PCIP EXAM ACTUAL EXAM 150 QUESTIONS AND
CORRECT ANSWERS/PAYMENT CARD INDUSTRY
PROFESSIONAL NEWEST EXAM (VERIFIED ANSWERS) |
AGRADE
PA-DSS - ANSWER: Payment Application Data Security Standard (POS, shopping carts,
etc.)
PTS (POI) - ANSWER: Pin Transaction Security Point of Interaction Standard
(Attended and Unattended Devices)
HSM (PIN) - ANSWER: Hardware Security Module Pin Standard (not required but may
assist in becoming compliant)
P2PE - ANSWER: Point to Point Encryption Standard (Most helpful standard to
reduce scope)
SRED - ANSWER: Secure Read and Exchange Module allows terminals to be approved
for secure encryption of cardholder data.
POI Examples - ANSWER: Attended : Cash Registers
Unattended Encrypted PIN Pads : ATM
Unattended Payment Terminals : Gas Pump
PCI PIN Security Requirements - ANSWER: Management
Processing
Transmission
Payment Card Flow - ANSWER: Cardholder presents card -> Acquirer asks payment
brand to determine issuer -> Payment brand network determines issuer and
requests approval-> Issuer approves purchase-> Payment brand network sends
approval to the acquirer -> Acquirer sends approval to merchant-> Cardholder
completes purchase and receives receipt.
Aquirer (Also Called?) - ANSWER: -Merchant Bank
-Independent Sale Organization (ISO)
-Payment Brand (Amex, Discover, JCB)
-Never Visa or Mastercard
Payment Card Flow (Clearing) - ANSWER: Acquirer sends purchase information to the
payment brand network -> payment brand network sends purchase information to
the issuer -> issuer prepares data for cardholder statement -> payment brand
network provides complete reconciliation to acquirer.
, Payment Card Flow (Settlement) - ANSWER: Issuer determines acquirer via the
payment brand network -> Issuer sends payment to acquirer -> Acquirer pays
merchant for cardholders purchase -> Issuer bills cardholder
Service Provider - ANSWER: A business that is not a payment brand, directly involved
in the processing, storage or transmission of cardholder data on behalf of another
entity. Sometimes a service provider is a merchant.
QIR's - ANSWER: Qualified Integrators and Resellers
-Assure quality and provide feedback
What QIR's do? - ANSWER: -Implementing applications into a merchant environment
-Integrating applications into new software or systems.
-Configuring the payment application
-Servicing payment applications to provide troubleshooting/remote updates or
support.
PA-DSS Implementation Guide - ANSWER: -What the QIR uses in order to implement
a PCI DSS compliant payment application into a CDE environment.
-After installation the QIR creates an implementation statement and gives it to the
customer for their signature.
CID - ANSWER: Card Identification Number (American Express)
CAV2/CID/CVC2/CW2 - ANSWER: Card specific code on back of card (Discover, JCB,
Mastercard, Visa)
Cardholder Data - ANSWER: -PAN
-Cardholder Name
-Expiration Date
-Service Code
Sensitive Authentication Data - ANSWER: -Full magnetic stripe data or chip data
-CAV2/CVC2/CVV2/CID
-PINs/PIN blocks
-Cannot be stored after authorization
Track 1 Data - ANSWER: Contains all fields of Both Track 1 and Track 2
-Length up to 79 characters.
Track 2 Data - ANSWER: Provides shorter processing time for older dial up
transmissions.
-Length up to 40 characters
Inventorying Cardholder Environment - ANSWER: -System Name
-Cardholder data stored
-Reason for storage
CORRECT ANSWERS/PAYMENT CARD INDUSTRY
PROFESSIONAL NEWEST EXAM (VERIFIED ANSWERS) |
AGRADE
PA-DSS - ANSWER: Payment Application Data Security Standard (POS, shopping carts,
etc.)
PTS (POI) - ANSWER: Pin Transaction Security Point of Interaction Standard
(Attended and Unattended Devices)
HSM (PIN) - ANSWER: Hardware Security Module Pin Standard (not required but may
assist in becoming compliant)
P2PE - ANSWER: Point to Point Encryption Standard (Most helpful standard to
reduce scope)
SRED - ANSWER: Secure Read and Exchange Module allows terminals to be approved
for secure encryption of cardholder data.
POI Examples - ANSWER: Attended : Cash Registers
Unattended Encrypted PIN Pads : ATM
Unattended Payment Terminals : Gas Pump
PCI PIN Security Requirements - ANSWER: Management
Processing
Transmission
Payment Card Flow - ANSWER: Cardholder presents card -> Acquirer asks payment
brand to determine issuer -> Payment brand network determines issuer and
requests approval-> Issuer approves purchase-> Payment brand network sends
approval to the acquirer -> Acquirer sends approval to merchant-> Cardholder
completes purchase and receives receipt.
Aquirer (Also Called?) - ANSWER: -Merchant Bank
-Independent Sale Organization (ISO)
-Payment Brand (Amex, Discover, JCB)
-Never Visa or Mastercard
Payment Card Flow (Clearing) - ANSWER: Acquirer sends purchase information to the
payment brand network -> payment brand network sends purchase information to
the issuer -> issuer prepares data for cardholder statement -> payment brand
network provides complete reconciliation to acquirer.
, Payment Card Flow (Settlement) - ANSWER: Issuer determines acquirer via the
payment brand network -> Issuer sends payment to acquirer -> Acquirer pays
merchant for cardholders purchase -> Issuer bills cardholder
Service Provider - ANSWER: A business that is not a payment brand, directly involved
in the processing, storage or transmission of cardholder data on behalf of another
entity. Sometimes a service provider is a merchant.
QIR's - ANSWER: Qualified Integrators and Resellers
-Assure quality and provide feedback
What QIR's do? - ANSWER: -Implementing applications into a merchant environment
-Integrating applications into new software or systems.
-Configuring the payment application
-Servicing payment applications to provide troubleshooting/remote updates or
support.
PA-DSS Implementation Guide - ANSWER: -What the QIR uses in order to implement
a PCI DSS compliant payment application into a CDE environment.
-After installation the QIR creates an implementation statement and gives it to the
customer for their signature.
CID - ANSWER: Card Identification Number (American Express)
CAV2/CID/CVC2/CW2 - ANSWER: Card specific code on back of card (Discover, JCB,
Mastercard, Visa)
Cardholder Data - ANSWER: -PAN
-Cardholder Name
-Expiration Date
-Service Code
Sensitive Authentication Data - ANSWER: -Full magnetic stripe data or chip data
-CAV2/CVC2/CVV2/CID
-PINs/PIN blocks
-Cannot be stored after authorization
Track 1 Data - ANSWER: Contains all fields of Both Track 1 and Track 2
-Length up to 79 characters.
Track 2 Data - ANSWER: Provides shorter processing time for older dial up
transmissions.
-Length up to 40 characters
Inventorying Cardholder Environment - ANSWER: -System Name
-Cardholder data stored
-Reason for storage
