E-commerce Payment Gateway Documentation – Beta Version 1.0 is now available.
Read Me
FAQMerchant APIHow-ToOur Access

PCI DSS Glossary

Item
Description

AOC – Attestation of Compliance

A document used to confirm the results of a PCI DSS assessment, based on findings from a Self-Assessment Questionnaire (SAQ) or a Report on Compliance (RoC).

ASV – Approved Scanning Vendor

A company authorized by the PCI Security Standards Council (PCI SSC) to perform external vulnerability network scans to identify security weaknesses.

CDE – Cardholder Data Environment

The people, processes, and technology involved in collecting, storing, processing, or transmitting cardholder data.

CHD – Cardholder Data

The minimum required cardholder information includes the full PAN (Primary Account Number), with optional details such as cardholder name, expiration date, and service code.

PCI DSS – Payment Card Industry Data Security Standards

A globally recognized security standard designed to protect cardholder data and ensure secure payment processing.

PCI SSC – Payment Card Industry Security Standards Council

An independent body responsible for developing and maintaining PCI DSS and related security standards.

POI – Point of Interaction

The initial touchpoint where cardholder data is read from a card, typically at a payment terminal or other payment acceptance device.

PTS – PIN Transaction Security

A set of security requirements defined by the PCI SSC for PIN acceptance devices (e.g., point-of-interaction terminals).

QSA – Qualified Security Assessor

A company certified by the PCI SSC to conduct PCI DSS onsite assessments for businesses handling cardholder data.

RoC – Report on Compliance

A detailed report documenting the findings of a business’s PCI DSS assessment, often required for compliance validation.

SAD – Sensitive Authentication Data

Security-sensitive information used for authentication or authorization. This includes 3- or 4-digit card security codes (CAV2, CVC2, CID, CVV2) used for card-not-present transactions.

SAQ – Self-Assessment Questionnaire

A reporting tool that allows businesses to self-assess their PCI DSS compliance based on specific requirements.

TLS – Transport Layer Security

A secure network protocol that ensures data encryption and integrity during communication between applications. TLS is the successor to SSL (Secure Sockets Layer).

PreviousPCI DSS ComplianceNextDORA

Last updated

Was this helpful?