PCIP - Chapter 3 - Types of Data on Payment Card fully
solved 2023
Data on a payment card
(1) Chip; (2) PAN; Cardholder data; (4) expiration date; (5) CID; Magnetic stripe; and (6)
CAV2/CID/CVC2/CW2 - for issuer)
Cardholder data includes these items
(1) Primary account number; (2) cardholder name; (3) expiration date; (4) Service code;
(5) Full magnetic stripe data; CAV2/CVC2/CVV2/CID and PINs or PIN blocks.
PCI DSS applies to the following
Whenever account data is stored, processed or transmitted which includes cardholder
data and sensitive authentication data.
(1) Many call all account data "Cardholder data."
(2) PCI DSS requirements are applicable wherever Primary Account Number (PAN), or
Sensitive Authentication Data (SAD) is stored, processed or transmitted.
(3) PCI DSS applies to all systems that provide security services or could impact the
security of account data.
(4) account data includes all information printed on the physical card and data on the
magnetic stripe or chip.
(5) SAD cannot be stored after authorization.
(6) Encrypting cardholder data or SAD does not remove it from PCI DSS Scope.
Magnetic stripes on payments cards use these
Two tracks:
(1) Track 1 contains all fields of Track 1 and Track 2 with a length of up to 79
characters.
(2) Track 2 is for older dial up transmissions and has shorter processing time with up to
40 characters.
Merchants may not store
(1) The track equivalent data following authorization - track equivalent data found on the
chip differs from the track data found on the magnetic stripe as the chip track data
contains a unique Chip CVV/CVC code.
Prevents criminals from producing cloned magnetic stripe cards
The chip track data contains a unique chip CVV/CVC code that prevents criminals from
producing cloned magnetic stripe cards from chip track data. -- AHHHHHH!!!!
BUT there is still enough information to allow criminals to use the data in card not
present fraud,
Cardholder Data Flow is Important Because
Data flows between and through applications, systems, and network infrastructure
devices - AS SUCH - it is important to document all cardholder data flows prior to
beginning any assessment activities.
==>An INVENTORY should be developed to identify all systems that store, process or
transmit cardholder data.
The INVENTORY
solved 2023
Data on a payment card
(1) Chip; (2) PAN; Cardholder data; (4) expiration date; (5) CID; Magnetic stripe; and (6)
CAV2/CID/CVC2/CW2 - for issuer)
Cardholder data includes these items
(1) Primary account number; (2) cardholder name; (3) expiration date; (4) Service code;
(5) Full magnetic stripe data; CAV2/CVC2/CVV2/CID and PINs or PIN blocks.
PCI DSS applies to the following
Whenever account data is stored, processed or transmitted which includes cardholder
data and sensitive authentication data.
(1) Many call all account data "Cardholder data."
(2) PCI DSS requirements are applicable wherever Primary Account Number (PAN), or
Sensitive Authentication Data (SAD) is stored, processed or transmitted.
(3) PCI DSS applies to all systems that provide security services or could impact the
security of account data.
(4) account data includes all information printed on the physical card and data on the
magnetic stripe or chip.
(5) SAD cannot be stored after authorization.
(6) Encrypting cardholder data or SAD does not remove it from PCI DSS Scope.
Magnetic stripes on payments cards use these
Two tracks:
(1) Track 1 contains all fields of Track 1 and Track 2 with a length of up to 79
characters.
(2) Track 2 is for older dial up transmissions and has shorter processing time with up to
40 characters.
Merchants may not store
(1) The track equivalent data following authorization - track equivalent data found on the
chip differs from the track data found on the magnetic stripe as the chip track data
contains a unique Chip CVV/CVC code.
Prevents criminals from producing cloned magnetic stripe cards
The chip track data contains a unique chip CVV/CVC code that prevents criminals from
producing cloned magnetic stripe cards from chip track data. -- AHHHHHH!!!!
BUT there is still enough information to allow criminals to use the data in card not
present fraud,
Cardholder Data Flow is Important Because
Data flows between and through applications, systems, and network infrastructure
devices - AS SUCH - it is important to document all cardholder data flows prior to
beginning any assessment activities.
==>An INVENTORY should be developed to identify all systems that store, process or
transmit cardholder data.
The INVENTORY
