PCI DSS QSA || 100% Error-free Answers.
Who is Acquirer correct answers Also referred to as "merchant bank," "acquiring bank," or
"acquiring financial institution". Entity, typically a financial institution, that processes
payment card transactions for merchants and is defined by a payment brand as an acquirer.
Acquirers are subject to payment brand rules and procedures regarding merchant compliance
AOC correct answers Acronym for "attestation of compliance". The AOC is a form for
merchants and service providers to attest to the results of a PCI DSS assessment, as
documented in the Self-Assessment Questionnaire or Report on Compliance
ASV correct answers Acronym for "approved Scanning Vendor". Company approved by the
PCI SSC to conduct external vulnerability scanning services.
What is Authorization? correct answers Cardholder swipes card at merchant, acquirer asks
payment brand network to determine issuer, issuer approves purchase, payment network
sends the approval to acquirer, acquirer sends approval to merchant, merchant displays
"approved" and completes purchase.
What is Settlement? correct answers Issuer determines acquirer via payment network, issuer
sends payment to acquirer, acquirer pay merchant for cardholder's purchases, issuer bills the
cardholder.
Who is Service Provider? correct answers A business that is not a payment brand, directly
involved in the processing, storage or transmission of cardholder data on behalf of another
entity.
SAQ A correct answers Card not Present (e commerce or MO/TO) merchants, all cardholder
data functions outsourced to compliant service providers.
SAQ A-EP correct answers Applies to E-Commerce merchants who outsoruce all payment
processing to PCI DSS validated third parties, and who have website(s) that doesn't directly
receive cardholder data but that can impact the security of the payment transaction. No
electronic storage, processing or transmission of any cardholder data on the merchants
systems and premises.
SAQ B correct answers Applies to Imprint only merchants with no electronic cardholder data
storage or standalone, dial out terminal merchants with no electronic cardholder data storage.
SAQ B-IP correct answers Used for merchants who process payments via standalone PTS-
approved point-of-interaction (POI) devices with an IP connection to the payment processor
with no electronic cardholder data storage.
SAQ C-VT correct answers Merchants using only web based virtual payment terminals, with
no electronic cardholder data storage.
SAQ C correct answers Applies to merchants with segmented payment application systems
connected to the internet, with no electronic cardholder data storage.
, SAQ P2PE correct answers Merchants who have implemented a validated P2PE solution taht
is listed on the website, with no electronic cardholder data storage.
SAQ D correct answers Applies to any merchants who do not meet the criteria for other
SAQs, as well as all service providers.
Truncation correct answers Method of rendering the full PAN unreadable by permanently
removing a segment of PAN data
QIR correct answers Qualified Integrator or Reseller
Network Segmentation correct answers Isolates system components that store, process, or
transmit cardholder data from system components that store, process, or transmit cardholder
data from systems that do not.
Merchant correct answers Defined as any entity that accepts payment cards bearing the logos
of any of the five members of PCISSC as payment for goods or services.
Masking correct answers A method of concealing a segment of data when displayed or
printed
Issuer correct answers Entity that issues payment cards or performs, facilitates, or supports
issuing services including but not limited to issuing banks and issuing processors.
Card Skimmer correct answers A physical device, often attached to legitimate card-reading
device, designed to illegitimately capture and/or store the information from a payment card.
How many characters are on Track 2 correct answers Up to 40
How many characters are on Track 1 correct answers Up to 79
Requirement 1 correct answers Install and maintain a firewall configuration to protect
cardholder data
Requirement 2 correct answers Do not use vendor-supplied defaults for system passwords
and other security parameters
Requirement 3 correct answers Protect stored cardholder data
Requirement 4 correct answers Encrypt transmission of cardholder data across open, public
networks
Requirement 5 correct answers Protect all systems against malware and regularly update anti-
virus software or programs
Requirement 6 correct answers Develop and maintain secure systems and applications
Requirement 7 correct answers Restrict access to cardholder data by business need to know
Requirement 8 correct answers Identify and authenticate access to system components
Who is Acquirer correct answers Also referred to as "merchant bank," "acquiring bank," or
"acquiring financial institution". Entity, typically a financial institution, that processes
payment card transactions for merchants and is defined by a payment brand as an acquirer.
