PCI ISA Fundamentals Exam Test 2023

1. Methods identified as being used to remove stolen data from the environments:: - Use of stolen credentials to access the POS environment - Outdated patches or poor system patching processes - The use of default or static vendor credentials / brute force - POS skimming malware being installed on POS controllers - POI physical skimming devices 2. 95% of breaches feature: The use of stolen credentials leveraging vendor remote access to hack into customers POS environments. 3. Skimming: Copying payment card numbers either by tampering with: - POS Devices - ATMs - Kiosks Or by copying the card's magnetic stripe manually using handheld skimmers. 4. Phishing: Reconnaissance - Information gathering from various online sources and social networking sites - Business applications and software Social Engineering - Phishing emails or messages coming from a target's social network - Phone call from an assumed known entity Break-In - Delivery through email - Software vulnerabilities 5. Common methods for monetizing stolen card data:: - Skimmed full track data and transaction information used to replicate a physical payment card, which can then be used for fraudulent transactions in face-to-face environments, or ATM transactions - Captured cardholder data is used where card-not-present transactions are ac- cepted, such as e-commerce or mail-order / telephone order (MO/TO) transactions - Stolen cardholder data and sensitive authentication data are sold in bulk to other criminals who perform their own fraud using the stolen data