Payment Card Industry Data Security
Standards (PCI DSS)
Payment Card Industry Data Security Standards (PCI DSS) is - ANS (PCI DSS) is a set
of requirements or security controls intended to ensure that all companies that process,
store, or transmit credit card information maintain a secure environment. In other words,
have the appropriate PCI DSS controls implemented.
T or F:
Purpose: PCI DSS ensures customers' debit or credit card information is secured.
It sets technical and operational requirements for the processing and acceptance of
payments and transactions. - ANS true
Origins of PCI DSS: - ANS In 2006, Visa, Mastercard, JCB International, Discover, and
American Express co-founded the Payment Card Industry (PCI) Security Standards
Council to help businesses and financial institutions protect themselves and others from
breaches, theft of cardholder data, and fraud.
These 5 credit card organizations together formed the Payment Card Industry Security
Standards Council, which is the governing body for PCI DSS.
T or F:
Current Version: PCI DS v 4.0 This is the newest version (came out in 2022)
Previous Version: PCI DS v 3.2.1 Most are still using this version (they will upgrade to
4.0 soon) - ANS true
Who has to comply with PCI-DSS: - ANS Merchants and service providers of all sizes
are responsible for maintaining compliance with PCI DSS.
Example: Online Retailers, Banks, and any other entity that processed credit card
transactions.
T or F:
The PCI Council defines 4 Levels of compliance organization need to follow. The levels
of PCI compliance for merchants are as follows:
Level 1: Process over 6 million transactions a year across all channels
Level 2: Between 1 and 6 million transactions annually across all channels
Level 3: Between 20,000 and 1 million online transactions annually
Level 4: Fewer than 20,000 online transactions a year, or any merchant processing up
to 1 million regular transactions per year - ANS true
Standards (PCI DSS)
Payment Card Industry Data Security Standards (PCI DSS) is - ANS (PCI DSS) is a set
of requirements or security controls intended to ensure that all companies that process,
store, or transmit credit card information maintain a secure environment. In other words,
have the appropriate PCI DSS controls implemented.
T or F:
Purpose: PCI DSS ensures customers' debit or credit card information is secured.
It sets technical and operational requirements for the processing and acceptance of
payments and transactions. - ANS true
Origins of PCI DSS: - ANS In 2006, Visa, Mastercard, JCB International, Discover, and
American Express co-founded the Payment Card Industry (PCI) Security Standards
Council to help businesses and financial institutions protect themselves and others from
breaches, theft of cardholder data, and fraud.
These 5 credit card organizations together formed the Payment Card Industry Security
Standards Council, which is the governing body for PCI DSS.
T or F:
Current Version: PCI DS v 4.0 This is the newest version (came out in 2022)
Previous Version: PCI DS v 3.2.1 Most are still using this version (they will upgrade to
4.0 soon) - ANS true
Who has to comply with PCI-DSS: - ANS Merchants and service providers of all sizes
are responsible for maintaining compliance with PCI DSS.
Example: Online Retailers, Banks, and any other entity that processed credit card
transactions.
T or F:
The PCI Council defines 4 Levels of compliance organization need to follow. The levels
of PCI compliance for merchants are as follows:
Level 1: Process over 6 million transactions a year across all channels
Level 2: Between 1 and 6 million transactions annually across all channels
Level 3: Between 20,000 and 1 million online transactions annually
Level 4: Fewer than 20,000 online transactions a year, or any merchant processing up
to 1 million regular transactions per year - ANS true
