Summary

To help you better navigate the world of Information Technology (IT) audits and common terms, we have created a glossary of PCI terms.

PCI terms can be confusing, especially when their acronyms are used without providing definitions or context clues. Understanding these terms is vital to ensuring that your company can pass required audits and meet compliance regulations. To help you better navigate the world of Information Technology (IT) audits and common terms, we have created a glossary of PCI terms.

Glossary of Common PCI Terms

Approved Scanning Vendor (ASV)

PCI compliance states that you must an approved scanning vendor must provide you with a scan certificate. The scan certificate will certify that you have met all established technical requirements. The PCI Security Standards Council has an up to date list of all approved ASVs.

Audit Log

An audit log is an official record of system activities up to a specific time or date. The record should clearly detail the sequent of events from the beginning of a transaction all the way to its end.

Cardholder Data (CD)

Cardholder data can contain a repertoire of information, including: Primary Account Number (PAN), cardholder name (as it appears on the card), expiration date, and / or the service code.

Cardholder Data Environment (CDE)

The CDE refers to the processes and technology that has access to the cardholder data. It is important to note that CDE can also include the people that will store, process, or transmit the cardholder data. It can also include the virtual components, connected systems components, and methods used to authenticate cardholder data.

Encryption

Encryption is used to convert digitally stored information into an unreadable form. When information is encrypted, a cryptographic key will have to be used to transform the information back into a readable form. Encryption is used to help protect against the unauthorized disclosure of information.

File Integrity Monitoring

For security and information protection, the integrity of files must be closely monitored. Should the critical files or logs be altered, then an alert must be sent to the appropriate security personnel in accordance with PCI compliance standards.

Firewall

A firewall is a critical component of network security. As their name suggests, firewalls are built to prevent unauthorized access from accessing networks. PCI compliant hosting options will have several types of firewalls that can be used to protect networks; these entities include shared firewalls, managed firewalls, virtual private firewalls, and a dedicated firewall appliance.

Intrusion Detection Service (IDS)

Cyber threats can occur on software and hardware. IDS is the alert used to tell security personnel about triggered intrusion events. These alerts can be customized to monitor centralized logging systems, record events, and monitor specific software and hardware solutions.

Intrusion Prevention Service (IPS)

Like an IDS, an IPS is designed to prevent successful intrusions into software or hardware.

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS is a national standard that all merchants who store, process, or transmit cardholder data must meet. It was created by a joint effort between Visa, MasterCard, American Express, JCB International, and Discover.

Penetration Test

As its name suggests, a penetration test is designed to assess network and application security. It is also used on the controls and processes that are meant to protect networks and applications. The penetration test is critical in the identification of risks and vulnerabilities to networks and applications. This type of testing is often conducted on both internal and external networks.

Primary Account Number (PAN)

PAN is the unique card number that is used to identify a specific issuer and cardholder. It is typically assigned to both credit and debit cards.

Private Network

Private IP addresses are used to create private networks. Access to these networks should be protected by firewalls, as well as routers.

Service Provider

The service provider is typically a non-payment business entity that is instrumental in processing, storing, and transmitting credit cardholder data. There are several types of service providers.

System Components

System components include network entities, such as firewalls, routers, switches, and other important security appliances. System components are also made up of server types, such as database, web, and authentication. Applications, including Internet-based, internal, and external, are part of the system component. The system component is a part of the CDE when it is used to store, transmit, or process credit cardholder data. In short, IT infrastructures, including those of third-party providers, that are a part of the CDE must meet PCI compliance laws.

Two-Factor Authentication

This type of authentication is used for additional security. Two-factor authentication requires user authentication via two or more factors, such as a user password and a pin sent via text or email. Other two-factor authentication examples include a software or hardware token, biometric scans, and fingerprints.

Improve Your Compliance Understanding Today

This blog post should serve as your introductory guide to the most common PCI terms. To further alleviate any confusion, and to offer in-depth explanations of the various terms associated with PCI compliant regulations, our team is standing by to offer their expertise. Whether you are beginning to prepare for an audit, or want to ensure that you are compliant, we invite you to contact us via phone 215-675-1400. We invite you to experience “Audits without Anxiety!”™ by filling out our online form to request a quote for a compliance check today.

Author Picture

Request a Quote

Get hassle-free pricing in 3 easy steps:

  • Step 1: Send us a message
  • Step 2: Allow us to create a customized plan
  • Step 3: We’ll get you an accurate, no-obligation quote
[form_name]

Start Here

Request a Quote

Please fill out the fields below and one of our specialists will contact you shortly. Want to speak to us now? Call us at (866) 335-6235

Request a Quote (ACTIVE)

I.S. Partners is serious about privacy. We will never share your information with third parties. Please read our Privacy Policy for more information.

Sending
I.S. Partners

Your choice regarding cookies on this site

This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.