Skip to main content

Glossary L-P

Updated

L

LAN: Acronym for “local area network.”

Least Privileges: The minimum level of privileges necessary to perform the roles and responsibilities of the job function.

Load Balancer: A component on a network that evenly distributes traffic between multiple servers.

M

Managed Network Provider:  A third party that manages the firewalls, networking, webserver, and other network components. The network is fully managed by that third party and the merchant would have no control of the configuration bank or other organization issuing a payment card on behalf of a Payment Brand, e.g. Mastercard & VISA

Masking: Method of concealing a segment of PAN when displayed or printed. Masking is used when there is no business need to view the entire PAN. Masking relates to the protection of PAN when displayed on screens, paper receipts, printouts, etc.

Media: Physical material, including but not limited to, electronic storage devices, removable electronic media, and paper reports.

Merchant: For the purposes of the PCI DSS, a merchant is defined as any entity that accepts payment cards bearing the logos of any PCI SSC Participating Payment Brand as payment for goods and/or services.

A merchant that accepts payment cards as payment for goods and/or services can also be a service provider if the services sold result in storing, processing, or transmitting cardholder data on behalf of other merchants or service providers. For example, an ISP is a merchant that accepts payment cards for monthly billing but also is a service provider if it hosts merchants as customers.

MOTO: Acronym for “Mail-Order/Telephone-Order.”

Multi-Factor Authentication: Method of authenticating a user whereby at least two factors are verified. These factors include something the user has (such as a smart card or dongle), something the user knows (such as a password, passphrase, or PIN), or something the user is or does (such as fingerprints and other biometric elements).

N

NAC: Acronym for “Network Access Control.”

Network Diagram: A diagram showing system components and connections within a networked environment.

P

PAN: Acronym for “primary account number.” Unique payment card number (credit, debit, or prepaid cards, etc.) that identifies the issuer and the cardholder account.

Participating Payment Brand: Also referred to as “payment brand.” A payment card brand that, as of the time in question, is then formally admitted as (or an affiliate of) a member of PCI SSC pursuant to its governing documents. At the time of writing, Participating Payment Brands include PCI SSC Founding Members and Strategic Members

Password/Passphrase: A string of characters that serve as an authentication factor for a user or account.

Patch: Update to existing software to add function or to correct a defect.

Payment Cards: For purposes of PCI DSS, any payment card form factor that bears the logo of any PCI SSC Participating Payment Brand.

Payment Channel: Methods used by merchants to accept payments from customers. Common payment channels include card present (in person) and card not present (e-commerce and MO/TO).

Payment Page: A web-based user interface containing one or more form elements intended to capture account data from a consumer or submit captured account data, for purposes of processing and authorizing payment transactions. The payment page can be rendered as any one of:

  • A single document or instance,
  • A document or component displayed in an inline frame within a non-payment page,

Multiple documents or components each containing one or more form elements contained in multiple inline frames within a non-payment page.

Payment Page Scripts: Any programming language commands or instructions on a payment page that are processed and/or interpreted by a consumer’s browser, including commands or instructions that interact with a page’s document object model. Examples of programming languages are JavaScript and VB script; neither markup-languages (for example, HTML) or style-rules (for example, CSS) are programming languages.

Payment Processor: Sometimes referred to as “payment gateway” or “payment service provider (PSP).” Entity engaged by a merchant or other entity to handle payment card transactions on their behalf. See Acquirers.

PCI DSS: Payment Card Industry Data Security Standard – Global standard for merchants involved in card processing.

PCI SSC: Payment Card Industry Security Standards Council (American Express, Visa, Mastercard, JCB, Discover)

Physical Access Control: Mechanisms that limit the access to a physical space or environment to only authorized persons. See Logical Access Control.

PIN: Acronym for “personal identification number.” Secret numeric password known only to the user and a system to authenticate the user to the system. The user is only granted access if the PIN the user provided matches the PIN in the system. Typical PINs are used for automated teller machines for cash advance transactions. Another type of PIN is one used in EMV chip cards where the PIN replaces the cardholder’s signature.

POI: Acronym for “Point of Interaction,” the initial point where data is read from a card. An electronic transaction-acceptance product, a POI consists of hardware and software and is hosted in acceptance equipment to enable a cardholder to perform a card transaction. The POI may be attended or unattended. POI transactions are typically integrated circuit (chip) and/or magnetic-stripe card-based payment transactions.

Point of Sale System (POS): Hardware and software used by merchants to accept payments from customers. May include POI devices, PIN pads, electronic cash registers, etc.

Privileged User: Any user account with greater than basic access privileges. Typically, these accounts have elevated or increased privileges with more rights than a standard user account. However, the extent of privileges across different privileged accounts can vary greatly depending on the organization, job function or role, and the technology in use.

Private IP: An IP address typically used on local networks. Devices with private IP addresses cannot connect directly to the internet.

Public IP: An IP address visible to the public

P2PE: Point-to-Point Encryption – it encrypts card information from the first point to the last