Garantie de satisfaction à 100% Disponible immédiatement après paiement En ligne et en PDF Tu n'es attaché à rien
logo-home
PCI ISA Fundamentals Questions and Answers 100% Solved 12,69 €   Ajouter au panier

Examen

PCI ISA Fundamentals Questions and Answers 100% Solved

 4 vues  0 fois vendu
  • Cours
  • Pci
  • Établissement
  • Pci

PCI ISA Fundamentals

Aperçu 4 sur 89  pages

  • 31 octobre 2024
  • 89
  • 2024/2025
  • Examen
  • Questions et réponses
  • Pci
  • Pci
avatar-seller
PCI ISA Fundamentals

Methods identified as being used to remove stolen data from the environments: -
answer- Use of stolen credentials to access the POS environment
- Outdated patches or poor system patching processes
- The use of default or static vendor credentials / brute force
- POS skimming malware being installed on POS controllers
- POI physical skimming devices

95% of breaches feature - answer The use of stolen credentials leveraging vendor
remote access to hack into customers POS environments.

Skimming - answerCopying payment card numbers either by tampering with:

- POS Devices
- ATMs
- Kiosks

Or by copying the card's magnetic stripe manually using handheld skimmers.

Phishing - answerReconnaissance
- Information gathering from various online sources and social networking sites
- Business applications and software

Social Engineering
- Phishing emails or messages coming from a target's social network
- Phone call from an assumed known entity

Break-In
- Delivery through email
- Software vulnerabilities

Common methods for monetizing stolen card data: - answer- Skimmed full track data
and transaction information used to replicate a physical payment card, which can then
be used for fraudulent transactions in face-to-face environments, or ATM transactions

- Captured cardholder data is used where card-not-present transactions are accepted,
such as e-commerce or mail-order / telephone order (MO/TO) transactions

- Stolen cardholder data and sensitive authentication data are sold in bulk to other
criminals who perform their own fraud using the stolen data

Commonly targeted industries - answer- Retail - 45% of breaches

,- Food and Beverage - 24% of breaches
- Hospitality - 9% of breaches
- Financial Services - 7% of breaches
- Nonprofit - 3%

PCI SSC founding payment brands include: - answer- American Express
- Discover Financial
- JCB International
- MasterCard
- Visa, Inc.

PCI DSS: - answerCovers security of the environments that store, process, or transmit
account data

- Environments receive account data from payment applications and other sources
(e.g., acquirers)

PCI PA-DSS - answerCovers secure payment applications to support PCI DSS
compliance

Payment application receives account data from PIN-entry devices (PEDs) or other
devices and begins payment transaction

PCI P2PE - answerCovers encryption, decryption, and key management requirements
for point-to-point encryption solutions

PCI PTS - POI - answerCovers the protection of sensitive data at point-of-interaction
devices and their secure components, including cardholder PINs and account data, and
the cryptographic keys used in connection with the protection of that cardholder data

PCI PTS - PIN Security - answerCovers secure management, processing and
transmission of personal identificationnumber (PIN) data during online and offline
payment card transaction processing

PCI PTS - HSM - answerCovers physical, logical and device security requirements for
securing Hardware Security
Modules (HSM)

PCI Card Production - answerCovers physical and logical security requirements for
systems and business processes

PA-DSS applies to third party payment applications if? - answerAn application performs
authorization and/or settlement (POS, shopping carts, etc.)

PA-DSS ensures a payment application can function in a PCI DSS compliant manner -
answer- To support the PCI DSS compliance of those that use the application

,- Use of a PA-DSS application alone does not guarantee PCI DSS compliance

Are PA-DSS applications in scope for PCI DSS? - answerYes

PA DSS assessor must validate that payment application is installed: - answer- Per
instructions in the PA-DSS Implementation Guide provided by payment application
vendor
- In a PCI DSS compliant manner

A PCI P2PE solution must include all of the following: - answer- Secure encryption of
payment card data at the point-of-interaction (POI)
- Validated application(s) at the point-of-interaction
- Secure management of encryption and decryption devices
- Management of the decryption environment and all decrypted account data
- Use of secure encryption methodologies and cryptographic key operations, including
key generation, distribution, loading/injection, administration and usage

Merchants may be able to reduce their PCI DSS scope when using Council-listed P2PE
solutions - answer- Merchant has no access to account data within encryption device
(POI) or decryption environment (at Solution Provider)

- Merchant has no involvement in encryption or decryption operations, or cryptographic
key management

