Skip to Local Navigation
Skip to Content
California State University, Long BeachCalifornia State University, Long Beach
Skip to Content

Security Breach of Credit/Debit Cardholder Data - Appendix A

Return to Procedure

APPENDIX A DEFINITIONS

Card Validation Value or Code
The three-digit value printed on the signature panel area of a payment card, typically used to verify card-not-present transactions.
  • CVC2 Card Validation Code 2 (MasterCard payment cards)
  • CVV2 Card Verification Value 2 (Visa payment cards)
  • CID Card Identification Number (American Express and Discover payment cards)
Cardholder
The customer to whom a payment card has been issued or the individual authorized to use the card.
Cardholder Data
All personally identifiable data about the cardholder (i.e., primary account number, magnetic stripe, service code, expiration date, data provided by the cardholder, other electronic data gathered by the merchant/agent, and so on). This term also accounts for other Confidential Information gathered about the cardholder (i.e., addresses, telephone numbers, and so on).
Compromise
Intrusion into computer system where unauthorized disclosure, modification, or destruction of cardholder data may have occurred.
Magnetic Stripe Data (Track Data)
The magnetic stripe on the back of all payment cards which contains encoded data used for authorization during a card present transaction. The University may not retain full magnetic stripe data subsequent to transaction authorization. Specifically, subsequent to authorization, service codes, discretionary data/CVV/CVC/CID, and payment card reserved values must be purged; however, account number, expiration date, and name may be extracted and retained.
Merchant Bank
A financial institution that initiates and maintains contractual agreements with merchants for the purpose of accepting and processing payment card transactions.
Payment Card
A phrase used to describe credit and debit cards that contain the American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International logos.
PIN
Abbreviation for Personal Identification Number. The four digit security code used to verify the customer is the authorized user of the payment card.
PIN Blocks
Created immediately when a PIN is entered by a cardholder at a Point of Sale. To protect the PIN during electronic transit, it is formatted into a PIN block, the PIN block is encrypted under a transport key and the resulting Encrypted PIN Block (EPB) is sent for verification.
Primary Account Number (PAN)
Is the payment card number (credit or debit) that identifies the issuer and the particular cardholder account.
Security Incident
A collection of related activities or events which provide evidence that confidential information or cardholder data could have been acquired by an unauthorized person.
Security Breach
An unauthorized acquisition of cardholder data.