Glossary

A

• Abandon: Any call or shopping basket transaction that was ended before completion.
• Acquirer: The financial institution that maintains a merchant’s account for card payments.
• Agent: An individual who handles customer interactions.
• Agent Assisted Payments: A payment taken by an agent in communication with a customer.
• AHT - Average Handling Time: The average length of a customer’s call.
• AI (Artificial Intelligence): Cognitive technology that is programmed to behave like humans.
• Alternative Payments: Any payment method that is not cash, credit or debit card.
• AOC: Attestation of Compliance is a declaration of an organization's compliance to PCI DSS.
• API: Application Programming Interface allows different computer programs to communicate.
• Approved Scanning Vendor ASV: Someone who determines if an organization is compliant with PCI DSS external scanning requirements.
• ASR - Automatic Speech Recognition: Technology that allows humans to speak to a computer interface.
• Audit: A regular inspection of an organization’s systems and processes to ensure they are PCI DSS compliant.
• Authentication: Process of verifying a customer’s identify through specific criteria.

B

• Biometrics: Unique human physical characteristics such as voice, face or fingerprints.
• Bot: Intelligent virtual assistants that can help with all parts of customer engagement.

C

• Call Recording: The recording of a telephone conversation for business or compliance purposes.
• CallGuard: A patented, secure payment solution for agent assisted payments over the phone.
• CCPA: California Consumer Protection Act.
• CDE: Card Data Environment.
• Channel Shift: The switching of an engagement from one channel to another.
• Channels: The communication medium used by a customer to get in touch.
• Chat: A real-time, text-based method of communicating.
• Chatbot: An automated self-service technology for handling enquiries.
• ChatGuard: A technology for taking secure payments within a chat or chatbot session.
• CHD: Cardholder Data.
• CNP - Card Not Present: A card transaction where the merchant cannot physically see the payment card.
• Compensating Controls: A process used to mitigate risk when not able to meet a PCI DSS requirement.
• Compliance: The ability to meet the requirements of standards and regulations.
• Contact Center: A business function that is primarily responsible for handling customer interactions.
• Customer Experience: What it feels like for a customer to interact with an organization.
• Customer Service: The provision of services in response to customer enquiries.
• CVV/CVC/CV2: Card Verification Value or Card Verification code.

D

• Data breach: The malicious or accidental release of sensitive, private or confidential information to an untrusted environment.
• De-risking: Solutions that only tackle surface-level threats and not the larger environment.
• De-scoping: The removal of parts of an organization from the scope of an audit.
• Digital Channels: Customer contact channels making use of digital technology.
• Digital Transformation: An approach that uses technology to deliver products and services better.
• Digital Wallet: An electronic device that stores all your payment details in one location, typically an app.
• Drop-outs: Customers who abandon their engagement before it is completed.
• DTMF: Dual Tone, Multi-Frequency, which is the tone that’s heard with each press of a key on a touchtone keypad.

E

• e-Wallet Payments: Another name for a Digital Wallet Payment where the payment data is stored within an app.
• EckohASSIST: A conversational self-service platform that uses Natural Language technology to greet customers by simply asking ‘how can I help you?’

F

• Firewall: Hardware and/or software technology that controls network access.
• First Call/Contact Resolution: A contact center objective to handle customer calls efficiently and seamlessly.
• Frictionless payments: A payment that does not require data to be entered.

G

• Gateway: A payment service provided by an e-commerce application provider that authorises card payments.
• GDPR: General Data Protection Regulation covering how European Union citizens’ data is handled.

H

• Hackers: Anyone who attacks your IT systems to gain data for fraudulent or criminal use.
• Hidden Agent: An unseen agent who works behind the scenes of an automated process in case of need.
• HIPAA (Health Insurance Portability and Accountability Act): A US national standard to protect sensitive patient health information.
• Home working agents: An agent working from their home environment rather than an office.
• Hosted Services: Services that organisations access from external service providers.

I

• Interaction: An engagement between a customer and an organization for service or sales.
• Issuer: Entity that issues payment cards or performs, facilitates, or supports issuing services.
• IVR (Interactive Voice Response): An automated phone-based assistant that can perform tasks in place of or supporting live-agents

J

• Journey: The route and experience a customer has when engaging with an organization.

