Glossary of Terms

Banking and Reconcillation

ACH, Automated Clearing House – refers to an electronic payment that is cleared by the NACHA network.  This item is processing and settles the following day.  (Also see Wire)

Automatic Journal, Autojournal (formerly called MSD, Merchant Service Deposit) – Journals can be automated in the general ledger in PeopleSoft for unique and repetitive deposits and fees.  This process was originally automated for all credit card merchant deposits and fees.  This automated process is also available for other repetitive transactions.  Departments may specify a chartfield combination and this is mapped to the bank transaction detail to create journal entries. This process is set up when credit card merchant accounts are opened.  Other repetitive transactions may be automated.  Please contact the Treasurer’s office for further information.   

Chart Field – refers to the chart of accounts of the general ledger to identify a department or unit’s financial transactions.  It includes a BU (Business Unit), ORG (OSU organization), FUND, and ACCOUNT.  The chartfield is assigned by the Controller’s office to classify deposits and payments in order for departments to have their transactions recorded in the University’s general ledger system.  

Wire – refers to an electronic payment processed and settled the same day for domestic wires.  International wire settlement dates varies by country.

Foreign Draft – refers to a customized check sent to a foreign country.  Please contact AP  for further details.

 

Credit Card and PCI Compliance

AoC, Attestation of Compliance A report prepared by a PCI

Cardholder Data refers to displaying or printing more than the last four (4) digits of a customer’s sixteen (16) digit credit or debit card number. 

CVV  Card Verification Value Code (a.k.a CVV2) - This is a three (3) digit number on the back of a credit card. In the case of American Express, this is a four (4) digit code on the front of the credit card.

DSS (Data Security Standards) The credit or debit card data security standards are established by the PCI Council.  Merchants at The Ohio State University must refer to the current and applicable provisions of the DSS. https://www.pcisecuritystandards.org/

IP Address – Internet Protocol Address is a unique number used to represent every computer in a network.  The format of an IP Address is four sets of numbers separated by dots (e.g. 198.123.123.7)

Merchant - A merchant is a department, entity, or affiliate that accepts cardholder  payments using the University’s merchant processor(s).  An OSU merchant is assigned a merchant account number by the Office of Financial Services. 

PCI  Software  -  PCI software is installed on an OSU computer and determined by the credit card industry to follow the industry’s best practices for securing credit card information.  This includes customized, pre-installed, and "off-the-shelf" software and wireless devices.  The following link provides a complete list of PCI approved Payment https://www.pcisecuritystandards.org/

PAN (Primary Account Number) – The 16 digit card number.

PED (Pin Entry Device) – Terminal that allows entry of a customer’s Personal Identification Number.

PIN (Personal Identification Number) – Personal number used in debit card transactions.

PCI Council (Payment Card Industry) –  Visa, MasterCard, American Express, and Discover, has formed a Council to establish Data Security Standards (DSS) for the industry.  Please see the following link for their website.  https://www.pcisecuritystandards.org/

Payment Gateway – A payment gateway is a type of service provider that transmits, processes, or stores credit cardholder data as part of a payment transaction.  They facilitate payment transactions such as authorizations and settlement between merchants or processors, also called endpoints.  Merchants may send transactions directly to an endpoint or indirectly using a payment gateway.

RoC, Report of Compliance – PCI Report prepared by a Qualified Security Assessor to verify a merchant’s compliance with the PCI DSS, Data Security Standards. 

QSA, Qualified Security Assessor – A PCI auditor certified and listed on the PCI Council’s list of QSA companies.  

Sensitive Authentication Data -  refers to the three (3) or four (4) digit validation code, CVV2, on the front or back of a card and PIN number, personal identification numbers.  PCI does not permit this data to be stored even if it is protected according to the PCI Data Security Standards. 

Service Provider - A vendor that provides access to the Internet and to applications to facilitate the transfer and/or storage of credit card information.  The following link provides a complete list of PCI Compliant Service Providers.  (Please note, this list is maintained on Visa’s website.)   http://www.visa.com/splisting/searchGrsp.do