Payment Card Industry Data Security Standards (PCI DSS)
The PCI DSS is an information security standard for organizations that handle cardholder information for the major debit, credit and point of service cards. The PCI DSS standard includes requirements for security management, policies and procedures. Details can be found at https://www.pcisecuritystandards.org/security_standards/
Payment Card Industry.
Adherence to the industry-mandated security standards (PCI DSS and PA-DSS) that apply to all businesses that handle, process or store credit or debit cards. Businesses much meet the set requirements of the standards in order to be deemed "PCI compliant."
PCI Compliance Level
All merchants fall under four categories of PCI compliance (Level 1, Level 2, Level 3 and Level 4), depending on the number of transactions they process each year, and whether those transactions are performed from a brick and mortar location or over the Internet. Each merchant must meet the compliance requirements for their PCI compliance level.
Point of Interaction (POI)
The initial point where data is read from a card. An electronic transaction-acceptance product, a POI consists of hardware and software and is hosted in acceptance equipment to enable a cardholder to perform a card transaction. The POI may be attended or unattended. POI transactions are typically integrated circuit (chip) and/or magnetic-stripe card-based payment transactions.
Point of Sale (POS)
A location where credit card transactions are performed with the cardholder present, such as a retail store. The card is read magnetically, and the cardholder's signature is obtained as insurance against the transaction. EMV transactions additionally use a PIN and cryptographic algorithms to provide authentication of the card to the POS system.
Point-to-point encryption (P2PE)
Security process that ensures cardholder data is protected from card swipe all the way through to the host. The valuable cardholder data is encrypted prior to performing an electronic payment transaction, making it useless to potential theft,
Completion, or settlement, of a sale in which Pre-Authorization has occurred. At this point, the cardholder’s issuing institution would remove the authorization hold and release funds for payment to the merchant.
The process of updating individual cardholder account balances to reflect merchandise sales, instant cash, cash advances, adjustments, payments and any other charges or credits.
A conditional offer of credit from a credit card issuer based on a pre-qualification of the individual’s credit from an abbreviated credit bureau report. Upon acceptance of such an offer, the issuer makes a credit decision (usually after obtaining more detailed credit information) and assigns an annual percentage rate based on the most up to date credit profile of the customer.
Also called an Authorization Hold, pre-authorization occurs when the cardholder’s issuing institution immediately authorizes a credit card transaction but holds the funds as unavailable from the merchant until he or she officially clears (settles) or reverses (cancels) the transaction. This allows for changes in the sale amount that might occur between the time of authorization and settlement, as in hotel stays where last-minute phone calls or room service use could affect the amount of the final bill after checkout.
Primary Account Number (PAN)
The number that is embossed and/or encoded on a plastic card that identifies the issuer and the particular cardholder account.
The date on which the transaction is processed by the acquiring bank.
A company that handles all or some of the functions of a credit or debit transaction, ranging from providing terminals to managing back-end settlement.