DOCSLIB.ORG

PCI Awareness Training Glossary of Terms

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
PCI Awareness Training Glossary of Terms PCI Awareness Training Glossary of Terms Analog Phone Line Analog electrical signal; A compliant method for transmitting cardholder data. Attestation of Compliance Typically signed by a Qualified Security Assessor or Security Assessor. (AOC) Card Verification Code (CVC) Data element on a card's magnetic stripe that uses secure cryptographic process to protect data integrity on the stripe, and reveals any alteration or counterfeiting. Referred to as CAV, CVC, CVV, or CSC depending on payment card brand. Cardholder Data (CHD) Full magnetic stripe or the primary account number including cardholder name, expiration date, and service code. Cardholder Data Environment Cardholder Data Environment, for IP-connected devices that process credit (CDE) cards, and devices that affect the security of said devices. CERTIFI Compliant Electronic Receipt Transactions through Innovation and Financial Integrity. A committee established by the University in order to implement and manage the directives of the Payment Card Industry Security Standards Council, NACHA and the electronic commerce requirements set forth by the North Carolina Office of the State Controller and North Carolina State legislature. EMV Chip located on the front of most credit cards. Chip ClientLine FirstData’s merchant transaction reporting tool. Credit Card Number A unique number used in a financial transaction that identifies a particular credit card account. Fiserv Formerly know as First Data. This is North Carolina's contracted processor and merchant bank. Front-end Software Program used to collect data or communicate a set amount of information. Information Security Office The University’s Information Security Office oversees the security of the University’s electronic information. The Information Security Office is (ISO) responsible for coordinating and ensuring that information security across Version 01292020 PCI Awareness Training Glossary of Terms the University is consistent with industry best practices and the University’s compliance obligations. To meet these objectives, the Information Security Office develops information security policies and oversees the implementation of strategic information security initiatives for the University. Merchant A University department or unit that is authorized to accept credit card payments for goods or services provided to customers. Merchant Identification (MID) Typically this is a 12-digit number issued by Fiserv (Formerly First Data) beginning with the digits 419. Payment Gateway Service provider responsible for communicating payment information from the front end software to the acquiring bank. PCI Data Security Standard The compliance requirements that have been established by the major card (PCI DSS) brands Visa, Mastercard, American Express, Discover Card with the objective of improving the safekeeping of cardholder information and the prevention of system breaches. This is the payment card compliance standard that the University adheres to. PCI DSS Compliant The status of a merchant who has fulfilled all the requirements of the the PCI DSS. PCI Security Standards Council A global open body formed to develop, enhance, disseminate and assist (PCI SSC) with the understanding of security standards for payment account security. Point of Sale (POS) Terminal A device used to take customer card payments via swipe, dip, insert, tap, or manual entry. Primary Account Number Unique payment card number (typically for credit or debit cards) that (PAN) identifies the issuer and the particular cardholder account. Qualified Security Assessor A company approved by the PCI Security Standards Council to validate an (QSA) entity’s adherence to PCI DSS requirements. Self-Assessment Pronounced "sack"; an annual compliance documentation. Questionnaire Service Provider Business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity. This also includes companies that provide services that Version 01292020 PCI Awareness Training Glossary of Terms control or could impact the security of cardholder data. Examples include managed service providers that provide managed firewalls, IDS and other services as well as hosting providers and other entities. If an entity provides a service that involves only the provision of public network access – such as a telecommunications company providing just the communication link – the entity would not be considered a service provider for that service (although they may be considered a service provider for other services). Validated Point-to-Point The only encryption devices qualified to complete a SAQ P2PE. Encryption Version 01292020 .
Load more

Recommended publications
  • How Can Private Sector Systems Achieve Public Policy Goals?
