PCI-DSS (Index B-C)

Payment Card Industry (PCI) Data Security Standard (DSS)

Acronyms Glossary, Abbreviations and Acronyms

• Backup - Duplicate copy of data made for archiving purposes or for protecting against damage or loss
• Cardholder - Customer to whom a card is issued or individual authorized to use the card
• Cardholder data - Full magnetic stripe or the PAN plus any of the following: Cardholder name,Expiration date, Service Code
• Cardholder data environment - Area of computer system network that possesses cardholder data or sensitive authentication data and those systems and segments that directly attach or support cardholder processing, storage, or transmission. Adequate network segmentation, which isolates systems that store, process, or transmit cardholder data from those that do not, may reduce the scope of the cardholder data environment and thus the scope of the PCI assessment
• Card Validation Value or Code - Data element on a card's magnetic stripe that uses secure cryptographic process to protect data integrity on the stripe, and reveals any alteration or counterfeiting. Referred to as CAV, CVC, CVV, or CSC depending on payment card brand. The following list provides the terms for each card brand:

• CAV Card Authentication Value (JCB payment cards)
• CVC Card Validation Code (MasterCard payment cards)
• CVV Card Verification Value (Visa and Discover payment cards)
• CSC Card Security Code (American Express)
• Note: The second type of card validation value or code is the three-digit value
• printed to the right of the credit card number in the signature panel area on the
• back of the card. For American Express cards, the code is a four-digit
• unembossed number printed above the card number on the face of all payment
• cards. The code is uniquely associated with each individual piece of plastic and
• ties the card account number to the plastic. The following provides an overview:
• CID Card Identification Number (American Express and Discover payment cards)
• CAV2 Card Authentication Value 2 (JCB payment cards)
• CVC2 Card Validation Code 2 (MasterCard payment cards)
• CVV2 Card Verification Value 2 (Visa payment cards)
• Compensating controls - Compensating controls may be considered when an entity cannot meet a requirement explicitly as stated, due to legitimate technical or documented business constraints but has sufficiently mitigated the risk associated with the requirement through implementation of other controls. Compensating controls must 
• meet the intent and rigor of the original stated PCI DSS requirement;  
• repel a compromise attempt with similar force; 
• be “above and beyond” other PCI DSS requirements (not simply in compliance with other PCI DSS requirements); and 
• be commensurate with the additional risk imposed by not adhering to the PCI DSS requirement
• CIS - Center for Internet Security. Non-profit enterprise with mission to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls
• Compromise - Intrusion into computer system where unauthorized disclosure, modification, or destruction of cardholder data is suspected
• Console - Screen and keyboard which permits access and control of the server or mainframe computer in a networked environment
• Consumer - Individual purchasing goods, services, or both 
• Cookies - String of data exchanged between a web server and a web browser to maintain a session. Cookies may contain user preferences and personal information
• Cryptography - Discipline of mathematics and computer science concerned with information security and related issues, particularly encryption and authentication and such applications as access control. In computer and network security, a tool for access control and information confidentiality