Acronym for “authentication, authorization, and accounting.” Protocol for authenticating a user based on their verifiable identity, authorizing a user based on their user rights, and accounting for a user’s consumption of network resources.
Anti-bribery and corruption in the context of ABC Laws.
Those Relevant Laws intended to prohibit bribery or some other form of corruption, including fraud and tax evasion.
The Alipay+ Brand Mark and (if applicable) the Mobile Payment Partners’ Trade Marks identified by Alipay+ Core Operator to indicate the acceptance of Mobile Payment Partner Products.
A table that states the rights of each subject for every object in the system. The table could be in any format as long as the access rights to the object are clear defined and map to the subject.
Security credentials with login session that identifies user, user's group, user's permissions, and, in some cases, specific applications. Access Token can be used for payment.
A Partner in its capacity as an acquirer or payment processor, including where it enters into a Merchant Agreement with a Merchant or an Indirect Participation Agreement with an Indirect Acquiring Partner, and processes Transactions directly or indirectly for its Merchants.
Acquiring Service Provider
An Acquiring Partner participating in Alipay+ Core or other acquirer cooperating with a member of Ant Group to enable payments.
The process of adjusting transactions due to equipment, communication lines, system processing, terminal operations and other reasons.
With respect to a person, any other person that directly or indirectly Controls, is Controlled by, or is under the common Control of another person with, that person.
Alipay+'s Center Partner Banks
Alipay+ works with one of more of its Partner Banks to manage currency risk in Alipay+’s Operation Centers.
Alipay+'s Local Partner Banks
Alipay+’s specifies a panel of Banks for each Territory, with which the Partner should open the settlement account.
Alipay+ Brand Guidelines
The guidelines and instructions applicable to use of the Alipay+ Brand Mark as specified by Alipay+ and as updated from time to time.
Alipay+ Brand Mark
A mark, including word, name, logo, design, symbol and trademark, as licensed to Alipay+ Core Operator for the operation of Alipay+ Core.
Alipay+ Client SDK
A client-side SDK for Android and iOS that is used to help Issuing Partner integrate Alipay Connect payment products.
Alipay+ Code-Scanning Payment Standards
A set of barcode (1-dimension) and QR code (2-dimension) scanning payment standards developed by Alipay+ to facilitate interoperability among Partners. This set of standards is composed of code format, routing rules, transaction processing rules, user experience design guidelines, and security guidelines, etc.
The systems and services through which Alipay+ Core and its Affiliates deliver electronic payment processing, clearing and settlement services to Partners.
Alipay+ Core Operator
Alipay Connect Pte. Ltd. and all of its Affiliates that operate Alipay+ Core, including its and their successors and assigns. When used in the Rules, Alipay+ Core Operator refers to Alipay Connect Pte. Ltd. or, if otherwise specified in the Participation Agreement, any of its applicable Affiliates.
Alipay+ Core Rules Release Guide
The guide released by Alipay+ Core Operator with a Rules update, which sets out the Rules changes, the reasons for the changes and their respective effective dates and implementation dates.
Alipay+ Core Supported Multi-currency Pricing
With respect to Online Merchants that provide Multi-Currency Pricing Service, the currencies set out in Section 4.4 of Alipay+ Core Operating Principles for Multi-currency Pricing (as may be updated from time to time by Alipay+ Core Operator) which are supported by Alipay+ Core Operator and which Merchants can select as the Transaction Currency.
Alipay+ Core Time Zone
The currency in which the Alipay+ and a Partner settle their respective obligations under Rule 8 in which, unless otherwise set out in the relevant Participation Agreement, is the Local Currency of the Partner's Territory.
Alipay+ IP Rights
All IP Rights in technology, infrastructure, signs or source indicators, documents and materials used to provide the Services, including source codes, the Alipay+ Code-Scanning Payment Standards, Payment Codes, Collection Codes, Code Issuer Identifiers, operational and technical infrastructure, and the Alipay+ Brand Mark.
Alipay+ Partner Workspace
An online platform on Alipay+'s portal through which Partners can query Transaction status, submit Disputes, and report fraudulent Transactions, etc.
Alipay+ Payment Product
Any of the four In-Store Payment or Online Payment products offered by Alipay+ to Partners: In-Store UPM Payment, In-Store MPM Payment, Cashier Payment and Auto Debit.
Alipay+ Server SDK
A server-side component that is used to identify and process all the QR Codes and barcodes that Alipay Connect supports.
Alipay Merchant Services (AMS)
Comprehensive acquiring services provided by Alipay for global merchants and institutions.
Anti-money laundering and counter-terrorism in the context of AML Laws.
AML and Sanctions Programme
A person’s documented practices and operational procedures regarding the management and mitigation of money laundering and terrorism financing risk which meets any and all requirements under applicable AML Laws and Sanctions.
Those Relevant Laws intended to combat money laundering, terrorist financing or related crimes.
Party that can register or write off Blockchain balance based on bank account balance of a remittance participant.
Application installed on user or merchant terminals, such as mobile phone.
The person ultimately responsible for the risks and availability and support/maintenance of the application/system and for the security of the data residing on that system. Typically, Business system owners are the individuals ultimately accountable for budgeting and risks associated with the system.
Subject to any restrictions set out in the Participation Documents, (i) in relation to a Partner, as is necessary in order to facilitate that Partner’s participation in Alipay+ Core; and (ii) in relation to Alipay+ Core Operator, as is necessary in order to facilitate the provision of the Services (including the exercise of rights and performance of obligations under Participation Documents, managing AML/Fraud Risk, resolving any Disputes or facilitating the provision of Partner Products by other Partners).
Also referred to as “audit trail.” Chronological record of system activities. Provides an independently verifiable trail sufficient to permit reconstruction, review, and examination of sequence of environments and activities surrounding or leading to operation, procedure, or event in a transaction from inception to final results.
Check and verify merchant and acquirer information including company name, license number, and copy of business license.
Authentication, Authorisation, and Accounting (AAA)
Protocol for authenticating a user based on their verifiable identity, authorizing a user based on their user rights, and accounting for a user’s consumption of network resources.
Institution that is authorized to use Access Token of users.
The Authorisation Code is obtained by using an authorisation server as an intermediary between the client and resource owner, which follows the OAuth 2.0 Framework defined in IETF RFC 6749.
Authorisation or Authorise
The process whereby a User authorises a Alipay+ Mobile Payment Partner to debit the User’s Payment Account and make payment to a Merchant.
Authorisation Service Provider
Institution that provides Authorisation services.
An Online Payment product provided by Alipay+ Core Operator, whereby a User enters into an Auto Debit agreement to bind a User Account with a Merchant’s service and enjoy automatic payment for subsequent Transactions.
Whether or how often a system is available for use by its intended users. Because downtime is usually costly, availability is an integral component of security.
USD or CNY
A special component that is deployed at the border of production network to control access to the network. It is the only channel to access the production network and it includes the function of identification authentication, resource authorization and operation audit.
