10/8/25, 4:03 PM AQSA Certification Exam (2025) Exam Questions & Answers | Latest Already Graded A+ UPDATE 2025|2026!! Flashcards | Quizlet
AQSA Certification Exam (2025) Exam Questions
& Answers | Latest Already Graded A+ UPDATE
2025|2026!!
Save
Terms in this set (157)
is an independent industry standards body providing
oversights of the development and management of
PCI SSC
Payment Card Industry Data Security Standards on a
global basis.
What are the founding American express, Discover, JCB, Mastercard, and
payment brands? VISA
defined by the payment brands, based on transaction
What define the merchant
volume. Transaction volume determined by the
levels?
acquirer)
Defined by the payment brands according to
What define the service transaction volume and/or type of service provider.
provider levels? Determined by the payment brans or acquirer, or
sometimes the service provider.
Card-not-present merchants (e-commerce or
mail/telephone-order) that have fully outsourced all
cardholder data functions to PCI DSS validated third-
SAQ-A
part service providers, with no electronic storage,
processing, or transmission of any cardholder data on
the merchant's systems or premises.
https://quizlet.com/1089555686/aqsa-certification-exam-2025-exam-questions-answers-latest-already-graded-a-update-20252026-flash-cards/?new 1/20
,10/8/25, 4:03 PM AQSA Certification Exam (2025) Exam Questions & Answers | Latest Already Graded A+ UPDATE 2025|2026!! Flashcards | Quizlet
E-commerce merchants who outsource all payment
processing to PCI DSS validated third parties, and
who have a website(s) that doesn't directly receive
SAQ A-EP cardholder data but that can impact the security of
the payment transaction. No electronic storage,
processing, or transmission of any cardholder data on
the merchant's systems or premises.
Merchants using only:
- Imprint machines with no electronic cardholder data
SAQ-B storage; and/or
- Standalone, dial-out terminals with no electronic
cardholder data storage.
Merchants using only stand-alone, PTS-approved
payment terminals with an IP connection to the
SAQ-B-IP payment processor, with no electronic cardholder
data storage.
Not applicable to e-commerce channels.
is for merchants using only web-based virtual
SAQ C-VT payment terminals, where cardholder data is manually
entered into a secure website from a single system.
is for merchants with dedicated payment application
systems segmented from all other systems, and
connected to the Internet for the purposes of
transaction processing. SAQ C is not applicable to e-
SAQ-C
commerce payment channels. A merchant only
accepts payments via the telephone and they enter
the cardholder data directly into a webpage provided
by their acquirer.
covers security of the environments that store,
process, or transmit account data. The scope of PCI
PCI DSS DSS covers environments receiving account data from
payment applications and other sources—acquirers,
for example.
https://quizlet.com/1089555686/aqsa-certification-exam-2025-exam-questions-answers-latest-already-graded-a-update-20252026-flash-cards/?new 2/20
, 10/8/25, 4:03 PM AQSA Certification Exam (2025) Exam Questions & Answers | Latest Already Graded A+ UPDATE 2025|2026!! Flashcards | Quizlet
covers secure payment applications to support PCI
DSS compliance. The scope of PA-DSS addresses
when a payment application receives account data
PCI PA-DSS
from cardholder-interface devices such as point-of
sale-terminals or other devices and begins the
payment transaction.
covers secure encryption, decryption, and key
management for point-to-point encryption solutions.
PCI P2PE (Point-to-Point
Requirements for a P2PE solution will vary depending
Encryption)
on the deployment environment and the technologies
used for a specific implementation.
covers device tamper detection, cryptographic
processes, and other mechanisms used to protect the
PIN and other sensitive data, such as cryptographic
keys. The PTS set of requirements addresses how
PCI PTS (PIN Transaction
cardholder PINs are protected at cardholder-
Security) POI
interface devices such as point-of-sale terminals, as
well as hardware security modules that are used for
payment processing and cardholder authentication
applications and processes.
covers secure management, processing, and
transmission of personal identification number (PIN)
PCI PIN Security
data during online and offline payment card
transaction processing.
covers the design of hardware security modules and
PCI PTS HSM standard for securely protecting those devices until they are
deployed.
establish minimum security levels for card vendors
Card Production involved in payment card manufacturing, card
standards personalization, pre-personalization, chip embedding,
data preparation , and fulfillment.