    Faster Payments in the United States: How Can Private Sector Systems Achieve Public Policy Goals? Fumiko Hayashi June 2015 RWP 15-03 Faster Payments in the United States: How Can Private Sector Systems Achieve Public Policy Goals?∗ Fumiko Hayashi† June 2015 Abstract Consumers and businesses are increasingly expecting faster payments. While many countries have already developed or are in process of developing faster payments, the availability of these payments is fragmented in the United States. The recently released paper by the Federal Reserve encourages private sector participants to provide faster payment services. However, private- sector faster payments systems will face significant challenges in achieving public policy goals of ubiquity, safety, and efficiency unless system governance represents broad public interests. One way to better align private-sector interests with those of the public is for the Federal Reserve to influence governance of the private-sector systems through its leadership role. JEL Classification: L5; L88; M14 Keywords: Faster payments, System governance, Public interest ∗ The author thanks Kelly Edmiston and Richard J. Sullivan for valuable comments, and Elizabeth Cook for editorial suggestions. The views expressed herein are those of the author and do not necessarily reflect the views of the Federal Reserve Bank of Kansas City or the Federal Reserve System. † Fumiko Hayashi is a senior economist at the Federal Reserve Bank of Kansas City. E-mail: [email protected]. 1 1. Introduction In the wake of technological innovations such as high-speed data networks and sophisticated mobile computing devices, consumers and businesses have raised their expectations for faster payments. Payment users increasingly expect electronic payment products to be accessible through mobile and online channels at any time.
    [Show full text]
  • EMF Implementing EMV at The
    Implementing EMV®at the ATM: Requirements and Recommendations for the U.S. ATM Community Version 2.0 Date: June 2015 Implementing EMV at the ATM: Requirements and Recommendations for the U.S. ATM Community About the EMV Migration Forum The EMV Migration Forum is a cross-industry body focused on supporting the EMV implementation steps required for global and regional payment networks, issuers, processors, merchants, and consumers to help ensure a successful introduction of more secure EMV chip technology in the United States. The focus of the Forum is to address topics that require some level of industry cooperation and/or coordination to migrate successfully to EMV technology in the United States. For more information on the EMV Migration Forum, please visit http://www.emv- connection.com/emv-migration-forum/. EMV is a trademark owned by EMVCo LLC. Copyright ©2015 EMV Migration Forum and Smart Card Alliance. All rights reserved. The EMV Migration Forum has used best efforts to ensure, but cannot guarantee, that the information described in this document is accurate as of the publication date. The EMV Migration Forum disclaims all warranties as to the accuracy, completeness or adequacy of information in this document. Comments or recommendations for edits or additions to this document should be submitted to: ATM- [email protected]. __________________________________________________________________________________ Page 2 Implementing EMV at the ATM: Requirements and Recommendations for the U.S. ATM Community TABLE OF CONTENTS
    [Show full text]
  • Apple Pay Different Card Number on Receipt
    Apple Pay Different Card Number On Receipt Unstack and unceasing Caldwell still swingles his buccaneers brightly. Sometimes mycelial Yancey souvenirs her cistuses frequently, but Typhonian whippletreesYancey circumnutating objectionably. demonstratively or lights aerobically. Adaxial and right-angled Hamid creolizes her chickweeds unclosed while Ajay invigilates some No owner signature on card issuers provide product price hikes or other than other parts of an issue might be required to see Wrong card payment receipt Apple Community. What furniture I do ship I sell my new watch practice get most new device? Using Apple Pay is lever and safe. Next visit the receipt the card numbers are you must communicate with apple pay for paying online banking action not update your card features. These are on apple pay one account number that card receipts typically this is paying with the receipt of apple? Receipts generated by Adyen have been certified as compliant by these card schemes that show support. What is Apple Pay Macy's Customer discount Site. Voyager card security code, or on time frames for your purchase date, provided from citi will have an email but our cookies to card different currency other. This terrible CVS receipt shows why Apple Pay has music to shovel from. But if you ever get as free appetizer, simply follow the simmer step instructions. Apple pay on apple wallet, receipts and different payment until the receipt? How nearly I yearn more information about International orders? How youth Use Apple Wallet Lifewire. Healthcare Card is be suspended. What cards on apple pay one more information to provide receipts using credit numbers of paying with no number, circumstances or receipt.
