Depending on where in the world you are located, equipment used to take payments is called by different names. Here are the types we reference in this document and what they are commonly called.
A payment terminal is the device used to take customer card payments via swipe, dip, insert, tap, or manual entry of the card number. Point-of-sale (or POS) terminal, credit card machine, PDQ terminal, or EMV/chip-enabled terminal are also names used to describe these devices.
An electronic cash register (or till) registers and calculates transactions, and may print out receipts, but it does not accept customer card payments.
An Integrated payment terminal is a payment terminal and electronic cash register in one, meaning it takes payments, registers and calculates transactions, and prints receipts.
A merchant bank is a bank or financial institution that processes credit and/or debit card payments on behalf of merchants. Acquirer, acquiring bank, and card or payment processor are also terms for this entity.
Encryption is a process that cryptographically protects data via a mathematical formula that renders the data unreadable to people without special knowledge (called a key). Cryptography can be applied to stored data as well as data transmitted over a network. While your payment terminal may encrypt card data, unless it is part of a PCI-listed P2PE solution, you don’t know the quality of that encryption. With a PCI-listed P2PE solution, card data is always entered directly into a PCI-approved payment terminal with secure reading and exchange of data (SRED) enabled. This approach minimizes exposure of clear-text card data, and protects merchants against payment terminal exploits such as “memory scraping” malware. Any encryption that is not done within a PCI-listed P2PE should be discussed with your vendor.
A payment system encompasses the entire process for accepting card payments in a retail location, and may include a payment terminal, an electronic cash register, other devices or systems connected to a payment terminal (for example, Wi-Fi for connectivity or a PC used for inventory), and the connections out to a merchant bank.
When you sell products or services online, you are classified as a e-commerce merchant. Here are some common terms you may see or hear and what they mean.
An e-commerce website houses and presents your business website and shopping pages to your customers. The website may be hosted and managed by you or by a third party hosting provider.
Your shopping pages are the web pages that show your product or services to your customers, allowing them to browse and select their purchase, and provide you with their personal and delivery details. No payment card data is requested or captured on these pages.
Your payment page is the web page or form used to collect your customer’s payment card data after they have decided to purchase your product or services. Handling of card data may be 1) managed exclusively by the merchant using a shopping cart or payment application, 2) partially managed by the merchant with the support of a third party using a variety of methods, or 3) wholly outsourced to a third party. Most times, using a wholly outsourced third party is your the safest option - and it is important to make sure they are a PCI DSS validated third party.
An e-commerce payment system encompasses the entire process for a customer to select products or services and for the e-commerce merchant to accept card payments, including a website with shopping pages and a payment page or form, other connected devices or systems (for example Wi-Fi or a PC used for inventory), and connections to the merchant bank (also called a payment service provider or payment gateway). Depending on the merchant’s e-commerce payment scenario, an e-commerce payment system is either wholly outsourced to a third party, partially managed by the merchant with support from a third party, or managed exclusively by the merchant.