Payment Card Industry (PCI) Data Security Standard (DSS)
Acronyms Glossary, Abbreviations and Acronyms
Database - Structured format for organizing and maintaining easily retrieved information.
Simple database examples are tables and spreadsheets
Data Base Administrator (DBA) - Database Administrator. Individual responsible for managing and administering databases
DBA (Doing Business As) - Doing business as. Compliance validation levels are based on transaction volume of a DBA or chain of stores (not of a corporation that owns several
chains)
Default accounts - System login account predefined in a manufactured system to permit initial access when system is first put into service
Default password - Password on system administration or service accounts when system is shipped from the manufacturer; usually associated with default account. Default
accounts and passwords are published and well known
DES - Data Encryption Standard (DES). Block cipher elected as the official Federal
Information Processing Standard (FIPS) for the United States in 1976. Successor is the Advanced Encryption Standard (AES)
DMZ - Demilitarized zone. Network added between a private and a public network to
provide additional layer of security
DNS - Domain name system or domain name server. System that stores information
associated with domain names in a distributed database on networks, such as
the Internet
DSS - Data Security Standard
Dual Control - Process of using two or more separate entities (usually persons) operating in
concert to protect sensitive functions or information. Both entities are equally responsible for the physical protection of materials involved in vulnerable transactions. No single person is permitted to access or use the materials (for example, the cryptographic key). For manual key generation, conveyance,loading, storage, and retrieval, dual control requires dividing knowledge of the key among the entities. See also, “split knowledge”
ECC - Elliptic curve cryptography. Approach to public-key cryptography based on
elliptic curves over finite fields
Egress - Traffic exiting a network across a communications link and into the customer's
network
Encryption - Process of converting information into an unintelligible form except to holders of a specific cryptographic key. Use of encryption protects information between the encryption process and the decryption process (the inverse of encryption) against unauthorized disclosure
FIPS - Federal Information Processing Standard
Firewall - Hardware, software, or both that protect resources of one network from
intruders from other networks. Typically, an enterprises with an intranet that
permits workers access to the wider Internet must have a firewall to prevent
outsiders from accessing internal private data resources
FTP - File transfer protocol
GPRS - General Packet Radio Service. Mobile data service available to users of GSM
mobile phones. Recognized for efficient use of limited bandwidth. Particularly suited for sending and receiving small bursts of data, such as e-mail and web browsing
GSM - Global System for Mobile Communications. Popular standard for mobile phones
Ubiquity of GSM standard makes international roaming very common between
mobile phone operators, enabling subscribers to use their phones in many parts
of the world
Host - Main computer hardware on which computer software is resident
Hosting Provider - Offer various services to merchants and other service providers. Services range from simple to complex; from shared space on a server to a whole range of
“shopping cart” options; from payment applications to connections to payment gateways and processors; and for hosting dedicated to just one customer per server
HTTP - Hypertext transfer protocol. Open-internet protocol to transfer or convey information on the World Wide Web
