Definitions of Frequently Used Terms

Main Content

Campus
  1. Payment Card Industry Data Security Standard (PCI DSS):  PCI DSS is the result of collaboration between the four major credit card brands to develop a single approach to safeguarding sensitive data.  PCI DSS defines a series of best practices for handling, transmitting, and storing sensitive data.
  2. Cardholder Data:  Includes cardholder name, full account number, expiration date, service code, full magnetic stripe, PIN / PIN Block or Card Validation Code (e.g., three-digit or four-digit value printed on the front or back of a payment card (e.g., CVV2 and CVC2 data)).
  3. Sensitive Cardholder Data: Includes Card Validation Code (e.g., three-digit or four-digit value printed on the front or back of a payment card (e.g., CVV2 and CVC2 data)), full magnetic stripe, and PIN / PIN Block.
  4. Merchant:  Any person or department accepting money for goods or services.  Includes conference registrations, memberships, fees, etc.
  5. Credit Card: Any payment card, including debit cards, which is issued by one of the major credit card associations (e.g. Visa, MasterCard, Discover)
  6. PCI DSS Campus Committee Representatives: The Bursar and designated Information Technology representative at each respective campus location.  For purposes of this document, the term Bursar includes the Comptroller at the School of Medicine.
  7. Payment Application Data Security Standards (PA-DSS): Program developed by Visa to assist software vendors in creating secure payment applications that are PCI DSS compliant.  A list of all vendors currently PABP compliant can be found on Visa’s website at PCI Security Standards.
  8. Payment Application Data Security Standards (PA DSS): Program managed by the Payment Card Industry Security Standards Council (PCI SSC) formerly managed by Visa and known as PABP.  PA DSS is a set of standards designed to assist software vendors in developing secure payment applications that comply with PCI DSS requirements.  A list of validated payment applications will be listed on the PCI SSC website, https://www.pcisecuritystandards.org/,