    [Show full text]
  • Payment Processing European Acquiring
    Payment Processing European Acquiring: Merchant Operating Guide Version 2.1 Latest Update 19-01-18 Paysafe Holdings UK Limited Page 1 <Document Name> Version <1.0> Paysafe Group Plc Date dd.mm.yyyy CONTENTS IMPORTANT INFORMATION ............................................................................. 3 PURPOSE OF THIS GUIDE .................................................................................. 3 CNP TRANSACTION (CARD NOT PRESENT (CNP) – E-COMMERCE, MAIL AND TELEPHONE ORDER ................................................................................................ 3 3D SECURE .................................................................................................................................................. 4 CARD SECURITY CODE (CSC)/ CARD VERIFICATION VALUE (CVC) AND ADDRESS ................................................. 4 NEGATIVE LIST .............................................................................................................................................. 5 ORDER VELOCITY MONITORING ....................................................................................................................... 5 IP ADDRESS AND BLOCK LISTS .......................................................................................................................... 5 FURTHER ADVICE ........................................................................................................................................... 7 SHIPPING GOODS AND PROVIDING SERVICES .......................................................................................................
    [Show full text]
  • PCI) PIN Transaction Security (PTS) Point of Interaction (POI
    Payment Card Industry (PCI) PIN Transaction Security (PTS) Point of Interaction (POI) Modular Security Requirements Version 3.0 April 2010 Document Changes Date Version Description February 2010 3.x RFC version April 2010 3.0 Public release Payment Card Industry PTS POI Security Requirements v3.0 April 2010 Copyright 2010 PCI Security Standards Council LLC Page i Table of Contents Document Changes ..................................................................................................................... i About This Document ............................................................................................................... iv Purpose.....................................................................................................................................iv Scope of the Document.............................................................................................................iv Main Differences from Previous Version................................................................................... v Process Flow for PTS Approval ................................................................................................vi Foreword ................................................................................................................................... vii Evaluation Domains .................................................................................................................vii Device Management ................................................................................................................vii
    [Show full text]
  • Merchant Integration Guide
    PAYFORT Merchant Integration Guide Document Version: 10.0 July, 2019 PayFort PayFort Merchant Integration Guide Copyright Statement All rights reserved. No part of this document may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without the prior written permission from PayFort Corporation. Trademark 2014-2019 PayFort ©, all rights reserved. Contents are subject to change without prior notice. Contact Us [email protected] www.PayFort.com 2014-2019 PayFort ©, all rights reserved 2 PayFort PayFort Merchant Integration Guide Contents 1. FORT in a Glimpse .......................................................................................................................... 11 2. About this Document ........................................................................................................................ 12 2.1 Intended Audience .................................................................................................................... 12 3. Request/ Response Value Type ....................................................................................................... 13 4. Before Starting the Integration with FORT........................................................................................ 14 5. Redirection ....................................................................................................................................... 15 Authorization/ Purchase URLs .................................................................................................
    [Show full text]
  • Who Can Benefit from the Banks' Brexit?
    February 2017 Issue 540 www.cardsinternational.com WHO CAN BENEFIT FROM THE BANKS’ BREXIT? • ANALYSIS: Contactless UK • MOBILE: BIM • GUEST COMMENTS: PPRO Group & Aprimo • COUNTRY SURVEYS: Bahrain, Lithuania & Portugal CI 540 new.indd 1 03/02/2017 14:11:46 Simple, secure and effortless digital solutions for fi nancial services organisations To fi nd out more please visit: www.intelligentenvironments.com @IntelEnviro Intelligent Environments is an international provider of innovative mobile and online solutions for fi nancial services providers. Our mission is to enable our clients to deliver a simple, secure and effortless digital experience to their own customers. We do this through Interact®, our single software platform, which enables secure customer acquisition, engagement, transactions and servicing across any mobile and online channel and device. Today these are predominantly focused on smartphones, PCs and tablets. However Interact® will support other devices, if and when they become mainstream. We provide a more viable option to internally developed technology, enabling our clients with a fast route to market whilst providing the expertise to manage the complexity of multiple channels, devices and operating systems. Interact® is a continuously evolving technology that ensures our clients keep pace with the fast moving digital landscape. We are immensely proud of our achievements, in relation to our innovation, our thought leadership, our industrywide recognition, our demonstrable product differentiation, the diversity of our client base, and the calibre of our partners. For many years we have been the digital heart of a diverse range of fi nancial services providers including Atom Bank, Generali Wealth Management, HRG, Ikano Retail Finance, Lloyds Banking Group, MotoNovo Finance, Think Money Group and Toyota Financial Services.
