PCI – DSS Exam with Complete Solutions

PCI – DSS Exam with Complete Solutions -Customer purchasing goods either as a "Card Present" or Card Not Present" transaction -Receives the payment card and bills from the issuer - Answer ️️ -Cardholder -Primary Account Number (PAN) -Cardholder Name -Expiration Date -Service Code - Answer ️️ -Cardholder Data Include: -Full track data (Magnetic-stripe data or equivalent on a chip) -CAV2/CVC2/CVV2/CID -PINs/PIN blocks - Answer ️️ -Sensitive Authentication Data includes: American Express Discover JCB International MasterCard Visa - Answer ️️ -Payment Brand -Bank or other organization issuing a payment card on behalf of a Payment Brand (e.g. MasterCard & Visa) -Payment Brand issuing a payment card directly (e.g. Amex, Discover, JCB) - Answer ️️ - Issuer Organization accepting the payment card for payment during a purchase - Answer ️️ - Merchant *Bank or entity the merchant uses to process their payment card transactions *Receive authorization request from merchant and forward to Issuer for approval *Provide authorization, clearing, and settlement services to merchants *Acquirer is also called --Merchant Bank --ISO --Payment Brand -Amex, Discover, JCB --Never Visa or MasterCard - Answer ️️ -Acquirer *Acquirer is responsible for merchant compliance --Know payment brand compliance programs and how they apply to merchants --Ensure that their merchants understand PCI DSS compliance requirements and track compliance efforts --Manage Merchant communications *work with merchants until compliance has been validated --Merchants are not compliant until all applicable requirements have been met and validated --Acquirer is responsible for providing merchant compliance status to payment brands *Incur any liability that may result from non-compliance with payment brand compliance programs - Answer ️️ -Common Acquirer Responsibilities *A service provider is a business that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity. -Sometimes a service provider is a merchant *Service Provider also includes companies that provide services (to merchants, service providers, or other entities), which control or could impact the security of cardholder data - Answer ️️ -Service Providers 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters - Answer ️️ -Standard 1: Build and Maintain a Secure Network and Systems 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks - Answer ️️ -Standard 2: Protect Cardholder Data 5. Protect all systems against malware and regularly update anti-virus software or programs 6. Develop and maintain secure systems and applications - Answer ️️ -Standard 3: Maintain a Vulnerability Management Program 7. Restrict access to cardholder data by business need to know 8. Identify and authenticate access to system components 9. Restrict physical access to cardholder data - Answer ️️ -Standard 4: Implement Strong Access Control Measures 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes - Answer ️️ -Standard 5: Regularly Monitor and Test Networks 12. Maintain a policy that addresses information security for all personnel - Answer ️️ - Standard 6: Maintain an Information Security Policy Install and maintain a firewall configuration to protect cardholder data - Answer ️️ - Requirement 1 Do not use vendor-supplied defaults for system passwords and other security parameters - Answer ️️ -Requirement 2 Protect stored cardholder data - Answer ️️ -Requirement 3 Encrypt transmission of cardholder data across open, public networks - Answer ️️ - Requirement 4 Protect all systems against malware and regularly update anti-virus software or programs - Answer ️️ -Requirement 5 Develop and maintain secure systems and applications - Answer ️️ -Requirement 6 Restrict access to cardholder data by business need to know - Answer ️️ -Requirement 7 Identify and authenticate access to system components - Answer ️️ -Requirement 8 Restrict physical access to cardholder data - Answer ️️ -Requirement 9 Track and monitor all access to network resources and cardholder data - Answer ️️ - Requirement