Glossary of PCI Terms

Here is a glossary of terms associated with PCI.

Approved Scanning Vendor (ASV)

In order to be PCI Compliant, you will require a successful scan certificate from an Approved Scanning Vendor. An ASV will certify you that you are up to all the technical requirements. ASVs are enlisted by PCI SSC on the basis of their performance.

Audit log

It is the record of activities of system up to a certain date; but it should have enough details to track back sequence of events that go from the beginning of transaction to the end.

Card holder Data (CD)

Cardholder data contains full Primary Account Number (PAN). Cardholder data also contains the following information:

· Name of the Cardholder
· Expiration Date
· Service Code (optional)

Card holder Data Environment (CDE)

It is an environment containing all the processes and technology including the people that process, transmit or store customer cardholder information or authentication information. CDE also includes connected system components and virtualization technology like applications, servers etc.

Encryption

The conversion of text into coded form is known as encryption. Only the people having the specific decrypting codes can get access to such data and only through a specific cryptographic key this data can be accessed. This puts a barrier between unauthorized disclosure and the encryption and decryption process.

File Integrity Monitoring

This concludes if the files or logs have been changed or altered in any way. When specific important files or logs are changed, PCI sends notifications and alerts to the security personnel.

Firewall

This technology keeps the network protected from unauthorized access by limiting or stopping traffic among networks having different security level based on specific criteria. Hosting options of PCI Compliance has various types of firewalls, including dedicated firewall appliances, virtual private firewalls, and shared firewalls.

Intrusion Detection Service (IDS)

This is the software or hardware that gives alerts about network or system intrusions. This system might have alert sensors, a centralized logging system and monitoring options to keep track of events.

Intrusion Prevention Service (IPS)

It is same as the Intrusion Detection Service, while IDS detects the intrusions the IPS tries to prevent the intrusions or possibly block the intrusions detected by the IDS.

Penetration Test

This is a test conducted on applications and network and also on processes and controls, to check any vulnerability and to know about how much at risk is the security and how openly can security be accessed or breached.

Primary Account Number (PAN)

The Primary Account Number is also known as unique payment card number or account number that gives details about the cardholder account and the issuer, it is used for either credit or debit cards.

Private Network

Private networks consider using private IP address space and their access must be protected through firewalls and routers from a public network.

Service Provider

Service provider is a non-payment brand entity that processes, stores or transmits payment cardholder data. Any company that affects the security of the payment cardholder information is included as the service provider, i.e. a company providing management services or a company providing hosting services by managing firewalls, IDS, etc.

BuyerShield® ASV PCI Compliance brings peace of mind and security to your business and utilizes robust security analysis for thousands of know vulnerabilities, and more are added every day.