Party to which an amount of money is due.
Institution that processes payments on behalf of beneficiary.
The operation of establishing relationship between items of information that is provided by cryptographic means.
The Distributed Ledger Technology based on Ant Blockchain Platform.
The amount of funds at the anchor owned by Partner registered by the anchor bank on the blockchain ledger.
Bring your own device (BYOD)
Mobile phones, tablets, and other mobile devices brought by the employee to access the office network, which are owned by the employee.
The one who commissions a new IT service, adds major functionality to an existing IT service, and determines when to decommission the service based on lack of functionality or cost.
Any jurisdiction where a Partner has obtained all necessary licenses, permits, approvals and registrations required under Relevant Laws to provide its Partner Products.
At a minimum, cardholder data consists of the full PAN. Cardholder data might also appear in the form of the full PAN plus any of the following: cardholder name, expiration date and/or service code.
An Online Payment product provided by Alipay+ Core Operator, whereby a Merchant redirects a User to the payment page of a Mobile Payment Partner to confirm the Transaction details and Authorise the Payment.
Certificate authority (CA)
An authority trusted by one or more entities to create and sign public-key certificates. Optionally, the certification authority can create the subjects' keys.
Certificate signing request (CSR)
In public key infrastructure (PKI) systems, a certificate signing request (or certification request) is a message or file following PKCS#10 sent from an applicant to a certificate authority in order to apply for a public-key certificate.
The act or process by which data items bound in an existing certificate, especially Authorisations granted to the subject, are changed by issuing a new certificate.
The process of transmitting, aggregating, and netting transaction data and relevant fees for Payments and Refunds, prior to Settlement. Clearing results are concluded in Clearing Files, which contain data but do not actually exchange or transfer funds.
The agreement between Alipay+ and Partner regarding settlement arrangements, including settlement cycle, settlement time, settlement currency, etc.
A period starting from, and including, 00:00 UTC+8 on a given calendar day and ending at, but excluding, 00:00 UTC+8 on the next calendar day.
The files that Alipay+ Core issues on the next calendar day following the daily Cut-off in respect of the relevant Clearing Cycle for Partners to see the details of data that are summarised after netting of the cleared Payments and Refunds. Clearing Files are composed of the following files: (a) Transaction Detail Report, which specifies the transaction details for transactions that were cleared during a Clearing Cycle; (b) Transaction Summary Report, which summarises the total amount of transactions that were cleared during a Clearing Cycle; and (c) Fee Report, which summarises the fee totals for transactions that were cleared during a Clearing Cycle.
Code Directory Service (CDS)
A service provided by a technical platform that facilitates the dynamic maintenance of acquiring information supported by merchants, which can be retrieved from the CDS platform with an index number assigned by the CDS platform to each merchant.
Data that are encoded and stored in the QR code or barcode.
The amount of cash required to be provided by a Partner to Alipay+ Core Operator (or its designated Affiliate) as collateral for the performance of its payment obligations under the Participation Documents, or, as the context may require, the balance of the Collateral provided.
The code presented by a Merchant for a User’s digital wallet to recognise in order to initiate Payment. Collection Code may be a store code or an order code.
Common Business Day
In respect of Alipay+ Core Operator and an Acquiring Partner, a day on which (i) all banks are open for general banking business in the jurisdiction where Alipay+ Core Operator’s relevant Settlement Account is located, China (including Hong Kong) and New York, excluding a Saturday, Sunday or public holiday in any such jurisdiction, and (ii) settlement is available for the Acquiring Partner’s Settlement Currency according to market conventions.
Non-public, proprietary or other confidential information which by its nature or by the circumstances of the disclosure could be, or could reasonably be expected to be, regarded as confidential, whether in oral, written or other form, including: the content and performance of the Participation Documents, business plans, capitalisation tables, budgets, financial statements, costs, prices, and marketing plans, contracts and licences, employee, customer, supplier, shareholder, partner or investor lists, technology, know-how, business processes, trade secrets and business models, notes, sketches, flow charts, formulas, blueprints, and elements thereof, source code, object code, graphical design, user interfaces and other intellectual property, including that of any customer, supplier or other third party (including, in the case of Alipay+ Core Operator, the interface technologies, security protocol and certificate to any other website or enterprise provided by Alipay+ Core Operator). Regardless of whether the Receiving Entity obtains such information solely or partially from the Disclosing Entity, Confidential Information shall not include information that: (i) is or becomes (through no improper action or inaction by the Receiving Entity) generally known to the public; (ii) was in the Receiving Entity’s possession or known by it prior to receipt from the Disclosing Entity; (iii) was lawfully disclosed to the Receiving Entity by a third party and received in good faith and without any duty of confidentiality by the Receiving Entity or the third party; or (iv) was independently developed without use of any Confidential Information of the Disclosing Entity by employees of the Receiving Entity who have had no access to such Confidential Information.
Complete system configuration based on contracted products and rates.
The process of selecting services and conducting contract configuration and contract approval.
Control (including its correlative meanings, Controlled by and under common Control with)
The possession, direct or indirect, of the power either: (a) to vote based upon a holding of 25% or more of the securities, shares, stock, equity interest or comparable ownership interest having voting power; (b) to elect 25% or more of directors of the board (or comparable positions in the case of persons without directors); or (c) to direct or cause the direction of the management and policies of such person whether by contract or otherwise. For the purposes of the Participation Documents, neither Alipay+ Core Operator nor any Partner is Controlled by, or under common Control with, the other merely by reason of entering into the Participation Documents.
Coordinated Universal Time (UTC)
Coordinated Universal Time (abbreviated to UTC) is the primary time standard by which the world regulates clocks and time. It is within about 1 second of mean solar time at 0° longitude, and is not adjusted for daylight saving time.
A settlement method wherein a Partner or Alipay+ Core Operator (as applicable) transfers the relevant Net Settlement Amount to the bank account designated by the other party.
Critical Business Function
A key function that relates to a Payment process, such as payment or account binding.
A Transaction where the applicable Business Territory of the Mobile Payment Partner is different from the jurisdiction where the Merchant is located. A Transaction where the applicable Business Territory of the Mobile Payment Partner and the location of the Merchant are both in the European Economic Area but not in the same country is a Cross-Border Transaction.
The time span during which a specific key is authorized for use or in which the keys for a given system or application remain in effect.
In the context of Alipay+ transaction processing, Currency Exchange refers to the conversion from the settlement currency of one party (e.g. Issuing Partner) to the settlement currency of another party (e.g. Acquirer).
Currency Exchange Service Provider
Institution that provides currency exchange services for Alipay+ and its participants.
The separation point of transaction data between two Clearing Cycles, which is 00:00 UTC+8 on each calendar day.
Any act or attempt, successful or unsuccessful, to gain unauthorised access to, disrupt or misuse the Partner’s System or information stored on the Partner’s System and any attempted or actual breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
Data disposal refers to the disposing of data by using one or a combination of the following techniques: Data Destruction, Data Erasure and Data Deletion. Data destruction refers to the physical destruction of Storage Media so that the data contained within the media is non-recoverable. Data erasure refers to the irreversibly removal Data from Storage Media. Data deletion refers to the removal of data from Storage Media when it is possible to recover the data.
