Skip to main content

System Status: 

Cash & Merchant Services Glossary

Review a glossary of terms for Cash & Merchant Services.

Field Name Description
Cardholder A person who has a credit or debit card.
Cardholder Data All personally identifiable information associated with the cardholder including: cardholder name, expiration date, account number, address, social security number, etc.
Data-Flow Diagram A diagram showing how data flows through an application, system, or network.
DSS Acronym for “Data Security Standard".
Encryption Encryption is the conversion of data into a form, called a ciphertext that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood.
Firewall Hardware and/or software technology that protects network resources from unauthorized access. A firewall permits or denies computer traffic between networks with different security levels based upon a set of rules and other criteria.
Merchant Any entity that accepts credit or debit cards as payment for goods and/or services.
Network Two or more computers connected together via physical or wireless means.
Network Security Scan Process by which an entity’s system is remotely checked for vulnerabilities through use of manual or automated tools. Security scans that include probing internal and external systems and reporting on services exposed to the network. Scans may identify vulnerabilities in operating systems, services, and devices that could be used by malicious individuals.
PA-DSS Acronym for “Payment Application Data Security Standard.”
PAN Acronym for “primary account number” and also referred to as “account number.”
PCI Acronym for “Payment Card Industry.”
PCI DSS Acronym for “Payment Card Industry Data Security Standard.”
Penetration Test Penetration tests attempt to identify ways to exploit vulnerabilities to circumvent or defeat the security features of system components. Penetration testing includes network and application testing as well as controls and processes around the networks and applications, and occurs from both outside the environment (external testing) and from inside the environment.
PIN Acronym for “personal identification number.” Secret numeric password known only to the user and a system to authenticate the user.
QSA Acronym for “Qualified Security Assessor.” QSAs are qualified by PCI SSC to perform PCI DSS assessments.
ROC Acronym for “Report on Compliance.” Report documenting detailed results from an entity’s PCI DSS assessment.