A software component, also called an extension, that adds a specific feature to an existing program to enable customization.

PIN debit

Secure PIN debit card processing feature which results in the lowest processing fees.


Personal Identification Number – A four-to-twelve character secret code that allows an issuer to positively authenticate the cardholder for the purpose of approving an ATM or terminal machine transaction occurring at a point-of-interaction device.

Payment gateway provider

A company that provides code and/or software for an e-commerce site enabling it to transfer information from its shopping cart to the acquiring bank, and on through the rest of the credit card transaction process. See also “payment gateway.”

Payment gateway

The code that transmits a customer’s order to and from a merchant’s bank’s transaction-authorizing agent, usually a merchant account provider. See also “real-time processing.” See for more information about the Cardknox payment gateway.


Payment Card Industry Security Standards Council – Global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide.

PCI DSS Level 1 Compliance

A set of requirements developed by the PCI SSC to ensure that companies that store, transmit, or process credit card data comply with the highest standards of security. Within the PCI DSS standards, there are 4 levels of PCI compliance. These levels are based on the annual number of transactions for any given merchant.

PCI DSS Level 1 is the highest level of compliance and is defined as follows:

  • Processing greater than 6 million Mastercard or Visa transactions annually, OR,
  • A merchant that has experienced an attack resulting in compromised card data, OR,
  • A merchant deemed Level 1 by a card association


Payment Card Industry Data Security Standard – The PCI information security standard for organizations that handle branded credit cards from the major card issuers.

The PCI Standard is mandated by the card brands but is administered by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually or quarterly, either by an external Qualified Security Assessor (QSA) or by a firm specific Internal Security Assessor (ISA) that creates a Report on Compliance for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

Payment aggregator

A service provider that allows merchants to process mobile or e-commerce payments. Payment aggregators enable businesses to accept credit and debit card payments without setting up a merchant account through a bank.


Payment Facilitator – Merchant service provider that simplifies the merchant account enrollment process by enabling a business to sign up as a sub-merchant under the payment facilitator’s merchant account.