The Data and telecommunication connections between a Partner’s System and Alipay+ Core relevant to the Partner’s use of the Services and to the provision by the Partner of Partner Products.
Data masking involves masking or replacing all or part of an information field, such that the confidentiality of such data is maintained.
Users and Merchants whose Personal Data is collected, officers, connected persons, employees and any other personnel of a Partner and other persons to whom Personal Data collected or used under or as contemplated by the Participation Documents relates.
Decryption is the reverse process of encryption.
The result of a cryptographic transformation of data that, when properly implemented with a supporting infrastructure, provides the services of: · Origin authentication · Data integrity, and · Signer non-repudiation.
A settlement method provided by a bank wherein, pursuant to an instruction by Alipay+ Core Operator, the bank debits the relevant Net Settlement Amount from the Settlement Account of the Mobile Payment Partner pursuant to a standing authority established among the Mobile Payment Partner, Alipay+ Core Operator and the bank.
Director and Officer
A natural person with significant responsibility to control, manage, or direct a legal entity customer, including: (i) An executive officer or senior manager (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer); or (ii) Any other individual who regularly performs similar functions.
The entity disclosing Confidential Information, including its Representatives.
The period for Alipay+ Core Operator and a Partner to fulfill their respective obligations related to Transactions cleared before the commencement of the Disengagement Period.
A Transaction-related dispute.
Distinguished name (DN)
A Distinguished Name (DN) is used in a certificate to identify a certificate owner, or a certificate issuer (certificate authority).
Doing Business As (DBA)
Doing business as.
Doing Business As Name (DBA Name)
A DBA Name is a name displayed by Merchants, other than their registered legal name, at merchant premise, website or other positions where Transactions take place, for Users to recognize the Merchant and Transactions.
A Transaction where the applicable Business Territory of the Mobile Payment Partner is the same jurisdiction as where the Merchant is located. A Transaction where the applicable Business Territory of the Mobile Payment Partner and the location of the Merchant are both in the European Economic Area but not in the same country is not a Domestic Transaction.
Dispute Resolution Platform
One code value can only be used for one transaction. For example, the order code displayed on the merchant's terminal screen or printed on the cashier's receipt. After the user scans the code, the user usually does not need to enter the transaction amount to initiate the payment.
The process of changing plaintext into ciphertext that is unreadable.
All software products have life cycles. End-of-life refers to the date when a software development company no longer provides automatic fixes, updates, or online technical assistance for the product.
Any autonomous element or component within the PKI that participates in one form or another, such as managing or using certificates. An Entity can be a CA, RA, Subscriber, Relying Party (RP), and so on.
After the user scans the code, the App redirects to the page that is not provided by a Issuing Partner, and then the payment request is submitted to the Issuing Partner after completing some corresponding operations.
A process initiated by a Mobile Payment Partner to the relevant Acquiring Partner for a Refund in order to resolve a Dispute via the Alipay+ Partner Workspace.
Any network that is foreign to the Partner, or is out of the Partner's ability to control or manage.
The fees payable by a Partner to Alipay+ Core Operator or vice versa under the Participation Documents.
After a Merchant, an Institution or a Partner accessed Alipay through leased lines, the network connecting the Merchant, the Institution, or the Partner and Alipay need to be protected. Only specified hosts and ports of the firewall can be opened and the most strict access control must be performed by complying with the minimisation principle.
Force Majeure Event
An act of nature, force or cause beyond an entity’s, its Affiliates’ or Representatives’ reasonable control, including: (a) a fire, flood, elements of nature or other acts of God; (b) an outbreak or escalation of hostilities, war, riots or civil disorder, or an act of terrorism; (c) internet, computer, telecommunications or electrical power failures or any other equipment failures; (d) a labour dispute (whether or not the employees’ demands are reasonable or within the entity’s power to satisfy); (e) acts or omissions of a Government Agency prohibiting or impeding the affected entity (or its Affiliates or Representatives) from performing its obligations under the Participation Documents, including orders of domestic or foreign courts or tribunals, governmental restrictions, Sanctions, restrictions on foreign exchange controls, etc.; (f) the non-performance by a third party for any similar cause beyond the reasonable control of the entity; or (g) the occurrence of any epidemic, pandemic or plague.
Fund Transfer Initiator
Institution that initiates fund transfer.
any investigation, order or proceeding by a Government Agency that has adversely affected or is likely to adversely affect in a material respect any of the following: (a) the Partner’s operations or financial condition; (b) the Partner’s ability to meet any of Alipay+ Core’s due diligence requirements or to otherwise comply with its obligations under the Participation Documents; or (c) the reputation of Alipay+ Core Operator, any of its Affiliates or any Partners in Alipay+ Core.
Any government, semi-governmental, statutory, administrative, revenue, fiscal or judicial body, department, commission, authority, agency, court of law, tribunal, stock exchange or other person having jurisdiction in connection with the activities contemplated by the Participation Documents and includes law enforcement bodies/agencies and any body having regulatory or supervisory authority under applicable law over any part of the business or affairs of Alipay+ Core Operator or a Partner.
The process of securing a computer's administrative functions or inactivating those features not needed for the computer's intended business purpose.
The physical elements of a computer system; the computer equipment as opposed to the programs or information stored in a machine.
Hardware Security Module (HSM)
Acronym for “hardware security module” or “host security module.” A physically and logically protected hardware device that provides a secure set of cryptographic services, used for cryptographic key-management functions or the decryption of account data.
Any computer virus or other code which is not intended to serve a legitimate purpose and which is harmful, destructive or disabling or which assists in or enables the theft, alteration, denial of service, unauthorised access to or disclosure, destruction or corruption of information, data or software.
A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions satisfy the following properties: One-way: computationally infeasible to find any input that maps to any pre-specified output; and Collision resistant: computationally infeasible to find any two distinct inputs that map to the same output.
An entity that holds the key or certificate.
Host Security Module (HSM)
Refer to "Hardware Security Module".
Acronym for “hardware security module” or “host security module.” A physically and logically protected hardware device that provides a secure set of cryptographic services, used for cryptographic key-management functions or the decryption of account data.
Hybrid Encryption Algorithm
The identifier for a particular user or application.
Internet Data Center, which is used to house computer systems and associated components, such as telecommunications and storage systems.
Equipment in IDCs, including servers, network devices, storage servers, infrastructures, etc.
Implementation Date means the date when a Partner must complete the implementation according to relevant requirements in the new version Rules or the date when a new service becomes available from Alipay+ Core.
In-Store MPM Payment
An In-Store Payment product provided by Alipay+ Core Operator, whereby a User uses an application provided by a Mobile Payment Partner to recognise the Collection Code presented by a Merchant to initiate a Payment. MPM means Merchant-Presented Mode, the mode where a Merchant displays a code for Users to scan.
