Questions? Contact Us


Latest News

Featured News & Events

PCI Glossary of Terms: Frequently Used Terms for PCI Compliance

The world of PCI DSS (Payment Card Industry Data Security Standards) is a fairly new industry requirement in the rapidly evolving world of online credit card transactions. With the first draft of standards coming on the scene in 2004, the PCI Security Standards Council (SSC) has since released seven updates aimed at encouraging merchants to keep up with the ever-changing threat of data breaches and cyber attacks on card holder data.

That's a lot to keep track of for any business, but for small merchants sometimes it can feel like you need a cipher to decode what it all means. This list of the most common PCI terms can help you get started on decrypting the complex world of PCI requirements:

Acquirer – also referred to as "merchant bank," "acquiring bank" or "acquiring financial institution: The entity, typically a financial institution, that processes payment card transactions for merchants and is defined by a payment brand as an acquirer.

Anti-Virus – A program or software capable of detecting, removing and protecting against various forms of malicious software (also known as malware) including viruses, worms, Trojans or Trojan horses, spyware, adware and rootkits.

ASV – Acroynym for "Approved Scanning Vendor." This is a company approved by the PCI SSC to conduct external vulnerability scanning services.

Audit Log – Also referred to as "trail log." A chronological record of system activities. Provides an independently verifiable trail sufficient to permit reconstruction, review and examination of sequence of environments and activities surrounding or leading to operation, procedure or event in a transaction from inception to completion.

Card Verification Code or Value (CVV) – A data element on a credit card's magnetic stripe that uses secure cryptographic processes to protect data integrity on the stripe; For Discover, JCB, MasterCard and Visa cards, this feature is a three-digit numeric code in the upper right hand corner on the back of the card tied to each individual piece of plastic and ties to the PAN (Primary Account Number). On an American Express branded credit card it is a four-digit numeric code on the front of the card.

Cardholder Data – May appear as the full primary account number (PAN) and could also include the cardholder name, expiration date and or service code.

Change Control – Processes and procedures to review, test and approve changes to systems and software for impact before implementation.

Disk Encryption – Technique or technology (either software or hardware) for encrypting all stored data on a device (for example a hard disk or flash drive).

Encryption – Process of converting information into an unintelligible form except to holders of a specific cryptographic key.

Masking – A method of concealing a segment of data when displayed or printed. Relates to protection of PAN.

Monitoring – Use of systems or processes that constantly oversee computer or network resources for the purpose of alerting personnel in case of outages, alarms or other predefined events.

Multi-Factor Authentication – Method of authenticating a user whereby at least two factors are verified. The factors may include something the user has (such as a smart card or dongle), something the user knows (such as a password, passphrase or PIN), or something the user does (such as fingerprints).

NTP – Acronym for "Network Time Protocol": A protocol for synchronizing the clocks of computer systems, network devices and other system components.

Patch Management – Regularly updating existing software to add functionality or to correct a defect.

Penetration Test – A deliberate attempt to identify ways to exploit vulnerabilities to circumvent or defeat the security features of a system's components. This includes network and application testing as well as controls and processes around the networks and applications, and occurs from both outside the environment (external testing) and inside the environment.

QSA – Acronym for "Qualified Security Assessor": This is a professional assessor qualified by the PCI SSC to perform PCI DSS on-site assessments.

Secure Coding – The process of creating and implementing applications that are resistant to tampering and or compromise.

Sensitive Authentication Data – Security-related information (i.e. card validation codes from a stripe or chip or PINs) used to authenticate cardholders and or authorize payment card transactions.

Service Provider – A business entity that is not a payment brand, directly involved in the processing, storage or transmission of cardholder data on behalf of another entity.

Track Data – Also referred to as "full track data" or "magnetic stripe data": This is data encoded in the magnetic stripe or chip used for authentication and or authorization during payment transactions.

Vulnerability Scan – An automated process that detects and classifies computers, computer systems, networks or applications for weaknesses. Vulnerabilities are flaws or weaknesses, if exploited, may result in an intentional or unintentional compromise of a system.

As a PCI Level 1 service provider, ZZ Servers offers end-to-end PCI enabled hosting solutions. 

Each PCI enabled environment is custom designed to meet the needs of every business we serve. 

To review a complete list of PCI terms visit

To learn more about ZZ Servers' PCI solutions click here.

PCI Compliance is All Day Every Day
Why PCI Compliance is Important to Your Business

Related Posts


Tag Cloud

credit card payment backup solutions cyber monday BSides TLS Control Panel PCI Hosting QSA TiaraCon World Backup Day David Zendzian eCommerce Solutions Sysadmin GDPR Hackers social engineering Debian PCI DSS 3.2 vps HIDS shared hosting Xen Charleston security circles Scalable Redundant Cloud Infrastructure Hosting PCI Service Provider kerio PCI Solutions Health Care Cybersecurity shared secure hosting Las Vegas information technology Credit Cards compliance password Positive Customer Impact physical bash phishing arduino business passwords PCI Data Security Standards health care providers anti virus IT solutions Reports ZZ Servers Co-Founder Health Insurance Portability protect data Cybersecurity Business Solutions PCI compliance activesync log files Domani Names business solutions Presentation video cyber monitoring safe computing exchange sender policy VPS Servers PCI CentOs assesment Announcement Healthcare Records cybersecurity cli personal information DEF CON teensy blackberry InterWorx OSSEC cyber education windows 7 Medical Solutions permissions Internet Corporation Zendzian IT security IT services Payment Card Industry command line IT Solutions Linux cell phone email support ICANN shared server small business Accountability Act Continuous Monitoring vulnerability scanning PCI Compliance credit card National Cyber Security Awareness Month recovering data IT cyber security Server Mangement healthcare solutions smartphone Alarm mail server two factor authentication Email lamp Shmoocon INFOSEC multi-factor authentication trends HIPAA Solutions vyatta router firewall filter security PCI HIPAA embedded Ubuntu business solitions caller-id spam Home Depot Breach Internet malicious software pci complliant hosting amazon ec2 Credit Card Security SSL email accounts dss Business Planning Cybersecurity Compliance HIPAA qsa dsbl Vulnerability Disaster Recovery Plan Business Solutions data privacy HIPPA IT Services Web Hosting cyber liability insurance Information Technology Windows Small Business Cloud Computing iphone Internet infrastructure change Car Hacking follow.The HIPAA Privacy Rule ZZ Servers physical security security Geekend data protection Security intrusion detection spf openssl computer networks Assigned Names shared folders Firetalk motivation employee training hosting control panel Medical Records ipad infrastructure data breach compliant hosting HIPAA solutions members area management computer security phishing attacks apache business community businesses cyber protection black friday Interworx-CP cloud spoofing logical security network search computing in the cloud Online Business eCommerce PCI Audit cloud infrastructure DRP credit cards stolen