A
Abandon : Any call or shopping basket transaction that was ended before completion.
Acquirer : The financial institution that maintains a merchant’s account for card payments.
Agent : An individual who handles customer interactions.
Agent-Assisted Payments : A payment taken by an agent in communication with a customer.
AHT - Average Handling Time : The average length of a customer’s call.
AI (Artificial Intelligence) : Cognitive technology that is programmed to behave like humans.
Alternative Payments : Any payment method that is not cash, credit or debit card.
AOC : Attestation of Compliance is a declaration of an organization's compliance to PCI DSS.
API : Application Programming Interface allows different computer programs to communicate.
Approved Scanning Vendor ASV : Someone who determines if an organization is compliant with PCI DSS external scanning requirements.
ASR - Automatic Speech Recognition : Technology that allows humans to speak to a computer interface.
Audit : A regular inspection of an organization’s systems and processes to ensure they are PCI DSS compliant.
Authentication : Process of verifying a customer’s identify through specific criteria.
B
Biometrics : Unique human physical characteristics such as voice, face, or fingerprints.
Bot : Intelligent virtual assistants that can help with all parts of customer engagement.
C
Call Recording : The recording of a telephone conversation for business or compliance purposes.
CallGuard : A patented, secure payment solution for agent assisted payments over the phone.
CCPA : California Consumer Protection Act.
CDE : Card Data Environment.
Channel Shift : The switching of an engagement from one channel to another.
Channels : The communication medium used by a customer to get in touch.
Chat : A real-time, text-based method of communicating.
Chatbot : An automated self-service technology for handling inquiries.
ChatGuard : A technology for taking secure payments within a chat or chatbot session.
CHD : Cardholder Data.
CNP - Card Not Present : A card transaction where the merchant cannot physically see the payment card.
Compensating Controls : A process used to mitigate risk when not able to meet a PCI DSS requirement.
Compliance : The ability to meet the requirements of standards and regulations.
Contact Center : A business function that is primarily responsible for handling customer interactions.
Customer Experience : What it feels like for a customer to interact with an organization.
Customer Service : The provision of services in response to customer inquiries.
CVV/CVC/CV2 : Card Verification Value or Card Verification code.
D
Data breach : The malicious or accidental release of sensitive, private or confidential information to an untrusted environment.
De-risking : Solutions that only tackle surface-level threats and not the larger environment.
De-scoping : The removal of parts of an organization from the scope of an audit.
Digital Channels : Customer contact channels making use of digital technology.
Digital Transformation : An approach that uses technology to deliver products and services better.
Digital Wallet : An electronic device that stores all your payment details in one location, typically an app.
Drop-outs : Customers who abandon their engagement before it is completed.
DTMF : Dual Tone, Multi-Frequency, which is the tone that’s heard with each press of a key on a touchtone keypad.
e
e-Wallet Payments : Another name for a Digital Wallet Payment where the payment data is stored within an app.
E
EckohASSIST : A conversational self-service platform that uses Natural Language technology to greet customers by simply asking ‘how can I help you?’
F
Firewall : Hardware and/or software technology that controls network access.
First Call/Contact Resolution : A contact center objective to handle customer calls efficiently and seamlessly.
Frictionless payments : A payment that does not require data to be entered.
G
Gateway : A payment service provided by an e-commerce application provider that authorizes card payments.
GDPR : General Data Protection Regulation covering how European Union citizens’ data is handled.
H
Hackers : Anyone who attacks your IT systems to gain data for fraudulent or criminal use.
Hidden Agent : An unseen agent who works behind the scenes of an automated process in case of need.
HIPAA (Health Insurance Portability and Accountability Act) : A US national standard to protect sensitive patient health information.
Home working agents : An agent working from their home environment rather than an office.
Hosted Services : Services that organizations access from external service providers.
I
Interaction : An engagement between a customer and an organization for service or sales.
Issuer : Entity that issues payment cards or performs, facilitates, or supports issuing services.
