# PCI DSS Glossary

<table><thead><tr><th width="319">Item </th><th>Description</th></tr></thead><tbody><tr><td><strong>AOC – Attestation of Compliance</strong></td><td>A document used to confirm the results of a <strong>PCI DSS</strong> assessment, based on findings from a Self-Assessment Questionnaire (SAQ) or a Report on Compliance (RoC).</td></tr><tr><td><strong>ASV – Approved Scanning Vendor</strong></td><td>A company authorized by the PCI Security Standards Council (PCI SSC) to perform external vulnerability network scans to identify security weaknesses.</td></tr><tr><td><strong>CDE – Cardholder Data Environment</strong></td><td>The people, processes, and technology involved in collecting, storing, processing, or transmitting cardholder data.</td></tr><tr><td><strong>CHD – Cardholder Data</strong></td><td>The minimum required cardholder information includes the full PAN (Primary Account Number), with optional details such as cardholder name, expiration date, and service code.</td></tr><tr><td><strong>PCI DSS – Payment Card Industry Data Security Standards</strong></td><td>A globally recognized security standard designed to protect cardholder data and ensure secure payment processing.</td></tr><tr><td><strong>PCI SSC – Payment Card Industry Security Standards Council</strong></td><td>An independent body responsible for developing and maintaining PCI DSS and related security standards.</td></tr><tr><td><strong>POI – Point of Interaction</strong></td><td>The initial touchpoint where cardholder data is read from a card, typically at a payment terminal or other payment acceptance device.</td></tr><tr><td><strong>PTS – PIN Transaction Security</strong></td><td>A set of security requirements defined by the PCI SSC for PIN acceptance devices (e.g., point-of-interaction terminals).</td></tr><tr><td><strong>QSA – Qualified Security Assessor</strong></td><td>A company certified by the PCI SSC to conduct PCI DSS onsite assessments for businesses handling cardholder data.</td></tr><tr><td><strong>RoC – Report on Compliance</strong></td><td>A detailed report documenting the findings of a business’s PCI DSS assessment, often required for compliance validation.</td></tr><tr><td><strong>SAD – Sensitive Authentication Data</strong></td><td>Security-sensitive information used for authentication or authorization. This includes 3- or 4-digit card security codes (CAV2, CVC2, CID, CVV2) used for card-not-present transactions.</td></tr><tr><td><strong>SAQ – Self-Assessment Questionnaire</strong></td><td>A reporting tool that allows businesses to self-assess their PCI DSS compliance based on specific requirements.</td></tr><tr><td><strong>TLS – Transport Layer Security</strong></td><td>A secure network protocol that ensures data encryption and integrity during communication between applications. TLS is the successor to SSL (Secure Sockets Layer).</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://doc.ecomm.api.tietoevry.com/security-and-compliance/pci-dss-compliance/pci-dss-glossary.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.