Skip to main content

Glossary D-I

Updated

D

Data-Flow Diagram: A diagram showing how and where data flows through an entity’s applications, systems, networks, and to/from external parties.

Default Account: Login account predefined in a system, application, or device to permit initial access when the system is first put into service. Additional default accounts may also be generated by the system as part of the installation process.

Default Password: Password on system administration, user, or service accounts predefined in a system, application, or device; usually associated with default account. Default accounts and passwords are published and well known, and therefore easily guessed.

Defined Approach:

Disk Encryption: Technique or technology (either software or hardware) for encrypting all stored data on a device (for example, a hard disk or flash drive). Alternatively, File-Level Encryption or Column-Level Database Encryption is used to encrypt contents of specific files or columns.

DBA: Doing Business As (Business name).

DMZ: Abbreviation for “demilitarized zone.” Physical or logical sub-network that provides an additional layer of security to an organization’s internal private network.

DNS: Acronym for “Domain Name System.”

Dynamic IP: An IP address that periodically changes.

E

E-commerce (web) Redirected Server: A server that redirects a customer browser from a merchant’s website to a different location for payment processing during an e-commerce transaction.

Encryption: Encryption in payments information is where the payment card data is scrambled on your device and stays scrambled until it reaches the payment processor. When you pay with a card online or in a store, your information gets mixed into a code that only the intended recipient can understand.

EPOS: Electronic Point of Sale

External Vulnerability Scan (EVS): These scans passively identify any vulnerabilities on the external network that malicious individuals could potentially hack into to exploit and access Cardholder Data. Merchants are required to run these scans at least every 90 days on their public IP address.

F

File Integrity Monitoring (FIM): A change-detection solution that checks for changes, additions, and deletions to critical files, and notifies when such changes are detected.

File-Level Encryption: Technique or technology (either software or hardware) for encrypting the full contents of specific files. Alternatively, see Disk Encryption and Column-Level Database Encryption.

Firewall:  Hardware and/or software technology that protects network resources from unauthorized access. A firewall permits or denies computer traffic between networks with different security levels based on a set of rules and other criteria.

Forensics: Also referred to as “computer forensics.” As it relates to information security, the application of investigative tools and analysis techniques to gather evidence from computer resources to determine the cause of data compromises. Investigations into compromises of payment data are typically conducted by a PCI Forensic Investigator (PFI).

FTP: Acronym for “File Transfer Protocol.” Network protocol used to transfer data from one computer to another through a public network such as the Internet. FTP is widely viewed as an insecure protocol because passwords and file contents are sent unprotected and in cleartext. FTP can be implemented securely via SSH or other technology.

I

IDS: Intrusion Detection System

iFrame: A disguised re-directed payment gateway that is embedded into the website.

Integrated Payment Page: The website does not re-direct customers to make the payment—these details would be stored, processed & transmitted on the merchant’s website. The payment page is fully integrated in the website.

Internal Vulnerability Scans (IVS): These scans notify a merchant of what could potentially be exploited if the external network was breached. These scans are a quarterly requirement for SAQ C merchants; however, these do not need to be reported to the acquirer.

IP Address: A numerical value assigned to each device participating in a computer network that uses the Internet Protocol for communication.

IPS: Intrusion Prevention System

IPOS: Integrated Point of Sale

ISA: Internal Security Assessor – An employee within the organization that has received training and qualification, to improve their organization’s understanding of the PCI Data Security Standard (PCI DSS), facilitate the organization’s interactions with Qualified Security Assessors (QSAs), enhance the quality, reliability, and consistency of the organization’s internal PCI DSS self-assessments, and support the consistent and proper application of PCI DSS measures and controls.

Issuer: The Customer’s bank. Bank or other organization issuing a payment card on behalf of a Payment Brand, e.g. MasterCard & VISA. Also referred to as “issuing bank” or “issuing financial institution.” An entity that issues payment cards or performs, facilitates, or supports issuing services, including but not limited to issuing banks and issuing processors.