Glossary of PCI terms
0 likes147 views
This document provides definitions for key terms related to PCI compliance. It defines terms like Approved Scanning Vendor, which certifies an organization's compliance; Audit Log, which records system activities; Cardholder Data, which contains customers' payment information; and Cardholder Data Environment, which includes all systems that store or process payment data. It also defines security concepts like Encryption, File Integrity Monitoring, Firewalls, Intrusion Detection and Prevention Systems, Penetration Testing, and Private Networks.
Glossary of PCI terms
- 1. Glossary of PCI Terms
- 2. Here is a glossary of terms associated with PCI. Approved Scanning Vendor (ASV) In order to be PCI Compliant, you will require a successful scan certificate from an Approved Scanning Vendor. An ASV will certify you that you are up to all the technical requirements. ASVs are enlisted by PCI SSC on the basis of their performance.
- 3. Audit log It is the record of activities of system up to a certain date; but it should have enough details to track back sequence of events that go from the beginning of transaction to the end.
- 4. Card holder Data (CD) Cardholder data contains full Primary Account Number (PAN). Cardholder data also contains the following information: · Name of the Cardholder · Expiration Date · Service Code (optional)
- 5. Card holder Data Environment (CDE) It is an environment containing all the processes and technology including the people that process, transmit or store customer cardholder information or authentication information. CDE also includes connected system components and virtualization technology like applications, servers etc.
- 6. Encryption The conversion of text into coded form is known as encryption. Only the people having the specific decrypting codes can get access to such data and only through a specific cryptographic key this data can be accessed. This puts a barrier between unauthorized disclosure and the encryption and decryption process.
- 7. File Integrity Monitoring This concludes if the files or logs have been changed or altered in any way. When specific important files or logs are changed, PCI sends notifications and alerts to the security personnel.
- 8. Firewall This technology keeps the network protected from unauthorized access by limiting or stopping traffic among networks having different security level based on specific criteria. Hosting options of PCI Compliance has various types of firewalls, including dedicated firewall appliances, virtual private firewalls, and shared firewalls.
- 9. Intrusion Detection Service (IDS) This is the software or hardware that gives alerts about network or system intrusions. This system might have alert sensors, a centralized logging system and monitoring options to keep track of events.
- 10. Intrusion Prevention Service (IPS) It is same as the Intrusion Detection Service, while IDS detects the intrusions the IPS tries to prevent the intrusions or possibly block the intrusions detected by the IDS.
- 11. Penetration Test This is a test conducted on applications and network and also on processes and controls, to check any vulnerability and to know about how much at risk is the security and how openly can security be accessed or breached.
- 12. Primary Account Number (PAN) The Primary Account Number is also known as unique payment card number or account number that gives details about the cardholder account and the issuer, it is used for either credit or debit cards.
- 13. Private Network Private networks consider using private IP address space and their access must be protected through firewalls and routers from a public network. Service Provider Service provider is a non-payment brand entity that processes, stores or transmits payment cardholder data. Any company that affects the security of the payment cardholder information is included as the service provider, i.e. a company providing management services or a company providing hosting services by managing firewalls, IDS, etc.