A Payment made in person at a Merchant Outlet.
In-Store UPM Payment
An In-Store Payment product provided by Alipay+ Core Operator, whereby a Merchant recognises the Payment Code of a User to initiate a Payment. UPM means User-Presented Mode, the mode where a User displays a code for Merchants to scan.
A system error, bug, incompatibility, or malfunction that affects the provision of Alipay+ Core Partner Products or Alipay+ Core Services (as applicable), or otherwise renders the Partner or Alipay+ Core Operator (as applicable) unable to perform its obligations in the Participation Documents.
Alipay+ Core Operator or a Partner (as applicable) that is entitled to seek indemnification in respect of a claim, under the Participation Documents.
Alipay+ Core Operator or a Partner (as applicable) against which indemnification may be sought in respect of a claim, under the Participation Documents.
Independent Sales Organization (ISO)
Organization that sell services or marketing activities to merchants on behalf of acquirers.
Independent Software Vendor (ISV)
Institution that produce and sell software.
Indirect Acquiring Partner
A person that enters into an Indirect Participation Agreement with an Acquiring Partners and Merchant Agreements with Merchants, enabling acceptance of Mobile Payment Partner Products by its Merchants.
Indirect Participation Agreement
An agreement between an Acquiring Partner and an Indirect Acquiring Partner pursuant to which the Acquiring Partner provides a Partner Product to the Indirect Acquiring Partner enabling its Merchants to accept or submit Transactions.
A living natural person who is the subject of personal information. Such Individuals include customers, potential customers, former customers, other individuals involved in the company’s business offerings, individual staff at other organizations with which the company does business, and employees.
Information asset is generally referred to any item of software, whether owned by Partners or licensed to Partners by an external entity, and wherever stored; any item of hardware that contains a central processing unit or memory; or business application, being a collection of hardware and software instances that are combined to deliver a specific business solution.
Electronic systems and physical components used to access, store, transmit, protect, and eventually dispose of information. Information systems include networks (computer systems, connections to business partners and the Internet, and the interconnections between internal and external systems). Other examples are backup tapes, mobile devices, and other media.
The process of payment service provider and acquirer submitting transaction verification request to the network when they have questions about the original transaction.
In relation to a person, such person: (a) being the subject of a winding-up application which is not dismissed within sixty (60) calendar days; (b) being under administration or in liquidation or provisional liquidation; (c) being subject to any moratorium, stay, judgement entered against it or any arrangement, assignment, compromise or composition with its creditors or any class of its creditors, in each case which prevents it from performing its obligations, or prevents any person from exercising its rights against it, under any contractual arrangements and which is not dismissed within thirty (30) calendar days; (d) ceasing to carry on business; (e) a mortgagee, other secured party, administrative receiver, receiver, receiver and manager, trustee in bankruptcy (or any similar official) enters into possession or control (and remains in possession or control for thirty (30) calendar days or more) of, or disposes of, the whole or any substantial part of the person’s assets or business; (f) disposing of the whole or any substantial part of its assets or business other than in the normal course of business; (g) being or being deemed under any applicable law to be unable to pay its debts as and when they fall due or being insolvent; or (h) something having a substantially similar effect to paragraphs (a) to (g) above happens in connection with that entity under any Relevant Laws.
Refer to definition in Section 4.1 of Alipay+ Core Operation Guide for Cybersecurity.
The network zone that the integrated applications are placed in. The integrated zone needs to be physically or logically isolated from other network zones.
Online testing according to the integration file under testing environment to confirm contracted functions are valid.
Assurance that information is trustworthy and accurate; ensuring that information will not be accidentally or maliciously altered or destroyed (see “Data integrity”).
Internet Data Center (IDC)
Internet Data Center, which is used to house computer systems and associated components, such as telecommunications and storage systems.
An amount to be paid by the Acquiring Partner to Alipay+ Core Operator for each Payment. This amount is then passed on by Alipay+ Core Operator to the relevant Mobile Payment Partner involved in that Payment.
In relation to suspicious activity or transactions or potential non-compliance involving a Partner, such Partner collecting all relevant transaction data and documents (including such transaction data and documents requested by Alipay+ Core Operator), confirming whether there is any suspicious activity or transactions or non-compliance and timely reporting the findings to Alipay+ Core Operator.
A claim against Alipay+ Core Operator as described in Section 11.1.3 of Alipay+ Core Rules: Main Rules or a claim against a Partner as described in Section 11.1.4 of Alipay+ Core Rules: Main Rules, as applicable.
All industrial and intellectual property rights of any kind, including copyright, rights in computer software or source code, trade mark, service mark, design, patent, trade secret, semi-conductor or circuit layout rights, trade, business, domain or company names, moral rights, rights in Confidential Information, know-how or other proprietary rights (whether or not any of these are registered and including any application for registration), and all rights or forms of protection of a similar nature or having an equivalent or similar effect to any of these which may subsist anywhere in the world.
An entity that generates the key or certificate.
Generally referred to any item of software, whether owned by Partners or licensed to Partners by an external entity, and wherever stored; any item of hardware that contains a central processing unit or memory; or business application, being a collection of hardware and software instances that are combined to deliver a specific business solution.
A jump server, jump host, jump box, or secure administrative host is a (special-purpose) computer on a network typically used to manage devices in a separate security zone. The most common example is managing a host in a DMZ from trusted networks or computers.
A key is a unique, generated electronic string of bits used for encrypting, decrypting, creating digital signatures, or validating digital signatures. The key can be the public/private key used in asymmetric cryptography, or the private key used in symmetric cryptography.
Changing the key, or, replacing the key by a new key. The places that use the key or keys derived from it (such as authorized keys derived from an identity key, legitimate copies of the identity key, or certificates granted for a key) typically need to be correspondingly updated. With SSH user keys, it means replacing an identity key by a newly generated key and updating authorized keys correspondingly.
Know Your Business (KYB)
Know your business.
“Know your customer” due diligence and verification as well as Sanctions screening conducted as part of the onboarding processes and on an ongoing basis in accordance with AML Laws and Sanctions.
Late Payment Amount
The total outstanding amount that a Mobile Payment Partner is obliged but fails to pay to Alipay+ Core Operator on a given Settlement Day, in any of the following cases: (a) in the case of Credit Transfer or Direct Debit settlement method, where Alipay+ Core Operator does not receive the full Net Settlement Amount owed by the Mobile Payment Partner to Alipay+ Core Operator before the beneficiary bank cut-off time on the Settlement Day; (b) in the case of Prefunding settlement method, where the Net Settlement Amount exceeds the Prefunding balance in the Settlement Account at the time Alipay+ Core Operator deducts funds from the account for Settlement; or (c) if the Mobile Payment Partner fails to pay Alipay+ Core Operator any other amount owed by the Mobile Payment Partner to Alipay+ under the Participation Documents when such payment falls due.
Late Payment Fee
The fee that Alipay+ Core Operator may charge a Mobile Payment Partner if the Partner fails to fulfill its Settlement obligations.