    [Show full text]
  • Guidelines for Contactless ATM Transactions – a Guide for ATM Owners and Operators
    Guidelines for Contactless ATM Transactions – A Guide for ATM Owners and Operators Version 2.0 Publication Date: July 2019 U.S. Payments Forum ©2019 Page 1 About the U.S. Payments Forum The U.S. Payments Forum, formerly the EMV Migration Forum, is a cross-industry body focused on supporting the introduction and implementation of EMV chip and other new and emerging technologies that protect the security of, and enhance opportunities for payment transactions within the United States. The Forum is the only non-profit organization whose membership includes the entire payments ecosystem, ensuring that all stakeholders have the opportunity to coordinate, cooperate on, and have a voice in the future of the U.S. payments industry. Additional information can be found at http://www.uspaymentsforum.org. About the ATM Working Committee The U.S. Payments Forum ATM Working Committee explores the challenges of EMV migration for the U.S. ATM industry, works to identify possible solutions to challenges, and facilitates the sharing of best practices with the various industry constituents, with the goal result being more positive EMV migration experience for consumers. EMV is a trademark owned by EMVCo LLC. Copyright ©2019 U.S. Payments Forum and Secure Technology Alliance. All rights reserved. The U.S. Payments Forum has used best efforts to ensure, but cannot guarantee, that the information described in this document is accurate as of the publication date. The U.S. Payments Forum disclaims all warranties as to the accuracy, completeness or adequacy of information in this document. Comments or recommendations for edits or additions to this document should be submitted to: [email protected].
    [Show full text]
  • Terms & Conditions for the Issuance and Use of a Debit
    TERMS & CONDITIONS FOR THE ISSUANCE AND USE OF A DEBIT CARD Československá obchodná banka, a. s. (hereinafter simply the “Bank”) in accordance with Act No. 492/2009 Coll. on payment services and on the amendment of certain acts, as amended, and in accordance with the Card Association Rules, issues the following Terms & Conditions for the Issuance and Use of a Debit Card (hereinafter simply the "Terms & Conditions"). I. General provisions 1. These Terms & Conditions arrange relations between the Bank and Cardholder that arise upon the issuance and use of Debit Cards. 2. The Bank issues to the Cardholder a Debit Card (hereinafter simply the “Payment Card”) according to the current range in respect of the Account Holder’s current account denominated in euros; and specific types of Payment Cards in respect of an account/accounts denominated in selected foreign currencies (hereinafter simply the “account”), on the basis of an Application for the Issuance and Use of a Debit Card (hereinafter simply the “Application”), and which upon its signing by the Cardholder and the Bank becomes a part of the respective account. The current range of Payment Cards and accompanying Complementary Services is published by the Bank in information materials available at all Bank branches or on the website www.csob.sk. 3. Legal relationships relating to the issuance and use of Payment Cards are governed primarily by Act no. 40/1964 Coll. the Civil Code, as amended (hereinafter simply the “Civil Code”), Act no. 492/2009 Coll. on payment services and on the amendment of certain acts, as amended (hereinafter simply the “Payment Services Act”) and Act no.
