Ask anyone who has worked in technology and you’ll get an instant look of recognition when you mention “alphabet soup” – a phrase used to refer to an abundance of industry acronyms. Every industry has them, and the file transfer space is obviously no exception.
Of course, it pays to know the lingo. So over the next few weeks, we’ll be highlighting a few essential terms that everyone in the file transfer space should know about. To start, we’re going to focus on a few terms specific to the financial services industry.
Let’s take a closer look:
- PCI – Payment Card Industry. If you’ve ever bought a product online or given your credit card information to secure a service via a computer, you have invariably operated under the auspices of this organization. In order to make sure that transaction happens securely, this industry sets the standards.
- PCI DSS – PCI Digital Security Standards. This acronym identifies the rules. Once you are in a PCI-regulated environment, you will find that specific rules and specifications exist to ensure that all transactions are safe. Aside from security, there are a number of comprehensive protocols, standards and measurements that are required in order to successfully meet the compliance requirements.
- ROC – Report on Compliance. This term is basically just what it says it is; an official written report of the compliance process that is achieved by adhering to the standards outlined by the PCI. Specific details of the PCI qualification process, unique characteristics and requirements of individual application are found in this document, which serves as a template for qualification. Typical entries include, Executive Summary, Description of Work, Environment, Reporting Procedures, Statistics, and Observations.
- QSA – Quality Security Assessor. A QSA is an auditor or provider that has been qualified by the PCI Council to serve as implementers of the PCI standards. Qualified Security Assessors are employees of these providers who have been qualified and certified by the Council to validate an entity’s adherence to the PCI DSS.
- DMZ – Demilitarized Zone. A safe zone, essentially. This is a hosted area or a small secure network that serves as an intermediary or neutral location between the end user and the provider. This “zone” prevents unauthorized access to the secure servers that process the actual transactions and store the credit card information, for example. Outside users can only access as far as the DMZ and no further.
- PII – Personally Identifiable Information. Anytime a transaction that requires credit card, Social Security, phone numbers or other sensitive occurs, a verification process must occur. Secret code words, symbols and unique individual identifiers are typical requests during a PII transaction.
- MFT – Managed File Transfer (MFT) Systems provide a central system to manage the transfer of files and data (including sensitive and conﬁdential transaction information) to/from the financial institution to its extended ecosystem of partners, suppliers and transaction handlers. This includes integrating with other systems and vendors with multiple configurations and access controls. MFT systems are a key cog in enabling a financial organization with file transfer automation and auditing to support PCI compliance.
We hope to have shed some light on a few key terms relating to financial file transfers. If there are other terms you’d like explained in clear, concise language, be sure to let us know in the comments sections.