2. Here is a glossary of terms associated with PCI.
Approved Scanning Vendor (ASV)
In order to be PCI Compliant, you will require a successful scan
certificate from an Approved Scanning Vendor. An ASV will certify
you that you are up to all the technical requirements. ASVs are
enlisted by PCI SSC on the basis of their performance.
3. Audit log
It is the record of activities of system up to a certain date; but it
should have enough details to track back sequence of events that go
from the beginning of transaction to the end.
4. Card holder Data (CD)
Cardholder data contains full Primary Account Number (PAN).
Cardholder data also contains the following information:
· Name of the Cardholder
· Expiration Date
· Service Code (optional)
5. Card holder Data Environment (CDE)
It is an environment containing all the processes and technology
including the people that process, transmit or store customer
cardholder information or authentication information. CDE also
includes connected system components and virtualization technology
like applications, servers etc.
6. Encryption
The conversion of text into coded form is known as encryption. Only
the people having the specific decrypting codes can get access to such
data and only through a specific cryptographic key this data can be
accessed. This puts a barrier between unauthorized disclosure and the
encryption and decryption process.
7. File Integrity Monitoring
This concludes if the files or logs have been changed or altered in any
way. When specific important files or logs are changed, PCI sends
notifications and alerts to the security personnel.
8. Firewall
This technology keeps the network protected from unauthorized
access by limiting or stopping traffic among networks having different
security level based on specific criteria. Hosting options of PCI
Compliance has various types of firewalls, including dedicated
firewall appliances, virtual private firewalls, and shared firewalls.
9. Intrusion Detection Service (IDS)
This is the software or hardware that gives alerts about network or
system intrusions. This system might have alert sensors, a centralized
logging system and monitoring options to keep track of events.
10. Intrusion Prevention Service (IPS)
It is same as the Intrusion Detection Service, while IDS detects the
intrusions the IPS tries to prevent the intrusions or possibly block the
intrusions detected by the IDS.
11. Penetration Test
This is a test conducted on applications and network and also on
processes and controls, to check any vulnerability and to know about
how much at risk is the security and how openly can security be
accessed or breached.
12. Primary Account Number (PAN)
The Primary Account Number is also known as unique payment card
number or account number that gives details about the cardholder
account and the issuer, it is used for either credit or debit cards.
13. Private Network
Private networks consider using private IP address space and their
access must be protected through firewalls and routers from a public
network.
Service Provider
Service provider is a non-payment brand entity that processes, stores
or transmits payment cardholder data. Any company that affects the
security of the payment cardholder information is included as the
service provider, i.e. a company providing management services or a
company providing hosting services by managing firewalls, IDS, etc.