In relation to a particular Partner, the date on which the Partner first makes a Partner Product generally available to Users or Merchants (as applicable) through use of the Services.
Leased lines are fixed network communication lines used to connect the access platform and Partners, providing dedicated channels for communication and information exchange. Based on the network resources of Access Network, Transmission Network, and Backbone Network of operators, leased lines have better security and privacy. However, the rental price for leased lines is relatively high, and the redundancy configurations need to be conducted based on a negotiation between the access platform and the Partner.
A directive to preserve certain records and information, whether physical or electronic, beyond their scheduled retention period. A legal hold may arise out of litigation or an internal or external investigation. A legal hold is sometimes referred to as a destruction hold, document hold, preservation notice or retention notice.
Institution that provides liquidity through financial instruments.
Local Business Day
In respect of a Partner, a day on which all banks are open for general banking business in the Business Territory of that Partner, excluding a Saturday, Sunday or public holiday in that Business Territory.
Means: (a) in relation to a Partner, the official currency of the relevant Business Territory of the Partner; or (b) in relation to a Merchant, the official currency of the jurisdiction where the Merchant is located.
All claims, damages, losses, liabilities, costs and expenses of any kind and however arising, including legal costs (on a full indemnity basis), penalties, fines and interest, including those which are prospective or contingent and those the amount of which for the time being has not been ascertained or ascertainable.
Marketing Asset Distributor
Institution that distributes marketing assets.
Marketing Asset Issuer
Institution that issues marketing assets.
Marketing Asset Owner
User that owns marketing assets.
Party that provides operations services to a Alipay+’s participants.
Material Rules Change
With respect to a Partner, a change to the Rules that (i) requires mandatory technical or system implementation by the Partner which is not required under Relevant Laws applicable to the Partner and which increases the Partner’s costs in any material respect or (ii) imposes on the Partner any additional or increased fees or charges.
A person that enters into a Transaction with a User which is acquired by an Acquiring Partner or an Indirect Acquiring Partner, as applicable.
An agreement between an Acquiring Partner (or an Indirect Acquiring Partner, as applicable) and a Merchant for the transaction processing and settlement for the Merchant.
The person who collects money at the merchant's business premises.
Merchant Category Code or MCC
A four-digit merchant category code issued by an Acquiring Partner or its Indirect Acquiring Partner (if applicable) with respect to a Merchant by reference to the Alipay+ MCC Standards.
Merchant Display Name
A name displayed by a Merchant at its stores, Online Store or other locations where Transactions take place, for Users to recognize the Merchant (which is not the Merchant’s registered legal name).
Merchant ID or MID
The unique identifier given by an Acquiring Partner or its Indirect Acquiring Partner (if applicable) to each of its Merchants which conforms to the methodology for allocating Merchant IDs specified by Alipay+ Core Operator.
A fixed place of business or physical location operated by a Merchant where the goods or services are made available for sale to Users and where Mobile Payment Partner Products are accepted.
Merchant Settlement Currency
It means the currency in which a Merchant of an Acquiring Partner get settled from the Acquiring Partner.
Minimum Prefunding Amount
The minimum amount a Partner should maintain in Alipay+'s designated account to cover the estimated Settlement amounts in a Settlement Cycle. The Minimum Prefunding Amount is reasonably determined by Alipay+ based on the Partner’s estimated business volume, Settlement Cycle, number of holidays, and Alipay+'s internal assessment results, and should be at least equal to the Partner’s Net Settlement Amount for three Transaction Days
Mobile Payment Partner
A Partner in its capacity as a payment service provider where it issues a Mobile Payment Partner Product to a User, enters into a User Agreement with a User or processes a Transaction for a User.
Mobile Payment Partner Products
Partner Products offered by Mobile Payment Partners to Users to enable the Users to discharge payment obligations to Merchants through the use of, or in reliance on, the Services.
Mobile Payment Provider
A Mobile Payment Partner participating in Alipay+ Core or other user- or issuer-facing payment service provider cooperating with a member of Ant Group to enable payments.
MPP Settlement Currency
It means any currency in which Alipay+ and a Mobile Payment Partner settle their respective obligations under Chapter 4 Clearing and Settlement which shall be specified in the Participation Agreement and, unless otherwise specified in the Participation Agreement.
Multi-currency Pricing Service
A service offered by an Online Merchant to identify a Mobile Payment Partner’s applicable Business Territory and display the price of goods or services in the Local Currency of the Mobile Payment Partner.
Multi-currency Pricing Transaction
A Transaction completed with Multi-currency Pricing Service.
National Institute of Standards and Technology (NIST)
Non-regulatory federal agency within U.S. Commerce Department's Technology Administration.
Net Credit Position
Means when a Net Settlement Amount is receivable by the Partner from Alipay+ Core Operator.
Net Debit Position
Means when a Net Settlement Amount is payable by the Partner to Alipay+ Core Operator.
Net Settlement Amount
The net amount in the Settlement Currency resulting from the calculation process described in Section 18.104.22.168 of Alipay+ Core Rules: Main Rules, which is set forth in the Settlement Report.
Network Address Transition
After Partners accessed Alipay+ through leased lines, to protect the IP address and intranet information of both sides, the IP addresses of both sides are converted to virtual addressed. The business interactions between Partners and Alipay+ are completed with virtual address.
Include, but are not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances.
Acronym for “National Institute of Standards and Technology.” Non-regulatory federal agency within U.S. Commerce Department's Technology Administration.
Non-Removable Storage Media
Non-Removable Storage Media includes all permanently installed Storage Media, including Computer Internal Hard Disk Drive (HDD) (this includes laptops) and Enterprise Storage (also referred to as DASD-Direct Access Storage Device).
Use of a mature back-office business system or product, which does not involve development, data analysis or data mining functions.
Work areas where employees support and realize objects and goals of the organization.
The process of merchant and acquirer becoming AAC participant through KYC, KYB authentication, and contract signing.
A Merchant that makes its goods or services available for sale through an Online Store. Where a Merchant operates both a Merchant Outlet and Online Store, the Merchant shall only be treated as an Online Merchant in respect of Transactions that take place at its Online Store.
A Payment initiated through a Merchant’s Online Store.
A website or application (or equivalent) operated by a Merchant or (as applicable) an online platform or marketplace operated by a Merchant or Indirect Acquiring Partner, by means of which goods or services are made available for sale over the internet or other electronic network.
A system that supports and manages software applications. Operating systems allocate system resources, provide access and security controls, maintain file systems, and manage communications between end users and hardware devices.
Any change in business operations that is caused by a rule change, for instance, a change in information disclosure procedure.
Operational readiness review
The inspection of the actual system characteristics and the procedures used in the system or end product’s operation, ensuring that all system and support hardware, software, personnel, procedures, and user documentation accurately reflect the deployed state of the system.
