Attestation of Compliance (AOC) – The official PCI SSC form for merchants and service providers to attest to the results of a PCI DSS assessment, as documented in a Self-Assessment Questionnaire (SAQ) or Report on Compliance (ROC).
Cardholder Data (CHD) - At a minimum, cardholder data consists of the full PAN. Cardholder data may also appear in the form of the full PAN plus any of the following: cardholder name, expiration date and/or service code. See Sensitive Authentication Data for additional data elements that might be transmitted or processed (but not stored) as part of a payment transaction.
Cardholder Data Environment (CDE) - The system components, people, and processes that store, process, or transmit cardholder data and/or sensitive authentication data, and system components that may not store, process, or transmit CHD/SAD but have unrestricted connectivity to system components that store, process, or transmit CHD/SAD.
Data-Flow Diagram - A diagram showing how and where data flows through an entity’s applications, systems, networks, and to/from external parties.
Merchant Account - A merchant account is a type of business bank account that allows a business to accept and process electronic payment card transactions. Merchant accounts require a business to partner with a merchant acquiring bank who facilitates all communications in an electronic payment transaction.
Merchant ID (MID) - A merchant ID (MID) is a unique number that identifies a business and its merchant account. It's used to process payments, prevent fraud, and manage accounts.
Primary Account Number (PAN) - Unique payment card number (credit, debit, or prepaid cards, etc.) that identifies the issuer and the cardholder account.
PCI DSS - Acronym for “Payment Card Industry Data Security Standard.”
Qualified Security Assessor (QSA) – Companies that are qualified by PCI SSC to validate an entity’s adherence to PCI DSS requirements. elf-Assessment Questionnaire (SAQ) - Reporting tool used to document self-assessment results from an entity’s PCI DSS assessment.