PCI Compliance Glossary

Clear definitions of key terms in PCI DSS, cybersecurity, and compliance — written for business owners, not IT pros.

Understand the Language of PCI Compliance

Confused by acronyms like SAQ, AOC, or ASV? This glossary explains every important term so you can feel confident navigating your compliance journey.

🔐 AOC (Attestation of Compliance)

A formal document that confirms your organization has met PCI DSS requirements. Submitted to your acquiring bank or payment processor.

🔍 ASV (Approved Scanning Vendor)

A security company authorized by the PCI Council to perform external vulnerability scans required by PCI DSS.

📄 SAQ (Self-Assessment Questionnaire)

A series of forms designed to help merchants and service providers self-evaluate their PCI DSS compliance based on how they process card data.

🧰 PCI DSS (Payment Card Industry Data Security Standard)

The global security standard that all businesses handling credit card information must follow to protect customer data.

📦 Tokenization

A process of replacing sensitive card data with non-sensitive tokens that cannot be used if intercepted.

📊 Vulnerability Scan

An automated tool that checks your systems for known security issues and misconfigurations. Required quarterly by PCI DSS for many businesses.

🔧 Remediation

The process of fixing or mitigating issues found during a PCI scan or self-assessment, including software updates, configuration changes, or system improvements.

💼 Merchant Level

Classification based on your annual number of card transactions. Determines which compliance requirements and SAQ version apply to you.

🔒 Encryption

Scrambling sensitive information (like card numbers) so it can only be read with the correct decryption key. A key part of PCI DSS requirements.

📁 Compensating Control

A security measure that replaces a PCI requirement when the original control is not feasible, while still meeting the intent of the rule.

Still Have Questions?

Our experts can walk you through any term or requirement. We make PCI compliance simple and human-friendly.

Talk to an Expert

Tags: PCI glossary, PCI DSS terms, SAQ explained, AOC meaning, ASV scanner, PCI compliance language, vulnerability scan definition.

icon 1,650 PCI scans performed this month