Archive
Homeglossary
Vulnerability assessment
November 2017
A vulnerability assessment is a technical security audit that uses automated tools to test for security flaws, misconfigurations and weaknesses [...]
Read more Vulnerability assessment
Validation/Audit
November 2017
Validation/Audit refers to the final stage of PCI compliance whereby a Qualified Security Assessor (QSA) will validate and attest the compliance [...]
Read more Validation/Audit
Token
November 2017
A value provided by hardware or software that usually works with an authentication server or VPN to perform dynamic or two-factor authentication.
Read more Token
Tokenization
November 2017
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the [...]
Read more Tokenization
Service Provider
November 2017
A service provider is an entity that stores, processes or transmits cardholder data on behalf of merchants. Examples of service providers include [...]
Read more Service Provider
Scope
November 2017
The scope is a piece of work undertaken by an entity that stores, processes or transmits cardholder data and that is validated by a QSA
Read more Scope
Report on Compliance (ROC)
November 2017
The report on compliance refers to a report that shows that an environment has been validated by a QSA in accordance with the PCI DSS.
Read more Report on Compliance (ROC)
Qualified Security Assessor (QSA)
November 2017
A QSA is an Information Security and PCI expert who works for a QSA firm and who has been certified by the PCI SSC to
Read more Qualified Security Assessor (QSA)
Privacy Act
November 2017
The Privacy Act 1988 (Privacy Act) regulates how personal information is handled. The Privacy Act includes ten National Privacy Principles [...]
Read more Privacy Act
Primary Account Number (PAN)
November 2017
Primary Account Number is essentially a payment card number (16 – 19 digits) which is generated according to the LUHNS algorithm).
Read more Primary Account Number (PAN)