IVR (Interactive Voice Response) : An automated phone-based assistant that can perform tasks in place of or supporting live-agents
J
Journey : The route and experience a customer has when engaging with an organization.
K
Knowledge Base : A centralized and searchable database of an organization's relevant knowledge.
L
Levels : Merchants and payment service providers fit into different risk levels.
M
Masking : In the context of PCI DSS, it is a method of concealing a segment of data when displayed or printed or spoken.
Menus : An element of an IVR from which customers select an option for the next step of their journey.
Merchant : An entity that accepts payment cards as payment for goods or services.
Messaging : Text messaging that can be used for one- or two-way communication.
MiFID II : The Markets in Financial Instruments Directive.
MOTO or MO/TO : Acronym for “Mail-Order/Telephone-Order”.
Multi-Channel : The use of several channels to offer customer service.
Multi-Factor Authentication : Method of authenticating a user using more than one type of factor.
N
Natural Language Application : A conversational, full self-service support solution and/or call routing assistant.
Non-compliance : The inability to meet the required standards or regulations necessary.
O
Omni-Channel : The use of every available channel, interconnected, to deliver customer service.
On-Premise : Agents, hardware of software that is physically located on a client site.
Outsourcing : The passing of a service to a third party to handle on your behalf.
P
P2PE : Point to Point Encryption.
PA-DSS : Payment Application Data Security Standard.
PAN : Primary Account Number.
Patented Technology : A patented technology holds an exclusive right which is granted for an invention.
Pause and resume : A manually triggered solution where the agent pauses the call recording before taking any sensitive data such as payment card details.
Pay : Apple Pay, Google Pay, PayPal or Pay by Bank app.
Pay by Bank app : A payment made directly from you bank account to the payee.
Pay by Link : A payment made by clicking on a web link.
Payment Cards : Any credit or debit card used to make a payment.
Payment Channels : The various means a customer can use to get in touch with an organization and make a payment.
Payment Methods : The different ways a customer can pay.
Payment Processor : An entity that handles payment card transactions on behalf of another entity.
PCI DSS : Payment Card Industry Data Security Standard.
PCI SSC : Payment Card Industry Security Standards Council.
Penetration testing : Checking for vulnerabilities in security systems and environments of an organization.
PFI : PCI Forensic Investigator.
PII : Personally Identifiable Information.
PSD2 : Payment Services Directive 2.
PSP : Payment Services Provider.
Q
QSA : Qualified Security Assessor.
R
Regulations : Rules and standards to which organizations seek to be compliant.
Remote agents : An agent that is working away from the premise of an organization.
Responsibilities : Elements of any project that are designated to be completed by nominated parties.
Responsibility Matrix : A clear schedule of the compliance elements for PCI DSS.
ROC : Report on Compliance.
Rogue Agents : Any agent who seeks to gain sensitive information to use fraudulently.
S
SAD : Sensitive Authentication Data.
SAQ : Self-Assessment Questionnaire.
SCA - Strong Customer Authentication : Strong Customer Authentication.
Scoping : The defining of components to cover in any audit or inspection.
Secure Payments : These are payments that appropriately protect the sensitive data.
Self-Service : Automated technology that enables customers to interact with your organization without involving an agent.
Sensitive data : Any data that can be used to identify a person or financial details.
Service Provider : Any organization that delivers a service to a customer.
Social Listening : Technology that allows organizations to monitor and analyze all social media channels.
Speech Payments : A payment that is made by speaking the card details to an automated system.
T
Tokenization : The replacement of live data with dummy data for security purposes.
U
Upsell : To successfully convince a customer to purchase additional items.
V
Virtual Agent : An alternative name for a chatbot or AI customer service solution.
Visa Service Provider list : A list of PCI DSS compliant service providers.
Visual IVR : An extension of IVR engagement to include visual elements for smart devices.
Vulnerabilities : Areas of weakness in an organization that could be a fraud risk.
W
Web Chat Payments : Secure payments taken within the actual chat session.
Y
Years of experience : Eckoh is one of the longest serving PCI DSS Level One Service Providers.