Mastering PCI DSS

Questions and Answers

Which organization administers the Payment Card Industry Data Security Standard (PCI DSS)?

• American Express
• Payment Card Industry Security Standards Council (correct)
• Mastercard
• Visa

How often is validation of compliance with PCI DSS performed?

• Every 2 years
• Every quarter (correct)
• Every 6 months
• Every year

Which program was not one of the major card brands' security programs?

• Data Security Program
• Site Data Protection
• Data Security Operating Policy (correct)
• Cardholder Information Security Program

Which of the following is a method for validating compliance with PCI DSS?

All of the above (D)

What was the main purpose of creating the PCI DSS?

To reduce credit card fraud (B)

Flashcards are hidden until you start studying

Study Notes

PCI DSS Administration

• The Payment Card Industry Data Security Standard (PCI DSS) is administered by the Payment Card Industry Security Standards Council (PCI SSC).

Validation of Compliance

• Validation of compliance with PCI DSS is performed annually.

Major Card Brands' Security Programs

• The major card brands' security programs include Visa's Card Information Security Program (CISP), Mastercard's Site Data Protection (SDP), American Express's Data Security Operating Policy (DSOP), and Discover's Information Security and Compliance (DISC).
• The major card brands' security programs do not include the Security Breach Notification Program.

Methods for Validating Compliance

• One method for validating compliance with PCI DSS is an on-site assessment by a Qualified Security Assessor (QSA).

Purpose of PCI DSS

• The main purpose of creating the PCI DSS was to ensure that all companies that handle branded credit card information maintain a secure environment to protect sensitive cardholder data.