AQSA CERTIFICATION EXAM QUESTIONS WITH VERIFIED
ANSWERS 2024-2025
PCI SSC - ANSWER is an independent industry standards group that oversees the
creation and management of Payment Card Industry Data Security Standards on a
global scale.
What are the original payment brands? - ANSWER American Express, Discover,
JCB, MasterCard, and Visa
What determines the merchant levels? - ANSWER determined by payment brands
depending on transaction volume. Transaction volume is determined by the
acquirer.
What determines the service provider levels? - ANSWER Payment brands define
these terms based on transaction volume and/or service provider type. Determined
by the payment processor, acquirer, or, in some cases, service provider.
SAQ-A - ANSWER Card-not-present merchants (e-commerce or mail/telephone
order) that have completely outsourced all cardholder data functions to PCI DSS
validated third-party service providers, with no cardholder data being electronically
stored, processed, or transmitted on the merchant's systems or premises.
SAQ A-EP - ANSWER E-commerce businesses that outsource all payment
processing to PCI DSS validated third parties and have website(s) that do not
directly receive cardholder data but may have an influence on payment transaction
security. No cardholder data is electronically stored, processed, or transmitted on
the merchant's systems or premises.
SAQ-B - ANSWER Merchants use only
- Imprint machines that do not store cardholder data electronically; and/or
,- Standalone dial-out terminals that do not save electronic cardholder data.
SAQ-B-IP - ANSWER Merchants that exclusively use stand-alone, PTS-approved
payment terminals with an IP connection to the payment processor and do not store
electronic cardholder data.
This is not relevant to e-commerce channels.
SAQ C-VT - ANSWER is for merchants who solely use web-based virtual
payment terminals and manually enter cardholder data into a secure website via a
single system.
SAQ-C - ANSWER is for merchants who have dedicated payment application
systems that are separate from other systems and connected to the Internet for
transaction processing. SAQ C does not apply to e-commerce payment channels. A
merchant exclusively accepts payments over the phone, and they enter cardholder
information straight into a webpage given by their acquirer.
PCI DSS - ANSWER addresses the security of environments that store, process, or
transport account data. The PCI DSS includes settings that receive account data
from payment applications and other sources, such as acquirers.
PCI PA-DSS - ANSWER addresses secure payment apps that support PCI DSS
compliance. The scope of PA-DSS includes when a payment application gets
account data from cardholder-interface devices such as point-of-sale terminals or
other devices and initiates a payment transaction.
PCI P2PE (Point-to-Point Encryption) - ANSWER addresses secure encryption,
decryption, and key management for point-to-point encryption systems. The
requirements for a P2PE solution vary based on the deployment environment and
the technologies utilized in a specific implementation.
PCI PTS (PIN Transaction Security) POI - ANSWER addresses device tamper
detection, cryptographic processes, and other measures for protecting PINs and
, other sensitive data, such as cryptographic keys. The PTS set of criteria specifies
how cardholder PINs are protected at cardholder-interface devices such as
point-of-sale terminals, as well as hardware security modules used in payment
processing and cardholder authentication applications.
PCI PIN Security - ANSWER addresses the secure administration, processing, and
transmission of personal identification number (PIN) data throughout online and
offline credit card transaction processing.
The PCI PTS HSM standard - ANSWER specifies how to develop hardware
security modules and safeguard those devices until they are deployed.
Card Production Standards - ANSWER establishes basic security standards for card
providers involved in payment card manufacture, personalization,
pre-personalization, chip embedding, data preparation, and fulfillment.
The Discover Compliance Program is named ____________. - ANSWER
Information Security Compliance.
The JCB Compliance Program is termed ______________. ANSWER Data
Security Program
The MasterCard Compliance Program is named ______________. - ANSWER Site
Data Protection.
The Visa Inc. Compliance Program is termed ______________. - ANSWER
Information Security Program.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Humat. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.