified by Visa depending which card you’re using. Additionally transactions authorised through 3-D Secure have a liability shift, which in most cases means that you can avoid paying high chargeback fees from the credit card schemes.

If you’re running a subscription business you might want to check out this post: How To Reduce Chargebacks For Your Subscription Business

6. Rolling reserve

Rolling Reserve is a percentage of the transaction value held by an acquiring bank and then released on a scheduled basis to the merchant. Essentially this is a risk management strategy to protect your business from the potential loss of revenue from chargebacks.

The rolling reserve acts as a buffer for potential chargebacks and ensures the business has enough liquidity in case of chargebacks. Acquiring banks calculate the rolling reserve based on the risk a business might face, where it remains in the business’ merchant account and is later released (max. 180 working days).

After a certain period has passed, the rolling reserve can be reviewed again when the acquiring bank and the business have more data on their transactions and chargeback ratio.

Bear in mind that a rolling reserve applies to certain types of businesses (not to all) based on their business model and average delivery time of their product.


Any business accepting payment cards needs to comply with the Payment Card Industry Data Security Standard (PCI-DSS), which is defined by the PCI Council.

PCI-DSS is in place to make online payments more secure by ensuring the sensitive data of your customers is handled in a recognised and secure manner.

The Council was founded by the credit card associations; American Express, Discover Financial Services, JCB International, MasterCard and Visa, where these organisations may restrict the usage of their payment cards if businesses are non-compliant.

For more information, we have a full list of terms in the PAYMILL Glossary



The easiest way to accept credit and debit card payments on your website

Sign Up


Kostas Papageorgiou

Kostas specialises in content marketing and community management, who's focused on helping tech companies increase brand awareness and engagement to boost conversions.