AES
Advanced Encryption Standard; the highest level of encryption currently available; replaces DES
Algorithm
An algorithm is a specific set of instructions for carrying out a procedure or solving a problem — in E2EE, algorithms are used to convert data to encrypted data
ANSI X9.24
American National Standards Institute — Retail financial services symmetric key management
ASC Accredited Standards Committee
Asymmetric Encryption Key used to encrypt the message is different from the key used to decrypt the message. (also called Public Key encryption)
Chip and PIN
A security measure to halt the use of unauthorized (forged) cards that verifies that cards present are authentic cards by reading a special chip imbedded in the card in combination with the consumer entering a personal identification number
Clear Text Data
Card data that appears in the clear, or not encrypted; the actual card number and data
CPU
Central processing unit; an electronic circuit that can carry out computer programs. In the payments processing flow, the CPU is a Host Security Module (HSM) — a specialized, hardened server.
DES
Data Encryption Standard; 3DES is use of three DES key string
DSS
Data Security Standards, as in PCI-DSS
DUKPT
Derived Unique Key Per Transaction
End-to-End Encryption
Encrypting sensitive data at its point of origin through the entire path — never transporting data in clear text
FPE
Format Preserving Encryption
FS-ISAC
The Financial Services Information Sharing and Analysis Center
HSM
Hardware Security Module; a specialized server built to handle extremely sensitive information — hardened to be resistant to infiltration
Keys
The formulaic key to the encryption algorithm that allows the clear text data to be converted to encrypted data
MAG
Merchant Advisory Group
Magnetic Stripe
The black stripe located on the back of a payment card. This stripe transfers payment information including account number, card holder name and other personal data through to the payments processor and the card brands so the card owner is billed for their purchases
MSR
Magnetic Stripe Reader
PA-DSS
Payment Application Data Security Standards, as in PCI — PA DSS
PAN
Payment Account Number
PCI
Payment Card Industry
PED
PIN entry device
PIN
Personal identification number; used as a safeguard to ensure the person using the card is the card owner
POS System
Point-of-sale system; the software loaded onto a terminal where cards are swiped at the point of purchase to send card and purchase data to the payments processor.
PPISC
The Payments Processing Information Sharing Council (PPISC),
SPVA
The Secure POS Vendor Alliance
Sniffer Malware
Malicious software that monitors and copies data found on networks without being detected. Cyber criminals can use this software to acquire/steal credit card data while it is transmitted through the payments process (if it is clear text data).
Symmetric Encryption
Same key used to encrypt and decrypt message (also called single key, shared key, secret key encryption)
TDES
Triple DES, see DES
Terminal
The hardware used at a point of purchase to swipe payment cards to record transaction data. Terminals are linked with POS systems to send the transaction data to the payments processor.
Tokenization
Replaces data with information based on an index for an unpredictable value.
TSRM
Tamper Resistant Security Module; Heartland’s E3 terminal is tamper-resistant. When tampering is detected the secret keys are wiped from the terminal rendering it useless.
X9.24
ANSI reference — Retail financial services symmetric key management