    [Show full text]
  • Payment Card Industry Data Security Standard (PCI DSS)
    ] * * * * * * * [ FIRSTNAME LASTNAME FIRSTNAME 5490 2345 8670 8921 8670 2345 5490 THRU BANK NAME BANK VALID 08/19 Payment Card Industry Data Security Standard (PCI DSS) Protecting Cardholder Data Since our organization handles cardholder data, we have to understand and follow the security regulations known as PCI DSS. This newsletter explains what those standards are and how we must follow them. © SANS Institute 2017 Payment Card Industry Data Security Standard (PCI DSS) Credit cards have become the primary way people make purchases, especially with the growth of online shopping. Credit cards are incredibly convenient, allowing people to make large purchases almost anywhere in the world. However, credit cards also have risks. Cyber criminals are actively trying to steal credit card information. If they steal credit card data, they can create physical copies of the credit card or use the information for online purchases. The more credit cards criminals steal, the more money PCI DSS they can make. As a result, many criminals no longer target individuals, but organizations like ours that store, process, or transfer cardholder data. To reduce credit card fraud, five members of the payment card industry (Visa, MasterCard, American Express, Discover, and JCB) joined together to develop security standards for any organization that stores, transmits, or processes cardholder data. This set of standards is referred to as the Payment Card Industry’s Data Security Standard, or PCI DSS. Since our organization handles cardholder data, we must understand and abide by these rules. Cardholder data includes the payment card number (known as a Primary Account Number, or PAN) and any associated account information, including the cardholder’s name, the payment card’s expiration date, the three or four-digit verification code, and any other authentication data related to the cardholder.
    [Show full text]
  • Important Business Client Card Information
    E-FORM 12263 BAR (05-2010) RBC ROYAL BANK (BARBADOS) LIMITED IMPORTANT BUSINESS CLIENT CARD INFORMATION Please read the following important information about your Business Client Card and Personal Identification Number (PIN). 24 HOUR LOST/STOLEN CLIENT CARD EMERGENCY NUMBERS If your card is lost or stolen, immediately call one of the following numbers (collect calls are accepted) : Bahamas: (242) 326-2273 Cayman: (345) 949-8409 Barbados: (246) 431-6777 Antigua/ Dominica/ Montserrat/ St. Kitts/ St. Lucia: 1-888-847-5803 or (246) 431-6777 YOUR CONFIDENTIAL PIN (Personal Identification Number) Your PIN is acombinationof numbers or letters, selected by you, for your use only. It is your electronic signature and identifies you as the authorized user of your Business Client Card. Your PIN, together with your Business Client Card, enables you to securely conduct transactions through automated banking terminals. Keep your PIN private and confidential. Please read your 24 Hour Business Service Agreement carefully. Selecting your PIN Protecting your Client Card and PIN Select numbers, letters or acombination Keep your Business Client Card in a safe place and never lend it to anyone. that will be easy for you to remember. Always keep your Business Client Card in full view when conducting a Select a PIN based on information transaction known only to you - never select num- at banking machine (ABM) or Direct Payment retailer; avoid being distracted. bers or words that can be easily obtained or guessed by others, such as Never disclose yourPINto anyone, including financial institutionemployees, law name, address, telephone number, birth enforcement agencies or family members.
    [Show full text]
  • Barclaycard Business Essentials Important Information for You and Your Business
    C M Y K PMS ??? PMS ??? PMS ??? PMS ??? Non-printing Colours Variable COLOUR JOB LOCATION: PRINERGY 3 Barclaycard business essentials Important information for you and your business BCD114808BKB52 BCD114808BKB52.indd 1 12/01/2016 19:09 C M Y K PMS ??? PMS ??? PMS ??? PMS ??? Non-printing Colours COLOUR COLOUR JOB LOCATION: PRINERGY 3 Welcome to Barclaycard business essentials In this issue we’re updating you on the important changes to the settlement platform and the way you process pre-authorisation transactions on a day-to-day basis. You can also discover how MasterCard is revising its codes to simplify the way they report chargebacks and the introduction of their new 2 series Bank Identification Numbers (BINs) – plus much more. So please take some time to read each article, as some of the updates may require you to take action. We hope you find this issue useful in keeping your business compliant and in the loop today. Kind regards Sharon Manikon Commercial Director Icon key Action required Important information BCD114808BKB53 BCD114808BKB53.indd 1 12/01/2016 19:08 Prepare for the new MasterCard 2 series Bank Identification Numbers (BINs) C M Y K PMS ??? The background: PMS ??? What’s a Bank Identification Number (BIN)? PMS ??? A BIN is a unique six-digit number used to identify a card issuer. It’s part of the PMS ??? payment card number, which is normally 16 digits long. Non-printing Colours What’s changing? COLOUR From October 2016, MasterCard will start issuing debit and credit cards with COLOUR JOB LOCATION: BINs starting with a two.
    [Show full text]