- All cryptographic operations managed by third party Solution Provider

PTS requirements apply to: - answerPoint of Interaction (POI) devices; Encrypting PIN
Pads (EPP); Point of Sale devices (POS); Hardware (or host) Security Modules (HSMs);
Unattended Payment Terminals, (UPTs) and non-PIN Entry module

The PTS program ensures - answerTerminals cannot be manipulated or attacked to
allow the capture of Sensitive Authentication data, nor allow access to clear-text PINs or
Keys

The Secure Read and Exchange Module, (SRED) - answerAllows terminals to be
approved for the secure encryption of cardholder data as part of the Point to Point
Encryption program

PTS has been extended to allow - answerNon-PIN entry modules to be evaluated
against the SRED module to allow secure encryption at the point of interaction for non-
chip and PIN cards

PCI PIN Security Requirements - answerThese requirements provide for secure PIN:
- management
- processing
- transmission

, Protection of personal identification number (PIN) data during online and offline
payment card transaction processing at:
- ATMs
- attended point-of-sale (POS) terminals
- unattended point-of-sale (POS) terminals

The requirements also provide guidance on key management and key handling
associated with the PIN

PCI PTS - POI and PCI DSS - answer- PCI DSS requires that account data be
protected both when stored and when transmitted across open, public networks
- PCI PTS POI validates how POIs protect PIN and account data and manage
cryptographic keys
- PCI PTS POI-approved devices may form part of a PCI DSS-compliant environment

PCI PTS - PIN Security Standard and PCI DSS - answer- PCI DSS prohibits storage of
encrypted PIN blocks
- No overlap

PCI Card Production and PCI DSS - answer- No overlap
- Procedures for assessing card production facilities are defined and managed by the
payment brands, not by PCI SSC

PCI PTS - HSM and PCI DSS - answer- PCI DSS requires that stored cardholder data
be protected and cryptographic keys be managed in a secure manner
- Use of a Hardware Security Module is not required by PCI DSS, but may help with
handling and managing keys used to protect stored cardholder data

Payment Industry Terminology - answerCardholder
- Customer purchasing goods either as a "Card Present" or "Card Not Present"
transaction
- Receives the payment card and bills from the issuer
Issuer
- Bank or other organization issuing a payment card on behalf of a Payment Brand (e.g.
MasterCard & Visa)
- Payment Brand issuing a payment card directly (e.g. Amex, Discover, JCB)
Merchant
- Organization accepting the payment card for payment during a purchase
Acquirer
- Bank or entity the merchant uses to process their payment card transactions
- Receive authorization request from merchant and forward to Issuer for approval
- Provide authorization, clearing and settlement services to merchants

Acquirer is also called:
- Merchant Bank

Les avantages d'acheter des résumés chez Stuvia:

Qualité garantie par les avis des clients

Qualité garantie par les avis des clients

Les clients de Stuvia ont évalués plus de 700 000 résumés. C'est comme ça que vous savez que vous achetez les meilleurs documents.

L’achat facile et rapide

L’achat facile et rapide

Vous pouvez payer rapidement avec iDeal, carte de crédit ou Stuvia-crédit pour les résumés. Il n'y a pas d'adhésion nécessaire.

Focus sur l’essentiel

Focus sur l’essentiel

Vos camarades écrivent eux-mêmes les notes d’étude, c’est pourquoi les documents sont toujours fiables et à jour. Cela garantit que vous arrivez rapidement au coeur du matériel.

Foire aux questions

Qu'est-ce que j'obtiens en achetant ce document ?

Vous obtenez un PDF, disponible immédiatement après votre achat. Le document acheté est accessible à tout moment, n'importe où et indéfiniment via votre profil.

Garantie de remboursement : comment ça marche ?

Notre garantie de satisfaction garantit que vous trouverez toujours un document d'étude qui vous convient. Vous remplissez un formulaire et notre équipe du service client s'occupe du reste.

Auprès de qui est-ce que j'achète ce résumé ?

Stuvia est une place de marché. Alors, vous n'achetez donc pas ce document chez nous, mais auprès du vendeur jw638729. Stuvia facilite les paiements au vendeur.

Est-ce que j'aurai un abonnement?

Non, vous n'achetez ce résumé que pour 12,69 €. Vous n'êtes lié à rien après votre achat.

Peut-on faire confiance à Stuvia ?

4.6 étoiles sur Google & Trustpilot (+1000 avis)

79223 résumés ont été vendus ces 30 derniers jours

Fondée en 2010, la référence pour acheter des résumés depuis déjà 14 ans

Commencez à vendre!
12,69 €
  • (0)
  Ajouter