Exam (elaborations)
AQSA Certification Exam Questions With Correct Answers_ 1).pdf
- Course
- Institution
AQSA Certification Exam Questions With Correct Answers_ 1).pdf
[Show more]
Seller
Follow
Content preview
8/20/24, 9:02 PMAQSA Certification
Jeremiah
Terms in this set (157)
is an independent industry standards body providing oversights of the development
PCI SSC
and management of Payment Card Industry Data Security Standards on a global basis.
What are the founding payment brands? American express, Discover, JCB, Mastercard, and VISA
defined by the payment brands, based on transaction volume. Transaction volume
What define the merchant levels?
determined by the acquirer)
Defined by the payment brands according to transaction volume and/or type of service
What define the service provider levels? provider. Determined by the payment brans or acquirer, or sometimes the service
provider.
Card-not-present merchants (e-commerce or mail/telephone-order) that have fully
outsourced all cardholder data functions to PCI DSS validated third-part service
SAQ-A
providers, with no electronic storage, processing, or transmission of any cardholder
data on the merchant's systems or premises.
E-commerce merchants who outsource all payment processing to PCI DSS validated
third parties, and who have a website(s) that doesn't directly receive cardholder data
SAQ A-EP but that can impact the security of the payment transaction. No electronic storage,
processing, or transmission of any cardholder data on the merchant's systems or
premises.
Merchants using only:
SAQ-B - Imprint machines with no electronic cardholder data storage; and/or
- Standalone, dial-out terminals with no electronic cardholder data storage.
Merchants using only stand-alone, PTS-approved payment terminals with an IP
SAQ-B-IP connection to the payment processor, with no electronic cardholder data storage.
Not applicable to e-commerce channels.
is for merchants using only web-based virtual payment terminals, where cardholder
SAQ C-VT
data is manually entered into a secure website from a single system.
is for merchants with dedicated payment application systems segmented from all other
systems, and connected to the Internet for the purposes of transaction processing.
SAQ-C SAQ C is not applicable to e-commerce payment channels. A merchant only accepts
payments via the telephone and they enter the cardholder data directly into a webpage
provided by their acquirer.
AQSA Certification
1/6
, 8/20/24, 9:02 PM
covers security of the environments that store, process, or transmit account data. The
PCI DSS scope of PCI DSS covers environments receiving account data from payment
applications and other sources—acquirers, for example.
covers secure payment applications to support PCI DSS compliance. The scope of PA-
DSS addresses when a payment application receives account data from cardholder-
PCI PA-DSS
interface devices such as point-of sale-terminals or other devices and begins the
payment transaction.
covers secure encryption, decryption, and key management for point-to-point
PCI P2PE (Point-to-Point Encryption) encryption solutions. Requirements for a P2PE solution will vary depending on the
deployment environment and the technologies used for a specific implementation.
covers device tamper detection, cryptographic processes, and other mechanisms used
to protect the PIN and other sensitive data, such as cryptographic keys. The PTS set of
requirements addresses how cardholder PINs are protected at cardholder-interface
PCI PTS (PIN Transaction Security) POI
devices such as point-of-sale terminals, as well as hardware security modules that are
used for payment processing and cardholder authentication applications and
processes.
covers secure management, processing, and transmission of personal identification
PCI PIN Security
number (PIN) data during online and offline payment card transaction processing.
covers the design of hardware security modules and for securely protecting those
PCI PTS HSM standard
devices until they are deployed.
establish minimum security levels for card vendors involved in payment card
Card Production standards manufacturing, card personalization, pre-personalization, chip embedding, data
preparation , and fulfillment.
Discover Compliance Program is called Information Security Compliance
______________.
JCB Compliance Program is called Data Security Program
______________.
MasterCard Compliance Program is called Site Data Protection
______________.
Visa Inc. Compliance Program is called Information Security Program
______________.
Visa Europe Compliance Program is called Account Information Security Program.
______________.
that they handle PCI DSS compliance tracking, enforcement, and any penalties or fees
The key thing to understand for payment
that might be assigned. In addition, payment brands are responsible for forensic
brand compliance programs is ______ _.
response and investigation of account data compromises.
Develop and enforce compliance programs/Endorse QSA, PA-QSA and ASV company
What are the Payment Brand Roles?
qualification criteria/ Accept validation documentation from QSAs, PA-QSAs, and ASVs.
Merchant will generally report to their acquirer/ payment brands.
__________ where service providers will report
to the ________ _.
often referred to as the SAQ which is a validation tool for merchants and service
providers self-evaluating their compliance with PCI DSS. It is a validation tool for
self-assessment questionnaire
entities that are not required to submit a Report on Compliance as part of an onsite
assessment.
is for all other SAQ-eligible merchants that do not fall into any of the other SAQ
SAQ D categories, and for any service providers defined by a payment brand as eligible to
complete the SAQ.
AQSA Certification
2/6
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Denyss. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
73314 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now