Operation and Maintenance (O&M)
O&M involves maintaining, repairing, and replacing if necessary devices, equipment, machinery, building infrastructure, and supporting utilities in industrial, business, governmental, and residential installations.
The code presented by merchant for user to scan and identify the order, and make payment.
Other unattended devices and end-point equipment
Printer, scanner, multimedia devices, fax machine, etc.
A suite of smaller chunks of source code that contains everything necessary to execute only one aspect of the desired functionality of a software program.
The Alipay+ Participation Agreement entered into between Alipay+ Core Operator and a Partner, as amended or restated from time to time in accordance with the terms thereof.
With respect to a Partner, the Rules, the Participation Agreement, and any other agreement entered into by Alipay+ Core Operator (or its Affiliate) and the Partner in relation to Alipay+ Core that is expressed to be a Participation Document.
An entity with which Alipay+ Core Operator has a Participation Agreement, and, as the context requires, a reference to the Partner, in relation to a particular set of Participation Documents, means the Partner so named in the relevant Participation Agreement that forms a part of those Participation Documents.
The hardware and software used by the Partner to interface with Alipay+ Core to use Services.
A product or service issued, provided or distributed by the Partner (or, in the case of an Acquiring Partner, by the Partner’s Indirect Acquiring Partners, if any) to the Partner’s Users or Merchants (as applicable), which (directly or indirectly) uses or relies upon one or more Services.
The total amount that a payment agent can use for initiating transactions, usually consisting of a prepaid amount and a postpaid amount granted by the liquidity provider.
Software code that replaces or updates other code. Frequent patches are used to correct security flaws.
Party that owes an amount of money to the beneficiary.
Institution that processes payments on behalf of payer.
The transfer of a Transaction amount from a User to a Merchant which is routed, cleared and settled through Alipay+ Core.
An account of a User through which a Mobile Payment Partner or a third party service provider provides services enabling the User to place funds into the account and execute Payments with the funds held in the account or any credit line that the Mobile Payment Partner or third party service provider provides to the account. Examples of such an account include an e-money account, debit card, credit card or bank account.
The Service provided by Alipay+ Core through which a Merchant can cancel an original Payment request.
Payment card information
Payment card information includes Cardholder Data and Sensitive Authentication Data, as specified in the latest version of Payment card Industry Data Security Standard (PCI DSS). a. Cardholder Data includes primary account number (PAN), cardholder name, expiration date and service code; b. Sensitive Authentication Data includes full track data (PAN), CAV2/CVC2/CVV2/CID, PINs/PIN blocks.
The code presented by a User for Merchants to recognise and initiate a Payment request.
A confirmation message from a Mobile Payment Partner to Alipay+ Core, or from Alipay+ Coreto the Acquiring Partner, that a Payment has been confirmed successfully. It can be a “success” response to Payment request, a “success” Payment Status Notification, or a “success” response to a Payment Status Inquiry.
Payment Status Inquiry
The Service provided by Alipay+ Core through which an Acquiring Partner can send an inquiry to Alipay+ Core regarding a payment status.
Payment Status Notification
The notification made by a Mobile Payment Partner through Alipay+ Core to notify the corresponding Acquiring Partner whether a Payment has been authorised successfully.
Alipay+ Core transfer payment request from acquirer to payment service provider.
Any multi-participant system (other than Alipay+ Core) or other payment scheme for the routing, clearing or settlement of financial transactions, including local payment systems such as national card schemes, fast payment systems, and low-value or high-value payment clearing and settlement systems, as well as international card schemes.
The Payment Card Industry Data Security Standard.
Any form of storage that retains data even when being out of power supply.
Permitted Disclosure and Uses
The permitted disclosures and uses of Personal Data as set out in Section 7.3.1 of Alipay+ Core Rules: Main Rules.
A personal account is an account or ID that is assigned to a single individual user. Each individual needs to be identified with a unique user account or ID and is fully accountable for its usage.
Any information relating to an identified or identifiable natural person (an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person) and any other information defined in Relevant Laws as “personal data”, “personal information” or similar terms relating to privacy and data protection.
Physical space, buildings and other related environmental factors that allow Partners to operate normally.
Acronym of “personal identifiable information”. PII is any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual. Sensitive PII is any PII that can be used to distinguish an individual's identity, and which, if lost, compromised, or disclosed without authorization, could result in substantial harm, direct financial loss or personal injury to an individual. Sensitive PII includes the following data elements: a) personal identification number, such as social security number, passport number, drivers’ license number; b) account number, credit or debit card number; c) any security code, access code, password or certificate that would permit access to an individual’s financial account; and d) biometric records, such as retina scan, voice signature, facial geometry. Non-sensitive PII is any PII excluding Sensitive PII.
A planned service launch, service upgrade, system maintenance, infrastructure adjustment, or other operation of a Partner that is relevant to Alipay+ Core, or of Alipay+ Core that is relevant to a Partner, as applicable.
A promotional event that is planned by a Partner and is related to Transactions processed through Alipay+ Core.
In this specification, platform refers to Alipay+ or AMS.
A settlement method wherein a Mobile Payment Partner must maintain sufficient funds for settlement in the bank account designated by Alipay+ Core Operator, which is deemed to be the Settlement Account for purposes of the Participation Documents.
Pretty Good Privacy (PGP)
An encryption that uses a serial combination of hashing, data compression, symmetric-key cryptography, and finally public-key cryptography; each step uses one of several supported algorithms.
Relevant Laws relating to privacy and data protection, including those which regulate the collection, storage, use or disclosure of Personal Data.
A cryptographic key, used with a public-key cryptographic algorithm, which is uniquely associated with an entity and is not made public. In an asymmetric (public) cryptosystem, the private key is associated with a public key.
An account that provides elevated or enhanced access to Partners owned or managed production environments (including, for example systems, platforms, databases, network devices and applications).
Any operation or set of operations performed upon NPI, such as the collection, storage, alteration, retrieval, use, disclosure, combination, erasure or destruction of NPI.
Data essential to complete day-to-day business tasks and processes.
The public key of an entity, together with some other information, rendered unforgeable by digital signature with the private key of the certification authority (CA) that issued it.
The public part of an asymmetric key pair that is typically used to verify signatures or encrypt data.
Quick response code as defined in ISO/IEC 18004.
The entity receiving the Confidential Information, including its Representatives.
A partial or full return of a Payment initiated by an Acquiring Partner.
A message sent by Alipay+ Core to an Acquiring Partner or a Mobile Payment Partner confirming that the Refund has been successfully processed.
Government body that supervises a particular industry or business activity.
With respect to a Partner or the Alipay+ Core Operator (as applicable), any law, statute, rule, regulation, licence condition, directive, treaty, judgment, order, guideline, decree, permit or injunction of any Government Agency, including any common law, and includes Sanctions, ABC Laws, AML Laws and laws, rules and regulations regarding Data, privacy, credit, financial services, market and consumer protection, in each case that is applicable to such Partner or the Alipay+ Core Operator (as the case may be).
Devices connect remotely to the institution’s network, which are either institution-owned or personally owned.