K

• Knowledge Base: A centralised and searchable database of an organisations relevant knowledge.

L

• Levels: Merchants and payment service providers fit into different risk levels.

M

• Masking: In the context of PCI DSS, it is a method of concealing a segment of data when displayed or printed or spoken.
• Menus: An element of an IVR from which customers select an option for the next step of their journey.
• Merchant: An entity that accepts payment cards as payment for goods or services.
• Messaging: Text messaging that can be used for one- or two-way communication.
• MiFID II: The Markets in Financial Instruments Directive.
• MOTO or MO/TO: Acronym for “Mail-Order/Telephone-Order”.
• Multi-Channel: The use of several channels to offer customer service.
• Multi-Factor Authentication: Method of authenticating a user using more than one type of factor.

N

• Natural Language Application: A conversational, full self-service support solution and/or call routing assistant.
• Non-compliance: The inability to meet the required standards or regulations necessary.

O

• Omni-Channel: The use of every available channel, interconnected, to deliver customer service.
• On-Premise: Agents, hardware of software that is physically located on a client site.
• Outsourcing: The passing of a service to a third party to handle on your behalf.

P

• P2PE: Point to Point Encryption.
• PA-DSS: Payment Application Data Security Standard.
• PAN: Primary Account Number.
• Patented Technology: A patented technology holds an exclusive right which is granted for an invention.
• Pause and resume: A manually triggered solution where the agent pauses the call recording before taking any sensitive data such as payment card details.
• Pay: Apple Pay, Google Pay, PayPal or Pay by Bank app.
• Pay by Bank app: A payment made directly from you bank account to the payee.
• Pay by Link: A payment made by clicking on a web link.
• Payment Cards: Any credit or debit card used to make a payment.
• Payment Channels: The various means a customer can use to get in touch with an organization and make a payment.
• Payment Methods: The different ways a customer can pay.
• Payment Processor: An entity that handles payment card transactions on behalf of another entity.
• PCI DSS: Payment Card Industry Data Security Standard.
• PCI SSC: Payment Card Industry Security Standards Council.
• Penetration testing: Checking for vulnerabilities in security systems and environments of an organization.
• PFI: PCI Forensic Investigator.
• PII: Personally Identifiable Information.
• PSD2: Payment Services Directive 2.
• PSP: Payment Services Provider.

Q

• QSA: Qualified Security Assessor.

R

• Regulations: Rules and standards to which organisations seek to be compliant.
• Remote agents: An agent that is working away from the premise of an organization.
• Responsibilities: Elements of any project that are designated to be completed by nominated parties.
• Responsibility Matrix: A clear schedule of the compliance elements for PCI DSS.
• ROC: Report on Compliance.
• Rogue Agents: Any agent who seeks to gain sensitive information to use fraudulently.

S

• SAD: Sensitive Authentication Data.
• SAQ: Self-Assessment Questionnaire.
• SCA: Strong Customer Authentication.
• Scoping: The defining of components to cover in any audit or inspection.
• Secure Payments: These are payments that appropriately protect the sensitive data.
• Self-Service: Automated technology so customers can interact without involving an agent.
• Sensitive data: Any data that can be used to identify a person or financial details.
• Service Provider: Any organization that delivers a service to a customer.
• Social Listening: Technology that allows organisations to monitor and analyse all social media channels.
• Speech Payments: A payment that is made by speaking the card details to an automated system.

T

• Tokenisation: The replacement of live data with dummy data for security purposes.

U

• Upsell: To successfully convince a customer to purchase additional items.

V

• Virtual Agent: An alternative name for a chatbot or AI customer service solution.
• Visa Service Provider list: A list of PCI DSS compliant service providers.
• Visual IVR: An extension of IVR engagement to include visual elements for smart devices.
• Vulnerabilities: Areas of weakness in an organization that could be a fraud risk.

W

• Web Chat Payments: Secure payments taken within the actual chat session.

Y

• Years of experience: Eckoh is one of the longest serving PCI DSS Level One Service Providers.