AQSA CERTIFICATION EXAM 2025
QUESTIONS AND ANSWERS
PCI SSC - ANS is an independent industry standards body providing oversights of the
development and management of Payment Card Industry Data Security Standards on a global
basis.
What are the founding payment brands? - ANS American express, Discover, JCB, Mastercard,
and VISA
What define the merchant levels? - ANS defined by the payment brands, based on
transaction volume. Transaction volume determined by the acquirer)
What define the service provider levels? - ANS Defined by the payment brands according to
transaction volume and/or type of service provider. Determined by the payment brans or
acquirer, or sometimes the service provider.
SAQ-A - ANS Card-not-present merchants (e-commerce or mail/telephone-order) that have
fully outsourced all cardholder data functions to PCI DSS validated third-part service providers,
with no electronic storage, processing, or transmission of any cardholder data on the
merchant's systems or premises.
SAQ A-EP - ANS E-commerce merchants who outsource all payment processing to PCI DSS
validated third parties, and who have a website(s) that doesn't directly receive cardholder data
but that can impact the security of the payment transaction. No electronic storage, processing,
or transmission of any cardholder data on the merchant's systems or premises.
Copyright ©2025 BRIGHTSTARS ALL RIGHTS RESERVED 1
,SAQ-B - ANS Merchants using only:
- Imprint machines with no electronic cardholder data storage; and/or
- Standalone, dial-out terminals with no electronic cardholder data storage.
SAQ-B-IP - ANS Merchants using only stand-alone, PTS-approved payment terminals with an
IP connection to the payment processor, with no electronic cardholder data storage.
Not applicable to e-commerce channels.
SAQ C-VT - ANS is for merchants using only web-based virtual payment terminals, where
cardholder data is manually entered into a secure website from a single system.
SAQ-C - ANS is for merchants with dedicated payment application systems segmented from
all other systems, and connected to the Internet for the purposes of transaction processing.
SAQ C is not applicable to e-commerce payment channels. A merchant only accepts payments
via the telephone and they enter the cardholder data directly into a webpage provided by their
acquirer.
PCI DSS - ANS covers security of the environments that store, process, or transmit account
data. The scope of PCI DSS covers environments receiving account data from payment
applications and other sources—acquirers, for example.
PCI PA-DSS - ANS covers secure payment applications to support PCI DSS compliance. The
scope of PA-DSS addresses when a payment application receives account data from cardholder-
interface devices such as point-of sale-terminals or other devices and begins the payment
transaction.
PCI P2PE (Point-to-Point Encryption) - ANS covers secure encryption, decryption, and key
management for point-to-point encryption solutions. Requirements for a P2PE solution will vary
depending on the deployment environment and the technologies used for a specific
implementation.
Copyright ©2025 BRIGHTSTARS ALL RIGHTS RESERVED 2
, PCI PTS (PIN Transaction Security) POI - ANS covers device tamper detection, cryptographic
processes, and other mechanisms used to protect the PIN and other sensitive data, such as
cryptographic keys. The PTS set of requirements addresses how cardholder PINs are protected
at cardholder-interface devices such as point-of-sale terminals, as well as hardware security
modules that are used for payment processing and cardholder authentication applications and
processes.
PCI PIN Security - ANS covers secure management, processing, and transmission of personal
identification number (PIN) data during online and offline payment card transaction processing.
PCI PTS HSM standard - ANS covers the design of hardware security modules and for
securely protecting those devices until they are deployed.
Card Production standards - ANS establish minimum security levels for card vendors involved
in payment card manufacturing, card personalization, pre-personalization, chip embedding,
data preparation , and fulfillment.
Discover Compliance Program is called ______________. - ANS Information Security
Compliance
JCB Compliance Program is called ______________. - ANS Data Security Program
MasterCard Compliance Program is called ______________. - ANS Site Data Protection
Visa Inc. Compliance Program is called ______________. - ANS Information Security Program
Visa Europe Compliance Program is called ______________. - ANS Account Information
Security Program.