With respect to Alipay+ Core Operator or a Partner (as applicable), such person’s Affiliates and its and its Affiliates’ employees, directors, officers, agents (including Settlement Agents), auditors, advisers, partners, consultants, joint ventures, third party service providers (including Technical Service Providers), contractors or sub-contractors or any other person that acts at the direction of, or on behalf of, such party or its Affiliate in connection with the Participation Documents or Alipay+ Core. Unless otherwise expressly provided to the contrary in the Rules, with respect to a Partner, that Partner’s Users, Merchants and Indirect Acquiring Partners, acting in such respective capacities, are not Representatives for this purpose.
Owner of Access Token.
A request from a Mobile Payment Partner for information or documents via the Alipay+ Partner Workspace when a Mobile Payment Partner or its User has concerns regarding a Transaction.
Risk Service Provider
Institution that provides risk control services.
A router is a networking device that forwards data packets between accessed participants and Alipay+ Core. The router needs to support both static configuration and routing protocols such as OSPF or SLA.
RSA digital signature mechanism (RSA)
A digital signature mechanism defined in PKCS#1.
(a) with respect to each Partner, Alipay+ Core Rules: Main Rules, including all schedules hereto; (b) with respect to any Partner located in the European Economic Area or the United Kingdom and any Partner in relation to Partner Products provided by it within such jurisdictions, Alipay+ Core Rules: Europe Region Chapter; (c) with respect to any Partner whose Business Territory is Malaysia and only with respect to Cross-Border Transactions involving it, Alipay+ Core Rules: Malaysia Chapter; and (d) if such Partner’s Participation Agreement is dated on or before October 1, 2022, Alipay+ Core Rules: Legal Chapter (unless otherwise specified in the Participation Agreement), in each case, published by Alipay+ Core Operator and as amended or replaced by Alipay+ Core Operator from time to time in accordance with Section 1.2.2 of Alipay+ Core Rules: Main Rules.
An individual or an entity that is currently the subject or target of any Sanctions (including the Specially Designated Nationals and Blocked Persons list maintained by the United States Department of Treasury, Office of Foreign Assets Control and any similar list). This includes entities which are 50% or more owned or controlled by a Sanctioned Party.
The economic and trade sanctions laws and related regulations, rules or restrictive measures administered, enacted or enforced by a Sanctions Authority.
The Office of Foreign Assets Control, the United States Department of State, the United Nations Security Council, the European Union, Her Majesty’s Treasury of the United Kingdom, the Ministry of Public Security of the People’s Republic of China, the Ministry of Commerce of the People’s Republic of China or any other relevant Government Agency responsible for the administration, enactment or enforcement of Sanctions.
Platform that connects acquirers, payment service providers, payer agent, and beneficiary agent and provides payment switch and clearing, and other value added services for connected institutions. E.g. Alipay+。
Any applicable requirements, mandates and rules imposed by, a Local Payment System or a Cross-border Payment Scheme from time to time.
Acronym for “Sensitive Data Environment”. The people, processes and technology that store, process, or transmit sensitive data. Refers to Section 4.1 of Alipay+ Core Operation Guide for Cybersecurity for more details.
A cryptographic key that is used with a secret-key (symmetric) cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.
The process of creating and implementing applications that are resistant to tampering and/or compromise.
Secure Hash Algorithm (SHA)
Secure socket layer (SSL)
An umbrella term that might be used to describe multiple different approaches to test the security of different types of targets. These include scanning, vulnerability assessments, penetration tests, and functional security tests of custom applications, database, operating systems, and network topologies.
Refers to any data center, server room or any area that houses systems that store, process, or transmit sensitive data.
Sensitive authentication data
Security-related information (including but not limited to card validation codes/values, PINs, and PIN blocks) used to authenticate cardholders and/or authorize payment card transactions.
User Data and data about, or derived from, the process of Authorisation.
Sensitive Data Environment
The people, processes and technology that store, process, or transmit Sensitive Data.
An amount of transaction fees paid by a Partner to Alipay+ Core Operator with respect to the interchange of a Payment.
Monday to Sunday from 00:00 to 24:00, including all worldwide public holidays.
Service Level Agreement (SLA)
An agreement which specifies the service level.
The services set out in Section 1.1 of Alipay+ Core Rules: Main Rules, as may be supplemented or amended from time to time by Alipay+ Core Operator.
A semi-permanent interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user.
The process of calculating the Net Settlement Amount with respect to each Partner in Settlement Reports and then the relevant party completing the Settlement Funds Transfer on the Settlement Day for all Payments and Refunds (and any other amounts) that are cleared during a Settlement Cycle.
A bank account or other account established and maintained for making Settlement Funds Transfer in respect of a Settlement Currency.
Settlement Account Servicer
Institution that provides settlement account service to the settlement account owner.
An institution engaged by a Mobile Payment Partner to settle funds related to transactions processed through Alipay+ Core on behalf of the Mobile Payment Partner to Alipay+ Core Operator.
The agreement between Alipay+ and Partner regarding settlement arrangements, including settlement cycle, settlement time, settlement currency, etc.
A currency in which Alipay+ Core Operator or a Partner, as applicable, fulfils its Settlement obligations, which is specified in the Participation Agreement.
A daily period starting from, and including, 00:00 UTC+8 on one calendar day and ending at, but excluding, 00:00 UTC+8 on the next calendar day, unless otherwise specified in the Participation Agreement.
The day on which Alipay+ or the Partner is required to settle the Net Settlement Amount, which is specified in the Participation Agreement.
Settlement Exchange Rate
For a particular currency pair, the relevant exchange rate as determined by Alipay+ and disclosed to each Partner in each Settlement Report or otherwise published by Alipay+ by notice to the Partner via Alipay+ Core or a foreign exchange portal maintained by Alipay+ from time to time.
Include Clearing Files and the Settlement Report.
Settlement Funds Transfer
The transfer of a Net Settlement Amount from a Partner to Alipay+ or from Alipay+ to a Partner (as applicable) on a Settlement Day, according to the Settlement Report.
Institution that provides fund settlement services.
A report in respect of a Settlement Cycle that Alipay+ Core generates for each Mobile Payment Partner and Acquiring Partner, respectively, on the Settlement Day.
The secure file transfer protocol.
The Singapore International Arbitration Centre.
An irreversible cipher (signature) that is generated by the information sender, which is sent to the receiver together with the original information.
The information receiver verifies whether the original information and signature received are matched.
The process of generating an ID and initializing a login password by filling in email address and basic information.
SM2 digital signature mechanism
A digital signature mechanism defined in ISO/IEC14888-3:2016/AMD1.
SM3 hash algorithm
A hash algorithm defined in ISO/IEC10118-3:2018.
Generally refers to system software (e.g. Operating system, utilities and firmware) and application software (e.g. Microsoft Office) which the computer is able to execute.
The same code value is used for multiple transactions. For example, the store code printed on the merchant's materials, after the user scans the code, it is usually necessary to enter the transaction amount before the payment can be initiated.
