PCIP Study questions

How is skimming used to target PCI data? - Answer- Copying payment card numbers by tampering with POS devices, ATMs, Kiosks or copying the magnetic stripe using handheld skimmers. How is phishing used to target PCI data? - Answer- By doing reconnaissance work through social engineering and or breaking in using software vulnerabilities or e-mails. How can Payment Data be Monetized? - Answer- By skimming the card to get the full track of data, and then making another like card. Using the card information in a "Card-not-present transactions such as e-commerce or mail order, Telephone order. Card data is also sold in bulk to other criminals who perform their own fraud using the stolen data. Who all are targeted ? - Answer- Retail, Food and Beaverage, Hospitality, Financial Services, non-profit. EVERYONE! What is the PCI SSC ? - Answer- Payment Card Industry Security Service Counsel is an independent industry standards body providing oversight of the development and management of Payment Card Industry Data Security Standards on a global basis. What are some of the PCI SSC founding payment brands. - Answer- American Express, Discover Financial, JCB International, Master Card, Visa inc. What are the Resources provided by the PCI SSC? - Answer- PCI DSS, PA-DSS, P2PE, PTS (POI, HSM and PIN) Card Production, and supporting documents. Roster of QSAs, PA-QSAs, PCIPs, ASVs, validated payment applications, PTS Devices, and P2PE solutions