Copyright ©2025 BRIGHTSTARS ALL RIGHTS RESERVED 3
QUESTIONS AND ANSWERS
PCI SSC - ANS is an independent industry standards body providing oversights of the
development and management of Payment Card Industry Data Security Standards on a global
basis.
What are the founding payment brands? - ANS American express, Discover, JCB, Mastercard,
and VISA
What define the merchant levels? - ANS defined by the payment brands, based on
transaction volume. Transaction volume determined by the acquirer)
What define the service provider levels? - ANS Defined by the payment brands according to
transaction volume and/or type of service provider. Determined by the payment brans or
acquirer, or sometimes the service provider.
SAQ-A - ANS Card-not-present merchants (e-commerce or mail/telephone-order) that have
fully outsourced all cardholder data functions to PCI DSS validated third-part service providers,
with no electronic storage, processing, or transmission of any cardholder data on the
merchant's systems or premises.
SAQ A-EP - ANS E-commerce merchants who outsource all payment processing to PCI DSS
validated third parties, and who have a website(s) that doesn't directly receive cardholder data
but that can impact the security of the payment transaction. No electronic storage, processing,
or transmission of any cardholder data on the merchant's systems or premises.
Copyright ©2025 BRIGHTSTARS ALL RIGHTS RESERVED 1
,SAQ-B - ANS Merchants using only:
- Imprint machines with no electronic cardholder data storage; and/or
- Standalone, dial-out terminals with no electronic cardholder data storage.
SAQ-B-IP - ANS Merchants using only stand-alone, PTS-approved payment terminals with an
IP connection to the payment processor, with no electronic cardholder data storage.
Not applicable to e-commerce channels.
SAQ C-VT - ANS is for merchants using only web-based virtual payment terminals, where
cardholder data is manually entered into a secure website from a single system.
SAQ-C - ANS is for merchants with dedicated payment application systems segmented from
all other systems, and connected to the Internet for the purposes of transaction processing.
SAQ C is not applicable to e-commerce payment channels. A merchant only accepts payments
via the telephone and they enter the cardholder data directly into a webpage provided by their
acquirer.
PCI DSS - ANS covers security of the environments that store, process, or transmit account
data. The scope of PCI DSS covers environments receiving account data from payment
applications and other sources—acquirers, for example.
PCI PA-DSS - ANS covers secure payment applications to support PCI DSS compliance. The
scope of PA-DSS addresses when a payment application receives account data from cardholder-
interface devices such as point-of sale-terminals or other devices and begins the payment
transaction.
PCI P2PE (Point-to-Point Encryption) - ANS covers secure encryption, decryption, and key
management for point-to-point encryption solutions. Requirements for a P2PE solution will vary
depending on the deployment environment and the technologies used for a specific
implementation.
Copyright ©2025 BRIGHTSTARS ALL RIGHTS RESERVED 2
, PCI PTS (PIN Transaction Security) POI - ANS covers device tamper detection, cryptographic
processes, and other mechanisms used to protect the PIN and other sensitive data, such as
cryptographic keys. The PTS set of requirements addresses how cardholder PINs are protected
at cardholder-interface devices such as point-of-sale terminals, as well as hardware security
modules that are used for payment processing and cardholder authentication applications and
processes.
PCI PIN Security - ANS covers secure management, processing, and transmission of personal
identification number (PIN) data during online and offline payment card transaction processing.
PCI PTS HSM standard - ANS covers the design of hardware security modules and for
securely protecting those devices until they are deployed.
Card Production standards - ANS establish minimum security levels for card vendors involved
in payment card manufacturing, card personalization, pre-personalization, chip embedding,
data preparation , and fulfillment.
Discover Compliance Program is called ______________. - ANS Information Security
Compliance
JCB Compliance Program is called ______________. - ANS Data Security Program
MasterCard Compliance Program is called ______________. - ANS Site Data Protection
Visa Inc. Compliance Program is called ______________. - ANS Information Security Program
Visa Europe Compliance Program is called ______________. - ANS Account Information
Security Program.
Copyright ©2025 BRIGHTSTARS ALL RIGHTS RESERVED 3