All devices that have the capability to store electronic data, including Removable Storage Media and Non-Removable Storage Media. Removable Storage Media includes all transportable Storage Media, including but not limited to Compact Disk (CD), Digital Versatile Disk (DVD), External Hard Disk Drive, Flash Drive, Magnetic Tap, etc.
Each operation place of a merchant.
The code presented by merchant for user to scan and identify the merchant, and make payment.
Supported Local Currency
Any Local Currency supported by Alipay+ as a Settlement Currency. The list of Supported Local Currency as of the latest Rules publication date is specified in Schedule 1 Supported Local Currencies.
Any specified event giving rise to a right of Alipay+ Core Operator to suspend Services pursuant to Section 12.1 of Alipay+ Core Rules: Main Rules.
A system performance indicator that measures the total periods of Alipay+’s or a Partner’s (as applicable) normal business operations in a given month.
System Components include network devices, servers, computing devices, and applications. Examples of system components include but are not limited to the following items: • Systems that provide security services (for example, authentication servers), facilitate segmentation (for example, internal firewalls), or might impact the security of (for example, name resolution or web redirection servers) the Partner’s trusted zone; • Virtualization components such as virtual machines, virtual switches/routers, virtual appliances, virtual applications/desktops, and hypervisors; • Network components including but not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances; • Server types including but not limited to web, application, database, authentication, mail, proxy, Network Time Protocol (NTP), and Domain Name System (DNS); • Applications including all purchased and custom applications, including internal and external (for example, Internet) applications; and • Any other component or device located within the Partner’s trusted zone.
Company that markets commercial integrated software and hardware systems.
System Response Time
An API response time indicator (round-trip time) for a Partner’s System to interact with Alipay+ Core, or for Alipay+ Core to interact with the Partner’s System, as applicable, to support positive User experience.
Systems development life cycle (SDLC)
An approach used to plan, design, develop, test, and implement an application system or a major modification to an application system.
All federal, state, provincial, territorial, county, municipal, local or foreign taxes, including sales, use, licence, excise, goods and services, value added, stamp or transfer taxes, duties, imposts, levies, assessments, tariffs, fees, charges or withholdings of any nature whatsoever levied, imposed, assessed or collected by a taxation authority together with all interest, penalties, fines or other additional amounts imposed in respect thereof, but excludes any taxes that are based on net income and imposed by the jurisdiction in which the relevant entity is incorporated or resident for tax purposes.
Relevant Laws in relation to Taxes, including identification of persons for purposes related to Taxes.
Any update to Partner’s System to comply with a rule change.
Technical Service Provider
A service provider that is engaged by a Partner to provide technical integration and/or transaction processing services to the Partner with regard to transactions processed through Alipay+ Core.
Technical documents issued by Alipay+ Core Operator for Partners to set up connection with Alipay+ Core and integrate Services with the Partner’s System.
A written notice of termination issued by Alipay+ Core Operator or a Partner in accordance with the Participation Documents.
Data specifically identified for use in tests, typically to verify that a given set of input to a given function produces yields the expected result. Test data does not contain any meaningful information.
Third Party Claim
Any claim of any third party in respect of which the Indemnified Entity may seek indemnity under the Rules.
Third party service provider(s)
An entity that have access to or hold the IT assets of Partners, by contract or otherwise. Such services include but not limited to information technology advisory service, application design and development, operations and maintenance, data processing and storage, security managed services, etc.
Conditions or activities that have the potential to cause information or information processing resources to be intentionally or accidentally lost, modified, exposed, made inaccessible, or otherwise affected to the detriment of the organization.
TLS/SSL client certificate
A certificate that is used to verify the authentication of an End-Entity to a server when a connection is being established through a Secure Socket Layer/Transport Layer Security (SSL/TLS) session (secure channel).
TLS/SSL server certificate
A certificate that is used to verify the authentication of a web or application server to the client when a connection is being established through a Secure Socket Layer/Transport Layer Security (SSL/TLS) session (secure channel).
A small device with an embedded computer chip that can be used to store and transmit electronic information. A soft token is a software-based token.
Includes registered and unregistered trade marks and service marks, as well as any and all variations, modifications or enhancements to each of them, whether created before or after the effective date of a Partner’s Participation Agreement.
The transaction between a Merchant and a User in respect of goods or services, which gives rise to a Payment.
It means, in relation to a Transaction to which a Partner is a party, the value of such Transaction.
The currency in which a Merchant and a User conclude a Transaction.
The Clearing Cycle during which a Transaction occurs.
A transfer path between Payer Agent and Beneficiary Agent, including Partners such as Liquidity Provider, Currency Exchange Service Provider and Anchor Bank.
Transit QR Code
A Payment QR code for a specific scenario in the transportation industry, which is characterised by the ability to complete transaction verification when both the acceptance terminal and the App are offline (with no network access).
A channel in which the end points are known and data integrity is protected in transit. Depending on the communications protocol used, data privacy might be protected in transit. Examples include secure socket layer, internet protocol security and a secure physical connection.
The maximum Anchor issued Blockchain balance that a remittance participant wants to possess.
Ultimate Beneficial Owner (UBO)
Each natural person who ultimately owns or controls 25% or more of the legal entity customer and/or each natural person on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a legal person or arrangement. “Ultimately owns or controls” and “ultimate effective control” refer to situations in which ownership/control is exercised through a chain of ownership or by means of control other than direct control.
Any fraudulent Transaction or any other Transaction which has not been authorised by a User which occurs in relation to that User Account.
The operation of removing the established relationship between items of information that is provided by cryptographic means.
Network that is external to the networks belonging to an organization and which is out of the organization’s ability to control or manage.
Uniform Resource Locator
An individual who has entered into a User Agreement with, and obtains a Partner Product from, a Mobile Payment Partner.
An account or user profile of a User, comprising (i) the credentials and registration information for that User with the Mobile Payment Partner and (ii) if applicable, one or more associated Payment Accounts.
An agreement between a Mobile Payment Partner and a User for provision of payment services (including processing and settlement) for that User.
User Payment Currency
The currency in which a User of a Mobile Payment Partner funds his/her Payment Account or otherwise settles to the Mobile Payment Partner.
Coordinated Universal Time.
The information receiver verifies whether the original information and signature received are matched.
Value date, in finance, is the date when the value of an asset that fluctuates in price is determined. The value date is used when there is a possibility for discrepancies due to differences in the timing of asset valuation. It usually applies to forward currency contracts, options and other derivatives, interest payable or receivable.
The virtual account number assigned by Alipay+ to Partners to identify the source of funds for the purpose of fulfilling Settlement obligations
Virtual private network (VPN)
A VPN extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
A hardware, firmware, or software flaw that leaves an information system open to potential exploitation; a weakness in automated system security procedures, administrative controls, physical layout, internal controls, etc., that could be exploited to gain unauthorized access to information or to disrupt critical processing.
App installed in user's mobile device, with functions such as payment.