AQSA Certification Questions and
answers | With complete solution
2024/25 RATED A+
PCI SSC - is an independent industry standards body providing oversights of the
development and management of Payment Card Industry Data Security Standards on a
global basis.
What are the founding payment brands? - American express, Discover, JCB,
Mastercard, and VISA
What define the merchant levels? - defined by the payment brands, based on
transaction volume. Transaction volume determined by the acquirer)
What define the service provider levels? - Defined by the payment brands according
to transaction volume and/or type of service provider. Determined by the payment brans
or acquirer, or sometimes the service provider.
SAQ-A - Card-not-present merchants (e-commerce or mail/telephone-order) that
have fully outsourced all cardholder data functions to PCI DSS validated third-part
service providers, with no electronic storage, processing, or transmission of any
cardholder data on the merchant's systems or premises.
SAQ A-EP - E-commerce merchants who outsource all payment processing to PCI
DSS validated third parties, and who have a website(s) that doesn't directly receive
cardholder data but that can impact the security of the payment transaction. No
electronic storage, processing, or transmission of any cardholder data on the
merchant's systems or premises.
SAQ-B - Merchants using only:
- Imprint machines with no electronic cardholder data storage; and/or
- Standalone, dial-out terminals with no electronic cardholder data storage.
SAQ-B-IP - Merchants using only stand-alone, PTS-approved payment terminals with
an IP connection to the payment processor, with no electronic cardholder data storage.
Not applicable to e-commerce channels.
SAQ C-VT - is for merchants using only web-based virtual payment terminals, where
cardholder data is manually entered into a secure website from a single system.
, SAQ-C - is for merchants with dedicated payment application systems segmented
from all other systems, and connected to the Internet for the purposes of transaction
processing. SAQ C is not applicable to e-commerce payment channels. A merchant
only accepts payments via the telephone and they enter the cardholder data directly into
a webpage provided by their acquirer.
PCI DSS - covers security of the environments that store, process, or transmit
account data. The scope of PCI DSS covers environments receiving account data from
payment applications and other sources—acquirers, for example.
PCI PA-DSS - covers secure payment applications to support PCI DSS compliance.
The scope of PA-DSS addresses when a payment application receives account data
from cardholder-interface devices such as point-of sale-terminals or other devices and
begins the payment transaction.
PCI P2PE (Point-to-Point Encryption) - covers secure encryption, decryption, and key
management for point-to-point encryption solutions. Requirements for a P2PE solution
will vary depending on the deployment environment and the technologies used for a
specific implementation.
PCI PTS (PIN Transaction Security) POI - covers device tamper detection,
cryptographic processes, and other mechanisms used to protect the PIN and other
sensitive data, such as cryptographic keys. The PTS set of requirements addresses
how cardholder PINs are protected at cardholder-interface devices such as point-of-sale
terminals, as well as hardware security modules that are used for payment processing
and cardholder authentication applications and processes.
PCI PIN Security - covers secure management, processing, and transmission of
personal identification number (PIN) data during online and offline payment card
transaction processing.
PCI PTS HSM standard - covers the design of hardware security modules and for
securely protecting those devices until they are deployed.
Card Production standards - establish minimum security levels for card vendors
involved in payment card manufacturing, card personalization, pre-personalization, chip
embedding, data preparation , and fulfillment.
Discover Compliance Program is called ______________. - Information Security
Compliance
JCB Compliance Program is called ______________. - Data Security Program
MasterCard Compliance Program is called ______________. - Site Data Protection
answers | With complete solution
2024/25 RATED A+
PCI SSC - is an independent industry standards body providing oversights of the
development and management of Payment Card Industry Data Security Standards on a
global basis.
What are the founding payment brands? - American express, Discover, JCB,
Mastercard, and VISA
What define the merchant levels? - defined by the payment brands, based on
transaction volume. Transaction volume determined by the acquirer)
What define the service provider levels? - Defined by the payment brands according
to transaction volume and/or type of service provider. Determined by the payment brans
or acquirer, or sometimes the service provider.
SAQ-A - Card-not-present merchants (e-commerce or mail/telephone-order) that
have fully outsourced all cardholder data functions to PCI DSS validated third-part
service providers, with no electronic storage, processing, or transmission of any
cardholder data on the merchant's systems or premises.
SAQ A-EP - E-commerce merchants who outsource all payment processing to PCI
DSS validated third parties, and who have a website(s) that doesn't directly receive
cardholder data but that can impact the security of the payment transaction. No
electronic storage, processing, or transmission of any cardholder data on the
merchant's systems or premises.
SAQ-B - Merchants using only:
- Imprint machines with no electronic cardholder data storage; and/or
- Standalone, dial-out terminals with no electronic cardholder data storage.
SAQ-B-IP - Merchants using only stand-alone, PTS-approved payment terminals with
an IP connection to the payment processor, with no electronic cardholder data storage.
Not applicable to e-commerce channels.
SAQ C-VT - is for merchants using only web-based virtual payment terminals, where
cardholder data is manually entered into a secure website from a single system.
, SAQ-C - is for merchants with dedicated payment application systems segmented
from all other systems, and connected to the Internet for the purposes of transaction
processing. SAQ C is not applicable to e-commerce payment channels. A merchant
only accepts payments via the telephone and they enter the cardholder data directly into
a webpage provided by their acquirer.
PCI DSS - covers security of the environments that store, process, or transmit
account data. The scope of PCI DSS covers environments receiving account data from
payment applications and other sources—acquirers, for example.
PCI PA-DSS - covers secure payment applications to support PCI DSS compliance.
The scope of PA-DSS addresses when a payment application receives account data
from cardholder-interface devices such as point-of sale-terminals or other devices and
begins the payment transaction.
PCI P2PE (Point-to-Point Encryption) - covers secure encryption, decryption, and key
management for point-to-point encryption solutions. Requirements for a P2PE solution
will vary depending on the deployment environment and the technologies used for a
specific implementation.
PCI PTS (PIN Transaction Security) POI - covers device tamper detection,
cryptographic processes, and other mechanisms used to protect the PIN and other
sensitive data, such as cryptographic keys. The PTS set of requirements addresses
how cardholder PINs are protected at cardholder-interface devices such as point-of-sale
terminals, as well as hardware security modules that are used for payment processing
and cardholder authentication applications and processes.
PCI PIN Security - covers secure management, processing, and transmission of
personal identification number (PIN) data during online and offline payment card
transaction processing.
PCI PTS HSM standard - covers the design of hardware security modules and for
securely protecting those devices until they are deployed.
Card Production standards - establish minimum security levels for card vendors
involved in payment card manufacturing, card personalization, pre-personalization, chip
embedding, data preparation , and fulfillment.
Discover Compliance Program is called ______________. - Information Security
Compliance
JCB Compliance Program is called ______________. - Data Security Program
MasterCard Compliance Program is called ______________. - Site Data Protection
