Vanderbilt University Medical Center Finance

Sarah Bettencourt, Manager – PCI Compliance and Point of Sale Services
3319 West End Ave., Suite 600
(615) 875-9523 or


Common terms and definitions:

Merchant - For the purposes of the PCI DSS, a merchant is defined as any approved department or controlled subsidiary that accepts payment cards bearing the logos of any of the five members of PCI SSC (American Express, Discover, JCB, MasterCard or Visa) as payment for goods and/or services on the behalf of VUMC.

Payment Card - Any payment card/device that bears the logo of American Express, Discover Financial Services, JCB International, MasterCard Worldwide, or VISA, Inc.

Payment Card Industry Data Security Standard (PCI DSS) - A multi-faceted security standard defined by the major credit card brands (Visa, MasterCard, American Express, Discover, JCB) that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

Payment Application Data Security Standards (PA DSS) - Validated Payment Applications are used by merchants to process electronic payments. Validation occurs after payment applications have been assessed for compliance by Payment Application Qualified Security Assessors using the Payment Application Data Security Standard. Their evaluation of the application and their documentation of such compliance is provided in a corresponding Report on Validation.

Cardholder Data (CHD) - All personally identifiable data about the cardholder. These elements include Primary Account Number (PAN), Cardholder Name, Expiration Date and the CCV.

Compromise - Also referred to as “data compromise,” or “data breach.” Intrusion into a computer system where unauthorized disclosure/theft, modification, or destruction of cardholder data is suspected.

A complete Glossary of Terms, Abbreviations, and Acronyms can be located here.