Topics
Products
Follow Us:

Compliance Training Questions and Answers (Q&A)

KMSI
Answered: May 28, 2020
C. Employee is asked to provide name and contact information when reporting a issue.

COMMENT: The hotline never asks an employee to give name or other identifying information, and if the...Read More

1 Answer

290 views
Ajbsoftware
Answered: May 28, 2020
False

Payment application vendors can only state in the engagement contracts that products are PA-DSS validated when installed correctly in the customers CDE. Vendor can not guarantee...Read More

1 Answer

255 views
Ajbsoftware
Answered: May 28, 2020
False

Render PAN unreadable anywhere it is stored (including on portable digital media, backup media, and in logs) by using any of the following approaches: One-way hashes based on strong...Read More

1 Answer

228 views
John Smith
Answered: May 28, 2020
True

Do not store sensitive authentication data after authorization (even if encrypted). Sensitive authentication data consists of magnetic stripe (or track) data6, card validation code or...Read More

1 Answer

227 views
Ajbsoftware
Answered: May 28, 2020
False

A payment vendor PA-DSS policy exception should be used when a customer can not meet PA-DSS requirements due to business, operational or technical constraints. For example,...Read More

1 Answer

225 views
John Smith
Answered: May 28, 2020
False

If an OS is no longer supported by an OS vendor, an application can not be PA-DSS validated against it. PA-DSS does not allow compensating controls.

1 Answer

223 views
Ajbsoftware
Answered: May 28, 2020
True

The main purpose of PA-DSS validation from a customers point of view is liability shift. When installed correctly in the customers CDE as per the payment vendors installation guide, ...Read More

1 Answer

223 views
John Smith
Answered: May 28, 2020
False

The PCI DSS compliance level a merchant falls under depends on the number of transactions they process per year and whether those transactions are performed from a brick and mortar...Read More

1 Answer

222 views
Barry Mclean, Sales Manager
Answered: Jan 03, 2019
The Payment Card Industry Information Security Standard is a set of industry guidelines designed to protect payment card data. The policy is intended to create an additional level of protection...Read More

3 Answers

219 views
John Smith
Answered: May 28, 2020
False

All software vendors must meet PA-DSS requirements for their merchants to comply with the mandated Payment Card Industry Data Security Standard (PCI DSS). As of October 1, 2008,...Read More

1 Answer

214 views
Ajbsoftware
Answered: May 28, 2020
False

If an OS is no longer supported by an OS vendor, an application can not be PA-DSS validated against it. PA-DSS does not allow compensating controls.

1 Answer

214 views
John Smith
Answered: May 28, 2020
False

Payment software validated validated to PA-DSS 1.2.1 software can still be used as long as it has not yet expired and no modifcations have been made to the paymemt application covered...Read More

1 Answer

211 views
John Smith
Answered: May 28, 2020
Sure thing. bring a date!-since the service is being offered to the entire student body, and not just athletes, its fine to take them up on the offer. 16.11.2.2.3 entertainment services. a...Read More

1 Answer

208 views
Wyatt Williams
Answered: May 28, 2020
True

Software applications that allow users to directly enter cardholder data are considered payment applications by the PCI SCC and are in scope of the Payment Application Data Security...Read More

1 Answer

207 views

Related Topics Of Compliance Training

Loading, please wait...

Email Sent
We have sent an email to your address "" with instructions to reset your password.