For more information contact us on:
T:0118 948 2588
E:enquiries@ackltd.co.uk
------------------------------------
PCI DSS
The ACK solution >More
The ACK solution diagram >More
PCI
background >More
Frequently
asked questions >More
Information resource >More
Glossary of terms used within PCI >More
Why acronyms cost retailers money >More
PABP
Information resource on Payment Application Best Practice >More
Glossary of PCI terms
| Access control | Measures that limit access to information or information processing resource to those unauthorised people or applications. |
| Account harvesting | A method to determine existing user accounts based on trial and error. Giving too much information in an error message can disclose information that makes it easier for an attacker to penetrate or compromise the system. |
| Account number | The payment card number (credit or debit) that identifies the issuer and the particular account holder. |
| Acquirer | A bankcard association member that initiates and maintains relationships with merchants that accept Visa, MasterCard or Amex cards. |
| Asset | Information or information processing resources of an organisation. |
| Audit log | A chronological record of system activities that is sufficient to enable the reconstruction, reviewing and examination of the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in a transaction from its inception to final results. Sometimes referred to as a security audit trail. |
| Authentication | The process of verifying identity of a subject or process. |
| Authorisation | The granting access or other rights to a user, program or process. |
| Backup | A duplicate copy of data made for archiving purposes or for protecting against damage or loss. |
| Card Validation Code | The three digit value printed on the signature panel of a card used to verify card holder not present transactions. On a MasterCard this is called CVC2. On a Visa payment card this is called CVV2. |
| Cardholder | The customer to whom a card has been issued or the individual authorised to use the card. |
| Cardholder data | All personally identifiable data about the cardholder i.e. account number, expiration date, date of issue, etc. |
| Compromise | An intrusion into a computer system where unauthorised disclosure, modification or destruction of cardholder data may have occurred. |
| Console | A screen and keyboard which allows access and control of the server/mainframe in a networked environment. |
| Consumer | Individual purchasing goods and or services. |
| Cookies | A string of data exchanged between a web server and a web browser to maintain a session. Cookies may contain user preferences and personal information. |
| Database | A structured format for organising and maintaining information that can be easily retrieved. A simple example of a database is a table or a spreadsheet. |
| Default accounts | A system login account that has been predefined in a manufactured system to permit initial access when the system is first put into service. |
| Default password | The password on system administration or service accounts when a system is shipped from the manufacturer, usually associated with the default account. Default accounts and password are published and well known. |
| Dual control | A method of preserving the integrity of a process by requiring that several individuals take some action before certain transactions are completed. |
| DMZ | De-militarised zone. A network added between a private and a public network in order to provide an additional layer of security. |
| Egress | Traffic leaving the network. |
| Encryption | The process of converting information into a form unintelligible to anyone except holder of a specific cryptographic key. Use of encryption protects information between the encryption process and the decryption process against unauthorised disclosure. |
| Firewall | Hardware and/or software that protects the resources of one network from users of another network. |
| Host | The main hardware on which software is resident. |
| Information security | Protection of information for confidentiality, integrity and availability. |
| Ingress | Traffic entering a network. |
| Intrusion detection systems | An intrusion detection system inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attach from someone attempting to break into or compromise a system. |
| IP address | An IP address is a numeric code that identifies a particular computer on the internet or internal network. |
| IP spoofing | A technique used to gain unauthorised access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host. |
| ISO 8583 | An established standard for communicating between financial systems. |
| Key | In cryptography, a key is a value applied using an algorithm to unencrypted text to produce encrypted text. The length of the key generally determines how difficult it will be to decrypt the text in a given message. |
| Magnetic stripe data | Data encoded in the magnetic stripe used for authorisation during a card present transaction. |
| Monitoring | A view of activity on a network. |
| Network | A network is two or more computers connected to each other so they can share resources. |
| Network Address Translation (NAT) | The translation of an Internet Protocol address (IP address) used within one network to a different IP address known within another network. |
| Non consumer users | Any user, excluding consumer customers, that access systems, including but not limited to, employees, administrators and third parties. |
| Password | A string of characters that serve as an authenticator of the user. |
| Patch | A quick repair job for a piece of programming. |
| Penetration | The successful act of bypassing the security mechanisium of a system. |
| Penetration test | The security orientated probing of a computer system or network to seek out vulnerabilities that an attacker can exploit. |
| System perimeter scan | A non intrusive test which involves probing external facing systems and reporting on the services available to the external network. |
| Policy | Organisational level rules governing acceptable use of computing resources, security practices and guiding development of operational procedures. |
| Procedure | A procedure provides the descriptive narrative on the policy to which it applies. A procedure tells the organisation how a policy is to be carried out. |
| Protocol | An agreed upon method of communication used within networks. A specification that describes the rules and procedures products should follow to perform activities within the network. |
| Risk analysis | Also known as risk assessment, a process that systematically identifies valuable system resources and threats to those resources, quantifies loss exposures based on estimated frequencies and costs of occurrence, and recommends how to allocate resources to countermeasures so as to minimise total exposure. |
| Router | A router is a piece of hardware or software that connects two or more networks. A router functions as a sorter and interpreter as it looks at IP addresses and passes bits of information to their proper destinations. |
| Sanitisation | To delete sensitive data from a file, a device, or a system; or modify data so that data is useless for attacks. |
| Security Officer | The person who takes primary responsibility for the security related affairs of the organisation. |