PCI DSS QSA Questions and Answers
Who is Acquirer
Also referred to as "merchant bank," "acquiring bank," or "acquiring financial institution". Entity, typically a financial institution, that processes payment card transactions for merchants and is defined by a payment brand as an acquirer. Acquir...
PCI DSS QSA Questions and
Answers
Who is Acquirer - answer Also referred to as "merchant bank," "acquiring bank," or
"acquiring financial institution". Entity, typically a financial institution, that processes
payment card transactions for merchants and is defined by a payment brand as an
acquirer. Acquirers are subject to payment brand rules and procedures regarding
merchant compliance
AOC - answer Acronym for "attestation of compliance". The AOC is a form for
merchants and service providers to attest to the results of a PCI DSS assessment, as
documented in the Self-Assessment Questionnaire or Report on Compliance
ASV - answer Acronym for "approved Scanning Vendor". Company approved by the
PCI SSC to conduct external vulnerability scanning services.
What is Authorization? - answer Cardholder swipes card at merchant, acquirer asks
payment brand network to determine issuer, issuer approves purchase, payment
network sends the approval to acquirer, acquirer sends approval to merchant, merchant
displays "approved" and completes purchase.
What is Settlement? - answer Issuer determines acquirer via payment network,
issuer sends payment to acquirer, acquirer pay merchant for cardholder's purchases,
issuer bills the cardholder.
Who is Service Provider? - answer A business that is not a payment brand, directly
involved in the processing, storage or transmission of cardholder data on behalf of
another entity.
SAQ A - answer Card not Present (e commerce or MO/TO) merchants, all
cardholder data functions outsourced to compliant service providers.
SAQ A-EP - answer Applies to E-Commerce merchants who outsoruce all payment
processing to PCI DSS validated third parties, and who have website(s) that doesn't
directly receive cardholder data but that can impact the security of the payment
transaction. No electronic storage, processing or transmission of any cardholder data on
the merchants systems and premises.
SAQ B - answer Applies to Imprint only merchants with no electronic cardholder data
storage or standalone, dial out terminal merchants with no electronic cardholder data
storage.
, SAQ B-IP - answer Used for merchants who process payments via standalone PTS-
approved point-of-interaction (POI) devices with an IP connection to the payment
processor with no electronic cardholder data storage.
SAQ C-VT - answer Merchants using only web based virtual payment terminals, with
no electronic cardholder data storage.
SAQ C - answer Applies to merchants with segmented payment application systems
connected to the internet, with no electronic cardholder data storage.
SAQ P2PE - answer Merchants who have implemented a validated P2PE solution
taht is listed on the website, with no electronic cardholder data storage.
SAQ D - answer Applies to any merchants who do not meet the criteria for other
SAQs, as well as all service providers.
Truncation - answer Method of rendering the full PAN unreadable by permanently
removing a segment of PAN data
QIR - answer Qualified Integrator or Reseller
Network Segmentation - answer Isolates system components that store, process, or
transmit cardholder data from system components that store, process, or transmit
cardholder data from systems that do not.
Merchant - answer Defined as any entity that accepts payment cards bearing the
logos of any of the five members of PCISSC as payment for goods or services.
Masking - answer A method of concealing a segment of data when displayed or
printed
Issuer - answer Entity that issues payment cards or performs, facilitates, or supports
issuing services including but not limited to issuing banks and issuing processors.
Card Skimmer - answer A physical device, often attached to legitimate card-reading
device, designed to illegitimately capture and/or store the information from a payment
card.
How many characters are on Track 2 - answer Up to 40
How many characters are on Track 1 - answer Up to 79
Requirement 1 - answer Install and maintain a firewall configuration to protect
cardholder data
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Pogba119. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £11.03. You're not tied to anything after your purchase.