Acquirer - An entity which initiates and maintains relationships with merchants who accept payment cards. UNL’s Acquirer is Elavon/USBank.

Cardholder Data - At a minimum, cardholder data consists of the full Primary Account Number (PAN). Cardholder data may also appear in the form of the full PAN plus any of the following: cardholder name, expiration date and/or service code (3 or 4 digit number in the magnetic stripe.

Cardholder Data Environment (CDE) - The people, processes and technology that store, process or transmit cardholder data or sensitive authentication data, including any connected system components.

Cardholder Verification Code or Value - Also known as Card Validation Code or Value, or Card Security Code. Refers to either: (1) magnetic-stripe data, or (2) printed security features like the 3 or 4 digit code number printed on the payment card. Terms for code depend on the type of card and whether it is option (1) or (2). Some of those most often heard are CVV2, CVV, CVC2, and CVC.

Chargeback - Also known as a "Debit Memo,” a reversal of a sales transaction. If a $50 transaction resulted in a deposit into your merchant bank account, a chargeback for that transaction indicates that the $50 has been debited from your merchant account.

E-Commerce - When Transactions are entered at a website.

Firewall - Hardware and/or software technology that protects network resources from unauthorized access. A firewall permits or denies computer traffic between networks with different security levels based upon a set of rules and other criteria.

Payment Application - Any application that stores, processes, or transmits cardholder data as part of authorization or settlement.

Payment Cards - “Branded” cards used to pay for goods or services with the card type logo on the face of the card – such as Discover, Visa or MasterCard. We do not accept ATM or pin-based debit cards.

PCI - Acronym for “Payment Card Industry”. Used when referring to the Payment Card Industry Data Security Standard.

Point-of-Sale (POS) - Hardware and/or software used to process payment card transactions at merchant locations. Generally a face-to-face card present transaction or manually entered card number. Not entered at a website.

SAQ - Acronym for “Self-Assessment Questionnaire.” Tool used to validate compliance with the PCI DSS.

Separation of Duties - Practice of dividing steps in a function among different individuals, so as to prevent a single individual from being able to subvert the process.

Terminal -POS device used to gather the magnetic strip data from the card and print the receipt to be signed by the customer.

Truncation - The practice of removing a data segment. Commonly, when account numbers are truncated, the first 12 digits are masked or deleted, leaving only the last 4 digits.

Virtual Terminal - A virtual terminal is web-browser-based access to an acquirer, processor or third party service provider website to authorize payment card transactions, where the merchant manually enters payment card data via a securely connected web browser. Unlike physical terminals, virtual terminals do not read data directly from a payment card.

Vulnerability - Flaw or weakness which, if penetrated, breached or exploited, may result in an intentional or unintentional compromise of a system.