Payments Hub Glossary

Account tokenization replaces sensitive data like credit card numbers or bank details with a unique, random placeholder (or “token”) and is used for data protection and compliance. Tokens have no inherent value, preventing misuse if intercepted, and a secure vault links it back to the real account for authorized transactions.

Account validation tools are used to assess new accounts and changes on existing accounts. These tools can provide much richer data about the account owner, including details such as name, address, balance of the account, and even the IP address associated with the location of the account owner.

The Automated Clearing House (ACH) Network is a secure electronic network used by U.S. financial institutions to transfer funds between bank accounts.
It facilitates both ACH credits (e.g., direct deposit payroll, tax refunds) and ACH debits (e.g., mortgage/utility payments).

Bottomline’s Artificial Intelligence (AI) agent acts as a digital team member in the office of the CFO, enabling treasurers, cash managers, and compliance professionals to interact with financial data and offer time-saving intelligence.

Anti-Money Laundering (AML) technology uses software, AI, and data analytics to automate and enhance financial crime detection and prevention. May include tasks like transaction monitoring, customer screening, and sanctions checks.

An Application Programming Interface (API) is a set of rules and protocols that enables two different software programs to communicate with each other and exchange data. It acts as an intermediary, allowing one application to request services or data from another without needing to understand the internal workings of the other system.

Atypical or anomalous activity can come in the form of unusual credit amounts or frequencies, multiple payroll deposits to a single account, sudden changes in payment patterns, and credits inconsistent with historical account behavior.

Controlled processing is a function using systems and rules to manage and secure financial transactions. It ensures accuracy, prevents fraud, and optimizes cash flow through real-time monitoring, automated validation, and configurable settlement flows.

Dual controls require more than one individual to initiate a payment. One individual may authorize the creation of an ACH entry with another confirming the entry and releasing it to the financial institution. Fraudsters may be able to get past one individual, but will have difficulty tricking two.

“False Pretenses” is a type of financial fraud where a perpetrator misrepresents facts to trick others into authorizing legitimate-looking transactions. This fraud type bypasses traditional authentication checks and relies on social engineering, making risk-based monitoring and anomaly detection critical for prevention.

Foreign Bank and Financial Accounts Reporting (FBAR) is a regulatory requirement under the US Bank Secrecy Act that aims to enhance financial transparency, prevent tax evasion, and establish reporting requirements. Any U.S. business that has foreign financial accounts exceeding $10,000 in aggregate at any point during the year must file an FBAR.

ISO 20022 is an international standard for electronic data exchange between financial institutions. It defines a common language and data format for financial messages so banks, payment systems, and markets can communicate more clearly and consistently. ISO 20022 compliance is mandatory for banks and payment networks.

A process that is used to continuously learn from transaction data and adapt to new fraud strategies, rather than relying on static, hard-coded rules.

Micro-entries are very small ACH transactions (typically a few cents or less, credit or debit) used to verify that a bank account belongs to the intended recipient and is valid. Micro-entries are not payments and exist solely for account validation, ownership verification, and reducing fraud and errors.

Multi-factor authentication is a security method that requires two or more verification types (or factors) to log into an account, adding layers of defense to block unauthorized access.

The National Automated Clearing House Association (Nacha) oversees the ACH Network payment system involving direct deposits and direct payments for all U.S. bank and credit union accounts. Nacha compliance is necessary for all ACH participants in the United States.

The Office of Foreign Assets Control (OFAC) is a division of the U.S. Treasury Department that administers and enforces economic and trade sanctions to support national security and foreign policy goals. OFAC compliance is imperative for financial institutions and businesses.

A Nacha Originator is an entity, company, or person that creates and initiates ACH payment instructions (debits or credits) to a Receiver’s account.

Out-of-band authentication validates payment requests or changes to payment instructions by independently verifying the request/ change using a method other than the method used by the original request.

Payment anomaly tools are electronic risk management tools that can identify and manage discrepancies in payment transactions. Tools can include anomaly detection, AI-powered solutions, and comprehensive analysis that involve deep learning techniques.

Payment Factory is a centralized system for managing payment and collection processes, consolidating bank connections, standardizing formats, and automating workflows.

Payment formats can range from traditional cash and checks to modern digital methods like credit/ debit cards, mobile wallets (Apple Pay, Google Pay), bank transfers (ACH), Buy Now Pay Later (BNPL), and cryptocurrency. Each format offers varying convenience, security, and processing speeds.

Positive Pay is an automated cash management service offered by banks to prevent fraud by matching a company’s issued check or ACH payment against actual items presented for clearing. It acts as a security checkpoint, flagging discrepancies like altered amounts or payee names for company review before payment is finalized.

Prearranged Payment and Deposit (PPD) Entries are an ACH format used specifically for transactions between businesses and consumer accounts. PPD transactions allow businesses to debit (collect) or credit (deposit) funds, such as payroll or monthly bills, based on prior written authorizations.

Risk-based audits focus effort where risk is highest, rather than reviewing all processes or transactions equally. The goal is to allocate time, testing, and controls to areas most likely to cause financial loss, compliance failure, fraud, or operational disruption.

Red flag and routine reporting is the act of regularly reviewing, reconciling, and reporting on transactions and accounts. Reports can identify new relationships, show transactions of existing customers to new accounts, surface abnormal activity, and verify that transactions are intentional.

Rules-based security is a process set and used by administrators to predefine “if-then” rules to automatically control access, enforce policies, and detect threats.

Sanctions screening is a compliance process where individuals, entities, and transactions are checked against official government and international lists to prevent illicit activities.

Systems and applications that ensure maintenance of firewalls and antivirus software is up to date and that all system components and software have the latest vendorsupplied security patches installed.

Secure File Transfer Protocol (SFTP) is a network protocol that provides secure file access, transfer, and management over any reliable data stream. SFTP is often seen as a replacement for the traditional File Transfer Protocol (FTP) due to its superior security features.

System and Organization Controls (SOC) 2 is an independent audit of how well a company protects customer data and operates key controls related to security and reliability. It’s most required for technology, SaaS, fintech, data, and service companies that handle sensitive client information.

Integrated Single Sign-On (SSO) is a digital key that grants access to multiple applications with just one set of credentials. Benefits include streamlining access, reducing password fatigue, and simplifying IT management.

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a global messaging network that banks and financial institutions use to securely exchange payment instructions and other financial information.

Transformation services is a process that helps organizations shift from slow, manual payments (like checks) to fast, automated payments. This digital technology enables real-time control and security, improved cash flow, and customer demand for instant experiences.

A user interface (UI) is the point of communication between a person and a machine. It’s what you see, hear, say, and touch in order to give instructions to a device or receive information back from it. User interfaces dictate how people interact with devices and software.

WEB debits are internet-initiated ACH debit transactions that are authorized by a consumer and pull money from the consumer’s bank account. WEB debit examples include paying a utility, credit card, or subscription bill online via bank account.