PCIP Study Guide 2017 updated to pass
PA-DSS
Payment Application Data Security Standard (POS, shopping carts, etc.)
PTS (POI)
Pin Transaction Security Point of Interaction Standard (Attended and Unattended Devices)
HSM (PIN)
Hardware Security Module Pin Standard (not required but may assist...
PCIP Study Guide 2017 updated to pass
PA-DSS
Payment Application Data Security Standard (POS, shopping carts, etc.)
PTS (POI)
Pin Transaction Security Point of Interaction Standard (Attended and Unattended
Devices)
HSM (PIN)
Hardware Security Module Pin Standard (not required but may assist in becoming
compliant)
P2PE
Point to Point Encryption Standard (Most helpful standard to reduce scope)
SRED
Secure Read and Exchange Module allows terminals to be approved for secure
encryption of cardholder data.
POI Examples
Attended : Cash Registers
Unattended Encrypted PIN Pads : ATM
Unattended Payment Terminals : Gas Pump
PCI PIN Security Requirements
Management
Processing
Transmission
Payment Card Flow
Cardholder presents card -> Acquirer asks payment brand to determine issuer ->
Payment brand network determines issuer and requests approval-> Issuer approves
purchase-> Payment brand network sends approval to the acquirer -> Acquirer sends
approval to merchant-> Cardholder completes purchase and receives receipt.
Aquirer (Also Called?)
-Merchant Bank
-Independent Sale Organization (ISO)
-Payment Brand (Amex, Discover, JCB)
-Never Visa or Mastercard
Payment Card Flow (Clearing)
Acquirer sends purchase information to the payment brand network -> payment brand
network sends purchase information to the issuer -> issuer prepares data for cardholder
statement -> payment brand network provides complete reconciliation to acquirer.
Payment Card Flow (Settlement)
Issuer determines acquirer via the payment brand network -> Issuer sends payment to
acquirer -> Acquirer pays merchant for cardholders purchase -> Issuer bills cardholder
Service Provider
A business that is not a payment brand, directly involved in the processing, storage or
transmission of cardholder data on behalf of another entity. Sometimes a service
provider is a merchant.
QIR's
, Qualified Integrators and Resellers
-Assure quality and provide feedback
What QIR's do?
-Implementing applications into a merchant environment
-Integrating applications into new software or systems.
-Configuring the payment application
-Servicing payment applications to provide troubleshooting/remote updates or support.
PA-DSS Implementation Guide
-What the QIR uses in order to implement a PCI DSS compliant payment application
into a CDE environment.
-After installation the QIR creates an implementation statement and gives it to the
customer for their signature.
CID
Card Identification Number (American Express)
CAV2/CID/CVC2/CW2
Card specific code on back of card (Discover, JCB, Mastercard, Visa)
Cardholder Data
-PAN
-Cardholder Name
-Expiration Date
-Service Code
Sensitive Authentication Data
-Full magnetic stripe data or chip data
-CAV2/CVC2/CVV2/CID
-PINs/PIN blocks
-Cannot be stored after authorization
Track 1 Data
Contains all fields of Both Track 1 and Track 2
-Length up to 79 characters.
Track 2 Data
Provides shorter processing time for older dial up transmissions.
-Length up to 40 characters
Inventorying Cardholder Environment
-System Name
-Cardholder data stored
-Reason for storage
-Retention period
-Protection mechanism.
Is storing track data permitted after authorization?
No
PCI DSS Goals
-Build and maintain a secure network and systems
-Protect Cardholder Data
-Maintain a vulnerability management program
-Implement strong access control measures
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller magdamwikash23. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.