PCI Compliance Training Test!

Reviewed by Editorial Team

The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.

Learn about Our Editorial Process

| By Mkstark

Mkstark

Community Contributor

Quizzes Created: 1 | Total Attempts: 6,597

| Attempts: 6,602

Questions

Feedback

During the Quiz End of Quiz

Difficulty

Easy First Hard First Sequential

Share on Facebook Share on Twitter Share on Whatsapp Share on Pinterest Share on Email Copy to Clipboard Embed on your website

1/10 Questions

PA-DSS applies to software applications that are considered payment applications by the PCI Security Standards Council (PCI SSC).
- True
- False

About This Quiz

This is a PCI compliance training test! Being that we are living in a paperless society, credit and debit cards are the most used ways of payments, and establishments need to follow some regulations to ensure the safety of the buyers who use the cards in their institutions. Do take this quiz and get to see if you comply with them.

2.

PCI DSS was created by the major credit card companies.
- True
- False
Correct Answer

A. True

Explanation

PCI DSS was developed by the five major payment card brands (American Express, Discover, JCB, MasterCard and Visa) which founded the Payment Card Industry Security Standards Council (PCI SSC) in 2006. The mission of the PCI SSC is to develop, manage, educate and create awareness of the PCI Security Standards.

Rate this question:

4
3.

The financial services, healthcare, insurance and higher education industries have the highest percentages of businesses that store credit card data.
- True
- False
Correct Answer

A. True

Explanation

According to a 2007 Forrester Research report, the financial services, healthcare, insurance and higher education industries have the highest percentages of businesses that store credit card data. The survey of 677 European and US-based organizations found that ninety-four percent of Level 1 merchants retained credit card numbers, compared to eighty percent of of Level 2 merchant respondents.

Rate this question:

3
4.

Seventy five percent of all data security attacks are against software applications.
- True
- False
Correct Answer

A. True

Explanation

According to industry analyst Gartner Group, 75 percent of successful attacks occur through an application, rather than through a network or operating system.

Rate this question:

4
5.

Merchants can store authentication data - i.e. full magnetic stripe data, CVV2 - but only if that information is encrypted.
- True
- False
Correct Answer

A. False

Explanation

Sensitive authentication data must not be stored after authorization, even if it is encrypted.

Rate this question:

1
6.

If a merchant is PCI Compliant, it is impossible for a cardholder data breach to occur.
- True
- False
Correct Answer

A. False

Explanation

Cardholder data breaches can and have occurred from merchants that are PCI DSS compliant. In 2008, Hanniford Bros. supermarket chain suffered a breach in which 4.2 million card numbers were stolen despite the fact that the grocer was PCI DSS compliant. Merchants can better protect themselves by instituting POS solutions that exceed PCI DSS requirements such as offsite data storage and encrypting card readers.

Rate this question:

3
7.

Merchants can meet PCI DSS compliance requirements even if they are using non- PA-DSS compliant software applications that are sold, distributed or licensed.
- True
- False
Correct Answer

A. False

Explanation

All software vendors must meet PA-DSS requirements for their merchants to comply with the mandated Payment Card Industry Data Security Standard (PCI DSS). As of October 1, 2008, acquiring financial institutions cannot approve merchants for processing that are using non-PA-DSS compliant software.

Rate this question:

3
8.

The PCI DSS level a merchant falls into depends solely on the number of transactions they process each year.
- True
- False
Correct Answer

A. False

Explanation

The PCI DSS compliance level a merchant falls under depends on the number of transactions they process per year and whether those transactions are performed from a brick and mortar location or over the Internet.

Rate this question:

2
9.

Vendors of payment applications have options other than meeting PA-DSS requirements.
- True
- False
Correct Answer

A. True

Explanation

Software vendors also have the option of using a PCI compliant hosting service to go out of scope for PA-DSS. By shifting the responsibility of storing, processing and transmitting sensitive cardholder data to a hosting company, it is no longer necessary for the software application to become PA-DSS validated.

Rate this question:

3
10.

PA-DSS was the first payment card security initiative directed towards software vendors.
- True
- False
Correct Answer

A. False

Explanation

Visa developed the Payment Application Best Practices (PABP) before the PA-DSS. However, we realize this might seem like a trick question, since this is the first security standard created by PCI DSS that is directed towards software vendors. So if you answered true we'll bend the rules a bit and say you're correct as well!

Rate this question:

5

Quiz Review Timeline (Updated): Nov 16, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Nov 16, 2023

Quiz Edited by
ProProfs Editorial Team
Sep 16, 2009

Quiz Created by
Mkstark

PCI Compliance Training Test!

PA-DSS applies to software applications that are considered payment applications by the PCI Security Standards Council (PCI SSC).

Quiz Preview

PCI DSS was created by the major credit card companies.

The financial services, healthcare, insurance and higher education industries have the highest percentages of businesses that store credit card data.

Seventy five percent of all data security attacks are against software applications.

Merchants can store authentication data - i.e. full magnetic stripe data, CVV2 - but only if that information is encrypted.

If a merchant is PCI Compliant, it is impossible for a cardholder data breach to occur.

Merchants can meet PCI DSS compliance requirements even if they are using non- PA-DSS compliant software applications that are sold, distributed or licensed.

The PCI DSS level a merchant falls into depends solely on the number of transactions they process each year.

Vendors of payment applications have options other than meeting PA-DSS requirements.

PA-DSS was the first payment card security initiative directed towards software vendors.