Definitions Flashcards
Acronym for “authentication, authorization and accounting. Protocol for authenticating a user based on their verifiable identity, authorizing a user based on their user rights, and accounting for a user’s consumption of network resources.
AAA
Mechanisms that limit availability of information or information-processing resources only to authorized persons or applications.
Access Control
Account data consists of cardholder data and/or sensitive authentication data. See Cardholder Data and Sensitive Authentication Data.
Account Data
Primary Account Number
Account Number
Also referred to as merchant bank,”acquiring bank,” or acquiring financial institution , that processes payment card transactions for merchants and is defined by a payment brand as an acquirer. Acquirers are subject to payment brand rules and procedures regarding merchant compliance.
Acquirer
Elevated or increased privileges granted to an account in order for that account to manage systems, networks and/or applications.
Administrative Access
Type of malicious software that, when installed, forces a computer to automatically display or download advertisements.
Adware
Abbreviation for “Advanced Encryption Standard.”Blocker cipher used in symmetric key cryptography adopted by NIST in November 2001 as U.S. FISPS PUB 197 (or “FIP 197”).
AES
Acronym for “American National Standards Institute.” Private, non-profit organization that administers and coordinates the U.S. voluntary standardization and conformity assessment system.
ANSI
Program or software capable of detecting, removing, and protecting against various forms of malicious software (also called “malware”) including viruses, worms, Trojans or Trojan horses, spyware, adware, and root kits.
Anti-Virus
Acronym for “ attestation of compliance.” The AOC is a form for merchants and service providers to attest to the results of a PCI DSS assessment, as documented in the Self-Assessment Questionnaire or Report on Compliance.
AOC
Acronym for “attestation of validation.” The AOV is a form for PA-QSAs to attest to the results of a PA-DSS assessment, as documented in the PA-DSS Report on Validation.
AOV
Includes all purchased and custom software programs or groups of programs, including both internal and external (for example, web) applications.
Application
Acronym for “Approved Scanning Vendor.” Company approved by the PCI SCC to conduct external vulnerability scanning services.
ASV
Also referred to as “audit trail.” Chronological record of system activities. Provides and independently verifiable trail sufficient to permit reconstruction, review, and examination of sequence of environments and activities surrounding or leading to operation, procedure, or event in a transaction from inception to final results.
Audit Log
Also referred to Audit Log
Audit Trail
Process of verifying identity of an individual, device, or process. Authentication typically occurs through the use of one or more authentication factors such as:
Something you know, such as password or
Passphrase
Something you have , such as a token
Device or smart card
Something you are, such as a biometric
Authentication
Combination of the user ID or account ID plus the authentication factor(s) used to authenticate and individual, device, or process.
Authentication Credentials
In the context of access control , authorization is the granting of access or other rights to a user, program, or process. Authorization defines what an individual or program can do after successful authentication.
In the context of payment card transaction, authorization occurs when a merchant receives transaction approval after the acquirer validates the transaction with the issuer/processor.
Authorization
Duplicate Copy of data made for archiving purposes or for protecting against damage or loss.
Backup
An acronym for “business as usual.” BAU is an organization’s normal daily business operations.
BAU
Wireless protocol using short-range communications technology to facilitate transmission of data over short distances.
Bluetooth
Vulnerability that is created from insecure coding methods, where a program overruns the buffer’s boundary and writes data to adjacent memory space. Buffer overflows are used by attackers to gain unauthorized access to systems or data.
Buffer Overflow
A physical device, often attached to a legitimate card reading device, designed to illegitimately capture and/or store the information from a payment card.
Card Skimmer