Acquirers are subject to payment brand rules and procedures regarding merchant compliance
AOC correct answers Acronym for "attestation of compliance". The AOC is a form for
merchants and service providers to attest to the results of a PCI DSS assessment, as
documented in the Self-Assessment Questionnaire or Report on Compliance
ASV correct answers Acronym for "approved Scanning Vendor". Company approved by the
PCI SSC to conduct external vulnerability scanning services.
What is Authorization? correct answers Cardholder swipes card at merchant, acquirer asks
payment brand network to determine issuer, issuer approves purchase, payment network
sends the approval to acquirer, acquirer sends approval to merchant, merchant displays
"approved" and completes purchase.
What is Settlement? correct answers Issuer determines acquirer via payment network, issuer
sends payment to acquirer, acquirer pay merchant for cardholder's purchases, issuer bills the
cardholder.
Who is Service Provider? correct answers A business that is not a payment brand, directly
involved in the processing, storage or transmission of cardholder data on behalf of another
entity.
SAQ A correct answers Card not Present (e commerce or MO/TO) merchants, all cardholder
data functions outsourced to compliant service providers.
SAQ A-EP correct answers Applies to E-Commerce merchants who outsoruce all payment
processing to PCI DSS validated third parties, and who have website(s) that doesn't directly
receive cardholder data but that can impact the security of the payment transaction. No
electronic storage, processing or transmission of any cardholder data on the merchants
systems and premises.
SAQ B correct answers Applies to Imprint only merchants with no electronic cardholder data
storage or standalone, dial out terminal merchants with no electronic cardholder data storage.
SAQ B-IP correct answers Used for merchants who process payments via standalone PTS-
approved point-of-interaction (POI) devices with an IP connection to the payment processor
with no electronic cardholder data storage.
SAQ C-VT correct answers Merchants using only web based virtual payment terminals, with
no electronic cardholder data storage.
SAQ C correct answers Applies to merchants with segmented payment application systems
connected to the internet, with no electronic cardholder data storage.
, SAQ P2PE correct answers Merchants who have implemented a validated P2PE solution taht
is listed on the website, with no electronic cardholder data storage.
SAQ D correct answers Applies to any merchants who do not meet the criteria for other
SAQs, as well as all service providers.
Truncation correct answers Method of rendering the full PAN unreadable by permanently
removing a segment of PAN data
QIR correct answers Qualified Integrator or Reseller
Network Segmentation correct answers Isolates system components that store, process, or
transmit cardholder data from system components that store, process, or transmit cardholder
data from systems that do not.
Merchant correct answers Defined as any entity that accepts payment cards bearing the logos
of any of the five members of PCISSC as payment for goods or services.
Masking correct answers A method of concealing a segment of data when displayed or
printed
Issuer correct answers Entity that issues payment cards or performs, facilitates, or supports
issuing services including but not limited to issuing banks and issuing processors.
Card Skimmer correct answers A physical device, often attached to legitimate card-reading
device, designed to illegitimately capture and/or store the information from a payment card.
How many characters are on Track 2 correct answers Up to 40
How many characters are on Track 1 correct answers Up to 79
Requirement 1 correct answers Install and maintain a firewall configuration to protect
cardholder data
Requirement 2 correct answers Do not use vendor-supplied defaults for system passwords
and other security parameters
Requirement 3 correct answers Protect stored cardholder data
Requirement 4 correct answers Encrypt transmission of cardholder data across open, public
networks
Requirement 5 correct answers Protect all systems against malware and regularly update anti-
virus software or programs
Requirement 6 correct answers Develop and maintain secure systems and applications
Requirement 7 correct answers Restrict access to cardholder data by business need to know
Requirement 8 correct answers Identify and authenticate access to system components