Discover Compliance Information Security Compliance
Program is called
______________.
https://quizlet.com/1089555686/aqsa-certification-exam-2025-exam-questions-answers-latest-already-graded-a-update-20252026-flash-cards/?new 3/20
AQSA Certification Exam (2025) Exam Questions
& Answers | Latest Already Graded A+ UPDATE
2025|2026!!
Save
Terms in this set (157)
is an independent industry standards body providing
oversights of the development and management of
PCI SSC
Payment Card Industry Data Security Standards on a
global basis.
What are the founding American express, Discover, JCB, Mastercard, and
payment brands? VISA
defined by the payment brands, based on transaction
What define the merchant
volume. Transaction volume determined by the
levels?
acquirer)
Defined by the payment brands according to
What define the service transaction volume and/or type of service provider.
provider levels? Determined by the payment brans or acquirer, or
sometimes the service provider.
Card-not-present merchants (e-commerce or
mail/telephone-order) that have fully outsourced all
cardholder data functions to PCI DSS validated third-
SAQ-A
part service providers, with no electronic storage,
processing, or transmission of any cardholder data on
the merchant's systems or premises.
https://quizlet.com/1089555686/aqsa-certification-exam-2025-exam-questions-answers-latest-already-graded-a-update-20252026-flash-cards/?new 1/20
,10/8/25, 4:03 PM AQSA Certification Exam (2025) Exam Questions & Answers | Latest Already Graded A+ UPDATE 2025|2026!! Flashcards | Quizlet
E-commerce merchants who outsource all payment
processing to PCI DSS validated third parties, and
who have a website(s) that doesn't directly receive
SAQ A-EP cardholder data but that can impact the security of
the payment transaction. No electronic storage,
processing, or transmission of any cardholder data on
the merchant's systems or premises.
Merchants using only:
- Imprint machines with no electronic cardholder data
SAQ-B storage; and/or
- Standalone, dial-out terminals with no electronic
cardholder data storage.
Merchants using only stand-alone, PTS-approved
payment terminals with an IP connection to the
SAQ-B-IP payment processor, with no electronic cardholder
data storage.
Not applicable to e-commerce channels.
is for merchants using only web-based virtual
SAQ C-VT payment terminals, where cardholder data is manually
entered into a secure website from a single system.
is for merchants with dedicated payment application
systems segmented from all other systems, and
connected to the Internet for the purposes of
transaction processing. SAQ C is not applicable to e-
SAQ-C
commerce payment channels. A merchant only
accepts payments via the telephone and they enter
the cardholder data directly into a webpage provided
by their acquirer.
covers security of the environments that store,
process, or transmit account data. The scope of PCI
PCI DSS DSS covers environments receiving account data from
payment applications and other sources—acquirers,
for example.
https://quizlet.com/1089555686/aqsa-certification-exam-2025-exam-questions-answers-latest-already-graded-a-update-20252026-flash-cards/?new 2/20
, 10/8/25, 4:03 PM AQSA Certification Exam (2025) Exam Questions & Answers | Latest Already Graded A+ UPDATE 2025|2026!! Flashcards | Quizlet
covers secure payment applications to support PCI
DSS compliance. The scope of PA-DSS addresses
when a payment application receives account data
PCI PA-DSS
from cardholder-interface devices such as point-of
sale-terminals or other devices and begins the
payment transaction.
covers secure encryption, decryption, and key
management for point-to-point encryption solutions.
PCI P2PE (Point-to-Point
Requirements for a P2PE solution will vary depending
Encryption)
on the deployment environment and the technologies
used for a specific implementation.
covers device tamper detection, cryptographic
processes, and other mechanisms used to protect the
PIN and other sensitive data, such as cryptographic
keys. The PTS set of requirements addresses how
PCI PTS (PIN Transaction
cardholder PINs are protected at cardholder-
Security) POI
interface devices such as point-of-sale terminals, as
well as hardware security modules that are used for
payment processing and cardholder authentication
applications and processes.
covers secure management, processing, and
transmission of personal identification number (PIN)
PCI PIN Security
data during online and offline payment card
transaction processing.
covers the design of hardware security modules and
PCI PTS HSM standard for securely protecting those devices until they are
deployed.
establish minimum security levels for card vendors
Card Production involved in payment card manufacturing, card
standards personalization, pre-personalization, chip embedding,
data preparation , and fulfillment.
Discover Compliance Information Security Compliance
Program is called
______________.
https://quizlet.com/1089555686/aqsa-certification-exam-2025-exam-questions-answers-latest-already-graded-a-update-20252026-flash-cards/?new 3/20
