Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Payments > PCI DSS > Flashcards

PCI DSS Flashcards

1
Q

PCI DSS

A
  • Payment Card Industry Security Standard
  • Around since 2006
  • Aims to protect cardholder information

“It’s a set of technical and operational requirements intended to protect account data, combat fraud and reduce the chances of a data breach”

  • Developed by the PCI Standards Security Council (PCI SSC)

“Applies to all organizations who store, process or transmit cardholder information”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Acquirer Responsibility

A

Acquirers are responsible for ensuring the PCI compliance of their merchant portfolios

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Requirements

A

The PCI DSS has 12 requirements classified into six goals, which cover all aspects of card data security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Compliance Validation

A

May be done either through self-assessment, or by engaging with an accredited third party

  • Quality Security Assessor (QSA)
  • Internal Security Assessor (ISA)

When compliance validation is performed by a QSA or ISA, a Report on Compliance (ROC) is produced

  • An additional validation require- ment applies to e-commerce merchants where they must also complete (where applicable) a quarterly network vulnerability scan performed by an Accredited Scanning Vendor (ASV)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SAQ

A

“When compliance validation is performed through self-assessment, a Self-Assessment Questionnaire (SAQ) must be completed”

  • Several options, depending on the type and size of the merchant
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Visa Merchant Level 1

A
  • Annual ROC by QSA
  • Quarterly network scan by Approved Scan Vendor
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Storage

A

Sensitive authentication data (which includes the card verification values) must not be stored post-authorisation

  • When it coms to the CVV2, we have seen far too many data breaches at e-commerce merchants where criminals were able to get hold of this piece of data, which is intended for the eyes of the cardholder only
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Adyen’s Role in PCI DSS Compliance

A

“Adyen offers integrations that handle most of the PCI DSS requirements”

  • The simplest way for you to be PCI compliant is to use our encrypted solutions—you never see and never have access to unencrypted cardholder data
  • However, because you accept credit card payments on your website, your app, or in your physical store, your integration with Adyen does not completely eliminate your PCI scope

Adyen Responsibility
- Adyen is solely responsible for the security of cardholder data
- After Adyen receives your shoppers’ cardholder data, the data is contained in a PCI DSS Level 1 Service Provider Cardholder Data Environment

Merchant Responsibility
- You are responsible for making sure that cardholder data is secure and protected before the data reaches Adyen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

One actor is allowed to store sensitive authentication data post authorisation…

A

and that is the issuer.

  • It is logical, after all, because they are the ASPSP and responsible for managing the card account. As such, they need all of the card account data, but they are subject to ad- ditional PCI DSS requirements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Payments (20 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions