Glossary S

Sanitization: Process for removing sensitive data from a file, device, or system; or for modifying data so that it is cannot be used if accessed in an attack.

S.A.N.S.: Sys Admin, assessment, Network, Security Institute (See www.sans.org)

Scalable: Easily expanded to suit future requirements. Applies to hardware or software. Example: An application program may be set up to run for two simultaneous users, but can be scaled up for more users in the event the company expands in the future. This is very important in purchasing decisions.

Secure Sockets Layer (SSL): A security standard many merchants employ to keep their Web sites secure, and to guard the safety, privacy, and reliability of payment data traveling over the Internet. SSL encrypts the channel between browser and Web server so that only the intended parties can read certain data, such as payment or customer information.

Secured Credit Card or Loan: A consumer uses savings or other collateral to guarantee the credit card or loan; the limit of credit is determined by the amount of collateral available.

Security Officer: Chief responsible person for security related affairs of an institution.

Security Policy: Set of laws, rules, and practices that control how an organization manages, protects, and distributes sensitive information.

Self-Service Terminal: A customer-activated terminal, especially one including the functions both of delivering and paying for goods (for example, in an automatic fuel vending system).

Sensitive Authentication Data: Security-related information (Card Validation Codes/Values complete track data, and PINs, and PIN Blocks) used to authenticate cardholders, which appears in plaintext or otherwise unprotected form. Disclosure, modification, or destruction of this information may compromise the security of a cryptographic device, information system, or cardholder information or could be used in fraudulent ways.

Separation of Duties: Practice of dividing steps in a function among different individuals, so as to keep a single individual from being able to threaten the process.

Server: A host computer that stores information (e.g., Web sites) and responds to requests for information (e.g., links to another Web page). Also used to refer to the software that makes the process of serving information possible. Example: Commerce servers use software to run the main functions of an e-commerce Web site, such as product display, online ordering, and inventory management.

Service Code: Three- or four-digit number on the magnetic-stripe that specifies acceptance requirements and restrictions for a magnetic-stripe read transaction.

Service Corps of Retired Executives (SCORE): An organization of experienced experts from a variety of fields. S.C.O.R.E. offers valuable advice on subject like advertising and pricing, cold calling and more.

Service Provider: Business entity that is not a payment card brand member or a merchant directly involved in the processing, storage, transmission, and switching or transaction data and cardholder information or both. This also includes companies that provide: services to merchants, services providers or members that control or could impact the security of cardholder data. Examples include: managed service providers that provide managed firewalls, IDS and other services as well as hosting providers and other entities. Entities such as telecommunications companies that only provide communication links without access to the application layer of the communication link are excluded.

S.E.T. Protocol: Secure electronic transaction protocol, an encryption technology designed to enable secure electronic transactions between card issuers, merchants and consumers. Unsecured information sent over the Internet can be intercepted. When making purchases online, you should consider a secure browser that complies with industry standards, such as secure sockets layer (SSL) or secure hypertext transfer protocol (S-HTTP). These often are included with Internet connection services.

Settlement: The financial resolution process between merchants, processors, acquiring financial institutions and issuing financial institutions.

S.H.A.: Secure Hash Algorithm. A set of related cryptographic hash functions. SHA-1 is most commonly used function. Use of unique salt value in the hashing function reduces the chances of a hashed value collision.

Shareware: Free software. However, the author typically requests a small fee to pay for registration and/or documentation.

Shortcut: An icon set up to lead to either a file on the hard disk, network, software program, or the Internet. When the icon is clicked on by the mouse, either the file is executed, the program starts, or an application opens with a selected document. This is most commonly used in Windows.

Small Business Administration (SBA): A government agency committed to helping entrepreneurs become successful through a variety of programs, including: counseling to financing.

Smart Card: A card which contains a central processing unit (CPU) that stores and secures information and makes decisions, as required by the card issuer's particular application needs.

S.N.M.P.: Simple Network Management Protocol. Supports monitoring of network-attached devices for any conditions that warrant administrative attention.

S.O.H.O.: Small Office/Home Office. Describes businesses that are either run out of the home or a small office. Software and hardware companies sometimes promote products as being suitable for a SOHO market.

Sole Proprietorship: A business in which the owner has complete control and responsibility.

Spam: Unsolicited (usually commercial) e-mail sent to a large number of addresses. Also used as a verb: To send unsolicited e-mail to several addresses.

Spider: A search engine program that obtains its information by beginning at a specified Web page then visiting each page linked to it, and so forth. This process continues as a spider "crawls" its way across the Web.

Split knowledge: Condition in which two or more entities, individually, have key components that independently convey no knowledge of the resultant cryptographic key.

S.Q.L. injection: Form of attack on database-driven web site. An attacker performs unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet. SQL injection attacks are exercised to steal information from a database from which the data would normally not be available and/or to gain access to an organization's host computers through the computer hosting the database.

S.Q.L.: Stands for: Structured (English) Query Language. Computer language used to create, modify, and gather data from relational database management systems.

S.S.H.: Stands for: Secure shell. Protocol suite providing encryption for network services, like remote login or remote file transfer.

S.S.I.D.: Stands for: Service set identifier. Name assigned to wireless WiFi (or IEEE 802.11 network.)

S.S.L.: Stands for: Secure Sockets Layer. A security standard used by many merchants to maintain a secure web site and to protect the safety, privacy, and reliability of payment data traveling over the Internet. SSL encrypts the channel between browser and Web server so that only the intended parties can read certain data, such as payment or customer information.

Statement: The written record prepared by the financial institution, usually once a month, listing all transactions for an account including such details as: deposits, withdrawals, and fees.

Status: The status of your account will be described by a credit -- the type of account (charge, credit or installment loan) and if your account has been paid on time, is past due or is canceled.

Store Card: A financial transaction card associated with a specific retailer or group of retail stores that can be used only for purchases from that retailer or group of stores where you hold your card.

Stored Value Card: An information storage card containing stored value, which the user can use to "spend" in a pay phone, retail, vending or related transaction.

Strong Cryptography: A general term to indicate cryptography that is especially resilient to cryptanalysis. That is, given the cryptographic method (algorithm or protocol), the cryptographic key or protected data is not exposed. The strength relies on the cryptographic key being used. Effective size of the key should meet the minimum key size of comparable strengths recommendations. One reference for minimum comparable strength notion is NIST Special Publication 800-57, August, 2005 (http://csrc.nist.gov/publications/) or others that meet the following minimum comparable key bit security.

Surf: Surfing refers to visiting various sites on the Internet.

System Components: Any network component, server, or application included in or connected to the cardholder data setting.