A vendor wants to know if they will be penalized if their vault is not compliant. Who should they ask?
A vendor wants to know if they will be penalized if their vault is not compliant. Who should they ask?
A . PCI SSC
B . Assessor
C . Issuing banks
D . Payment brands
Answer: D
Explanation:
The PCI SSC does not enforce compliance, nor does it mandate penalties for non-compliance. Compliance with the PCI Card Production Standards is enforced by the payment brands. The payment brands may have their own compliance programs and may apply penalties or fines to entities that are not compliant or suffer a breach. Therefore, a vendor who wants to know if they will be penalized if their vault is not compliant should ask the payment brands that they work with or are contracted by.
References:
Payment Card Industry (PCI) Card Production Security Assessors Program Guide, Version 1.0, April 2019, page 51
PCI Card Production Security Assessor (CPSA) Qualification Requirements, Version 1.0, April 2019, page 62
Latest CPSA_P_New Dumps Valid Version with 50 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund