According to IBM Security’s 2019 Cost of a Data Breach Report, the average data breach in the U.S. costs a staggering $8.19 million. To prevent a data breach, you must understand what causes them and be aware of your responsibilities as an ISV, as well as your merchants’ responsibilities as a business that accepts credit cards.
Customers trust businesses to protect their data whenever they use their debit or credit cards to purchase products or services. One way to establish trust between customers and businesses is to ensure you and your merchants are PCI compliant.
PCI compliance helps improve security at the business level, protecting your merchants’ processing environments and your business from a potential catastrophic data breach. But how much do you really know about PCI compliance? Take our PCI compliance quiz below to find out.
Understanding how to become, and remain, PCI compliant as well as the potential risk of non-compliance is critical in today’s payment processing landscape. How much do you know about PCI compliance? Test your knowledge here.
1. True or false: PCI-DSS stands for The Payment Card Industry Data Security Standard.
a) True
b) False
Answer: a) True. The Payment Card Industry Data Security Standard is a set of security standards designed to ensure that all merchants and ISVs that accept, process, store or transmit credit card information maintain a secure environment.
2. Who does the PCI-DSS apply to?
a) ISVs or merchants who process 10 or more credit card transactions each year
b) ISVs or merchants who process 100 or more credit card transactions each year
c) ISVs or merchants who process 1000 or more credit card transactions each year
d) All answers listed
Answer: d) All answers listed. The PCI-DSS applies to any ISV or merchant that handles, processes, stores or transmits credit card data.
3. How many requirements does the PCI-DSS entail?
a) 3
b) 6
c) 12
d) 18
Answer: c) 12. There are 12 requirements of PCI-DSS. These requirements are both operational and technical, and the core focus of these rules is always to protect cardholder data.
4. Which one of the following is NOT one of the six major principles of PCI-DSS?
a) Build and maintain a secure network
b) Maintain an information security policy
c) Implement strong access control measures
d) Complete the Payment Card Industry Self-Assessment Questionnaire
Answer: d) Complete the Payment Card Industry Self-Assessment Questionnaire. Think of the PCI-DSS principles as the “goals” that the various policies and procedures intend to achieve.
5. How many PCI compliance ‘levels’ are there?
a) 1
b) 2
c) 3
d) 4
Answer: d) 4. Any merchant who processes payments will fall into one of the four levels based on the number of transactions they process over a 12-month period.
6. True or false: ISVs and merchants should always store credit card data.
a) True
b) False
Answer: b) False. ISVs and merchants should limit the storage of credit card data. If the storage of PAN is unavoidable, that data must be rendered unreadable wherever it is stored.
7. Data breaches can occur when:
a) Card readers are compromised
b) Credit card data is stored in a database
c) An organization has too many permissions
d) All answers listed
Answer: d) All answers listed. There are many ways in which a data breach can occur, which is why being PCI compliant is so important to minimize the chances of a breach occurring.
8. True or False: It is important to change default passwords and remove guest accounts as part of industry accepted system hardening standards.
a) True
b) False
Answer: a) True. PCI-DSS requirement 2.2 describes acceptable system configuration standards. This includes the removal of all default passwords and guest accounts as an effective first step in securing the processing environment.
9. What is truncation?
a) A digital inspection of a processing network to detect any potential weaknesses that could lead to intrusion
b) A method of rendering data (such as a full PAN) unreadable by permanently removing a segment of data
c) A global forum for ongoing development and implementation of security standards
d) A document businesses accepting credit cards are required to complete annually to determine their PCI compliance
Answer: b) A method of rendering data (such as a full PAN) unreadable by permanently removing a segment of data. For example, truncation applies to PANs that are electronically stored such as in files and databases. ISVs and developers of payment solutions must understand the acceptable formats for truncation of PAN as required by the PCI-DSS.
10. True or false: The use of encryption in a merchant environment does not remove the need for PCI DSS compliance in that environment.
a) True
b) False
Answer: a) True. The merchant environment is still required to be compliant with PCI DSS due to the presence of cardholder data.
How Can I Ensure PCI Compliance?
If you accept payments, it’s important to prioritize PCI compliance. There are many steps you can take to ensure compliance. At Global Payments Integrated, we provide various resources so our clients can understand PCI compliance, their risk and priorities, and ensure they stay out of PA-DSS scope.
We also offer PCI ASSURE to all of our merchants, which offers PCI compliance assistance to secure your merchants’ processing environment. Our support program includes a variety of components including:
- A dedicated 24/7 client portal
- SAQ assistance
- Network vulnerability scans from ControlScan
- Policy Builder, an online tool to create a set of custom security policies
- Security awareness training
- $100,000 breach protection program
- Dedicated toll-free support
Learn More About Achieving or Maintaining PCI Compliance
PCI compliance can seem complicated, but the consequences of noncompliance are worse. If you’re interested in learning more about how to achieve or maintain PCI compliance, contact Global Payments Integrated today to learn how we can help.