PCI ASV - Module 3 questions well
answered
What is the role of payment brands ? - correct answer ✔✔ Each payment brand develops and
maintains its own PCI DSS compliance programs in accordance with its own security risk
management policies.
What are the different compliance programs of different payment brands ? - correct answer
✔✔ 1. American Express: Data Security Operating Policy (DSOP)
2. Discover: Discover Information Security Compliance (DISC)
3. JCB: Data Security Program
4. Mastercard: Site Data Protection (SDP)
5. Visa Inc: Cardholder Information Security Program (CISP)
6. Visa Europe: Account Information Security (AIS) Program
What does payment brand's compliance includes ? - correct answer ✔✔ Payment brands'
compliance programs include:
- Tracking and enforcement
- Penalties, fees, compliance deadlines
- Validation process and who needs to validate
- Approval and posting of compliant entities
- Definition of merchant and service provider levels
What are other things payment brands responsible for ? - correct answer ✔✔ 1. Defining rules
for forensic investigations and responding to account data compromises.
2. Monitoring and facilitating investigations of account data compromises to completion
, How are the merchant levels defined ? - correct answer ✔✔ Defined by the payment brands,
based on transaction volume. Here, the transaction volume is determined by the acquirer.
How are the service provider levels defined? - correct answer ✔✔ Defined by the payment
brands according to transaction volume and/or type of service provider. These are determined
by payment brands or acquirer or sometimes the service provider.
What are the different merchants level ? - correct answer ✔✔
What are the different service provider levels ? - correct answer ✔✔
Are small and medium size merchants allowed to self-assess? - correct answer ✔✔ Yes. Maybe.
Are small size service provider allowed to self-assess? - correct answer ✔✔ Yes, but they will
not be listed on payment brands' websites.
What are the problems faced while implementing SAQ (Self-Assessment Questionnaire) ? -
correct answer ✔✔ Small and Medium sized merchants may not have support from QSA and
also they sometimes do not have knowledgeable internal staff.
How can ASVs help in assisting small and medium size merchants? - correct answer ✔✔ ASVs
can assists by:
1. Identifying/documenting false positives.
2. Help with understanding scan report.
3. Reporting results to acquirer/other entity.
4. Help with understanding how to address a vulnerability.
answered
What is the role of payment brands ? - correct answer ✔✔ Each payment brand develops and
maintains its own PCI DSS compliance programs in accordance with its own security risk
management policies.
What are the different compliance programs of different payment brands ? - correct answer
✔✔ 1. American Express: Data Security Operating Policy (DSOP)
2. Discover: Discover Information Security Compliance (DISC)
3. JCB: Data Security Program
4. Mastercard: Site Data Protection (SDP)
5. Visa Inc: Cardholder Information Security Program (CISP)
6. Visa Europe: Account Information Security (AIS) Program
What does payment brand's compliance includes ? - correct answer ✔✔ Payment brands'
compliance programs include:
- Tracking and enforcement
- Penalties, fees, compliance deadlines
- Validation process and who needs to validate
- Approval and posting of compliant entities
- Definition of merchant and service provider levels
What are other things payment brands responsible for ? - correct answer ✔✔ 1. Defining rules
for forensic investigations and responding to account data compromises.
2. Monitoring and facilitating investigations of account data compromises to completion
, How are the merchant levels defined ? - correct answer ✔✔ Defined by the payment brands,
based on transaction volume. Here, the transaction volume is determined by the acquirer.
How are the service provider levels defined? - correct answer ✔✔ Defined by the payment
brands according to transaction volume and/or type of service provider. These are determined
by payment brands or acquirer or sometimes the service provider.
What are the different merchants level ? - correct answer ✔✔
What are the different service provider levels ? - correct answer ✔✔
Are small and medium size merchants allowed to self-assess? - correct answer ✔✔ Yes. Maybe.
Are small size service provider allowed to self-assess? - correct answer ✔✔ Yes, but they will
not be listed on payment brands' websites.
What are the problems faced while implementing SAQ (Self-Assessment Questionnaire) ? -
correct answer ✔✔ Small and Medium sized merchants may not have support from QSA and
also they sometimes do not have knowledgeable internal staff.
How can ASVs help in assisting small and medium size merchants? - correct answer ✔✔ ASVs
can assists by:
1. Identifying/documenting false positives.
2. Help with understanding scan report.
3. Reporting results to acquirer/other entity.
4. Help with understanding how to address a vulnerability.
