One quick question before we dive in. What’s your first name? *

 
Nice to meet you, {{answer_42276085}}!

Here's the plan: Make it through the 3 minute quiz, and you'll have the chance to enter the free drawing for a Google Pixel C tablet!

 
How many requirements are in the PCI DSS standard?  *


 
CORRECT, there are 12.

Okay, smarty pants! Let’s see if you get the next question right.

 
 INCORRECT

Oh no! There are actually 12 PCI DSS requirements.
That’s OK {{answer_42276085}}, let’s try a different question.

 
Which of the following is not a PCI DSS requirement? *


 
CORRECT!

Role Based Access Control (RBAC) is NOT a PCI DSS requirement
While PCI DSS requires that organizations reduce access to cardholder data to only those that are required, it does not mandate which control protocol should be used.

 
INCORRECT!

Implement Role Based Access Control (RBAC) is not a PCI  DSS requirement. While PCI DSS requires that organizations reduce access to cardholder data to only those that are required, it does not mandate which control protocol should be used.

 
True or False?
It’s OK to use vendor-supplied defaults for system passwords. *


 
CORRECT,  the answer is False.

Wow {{answer_42276085}}! You know your stuff. 

In addition to changing vendor-supplied default passwords, you should avoid common ID names like admin, wcsadmin, webadmin, root, or db2admin. These are easy to guess and put your data at risk.
 
INCORRECT

Sorry {{answer_42276085}}, the correct answer is “False”. You should always change vendor-supplied default passwords.

TIP: In addition you should avoid common ID names like admin, wcsadmin, webadmin, root, or db2admin. These are easy to guess and put your data at risk.
 
Who has to comply with PCI DSS standards? *


 
CORRECT

You're right! The PCI DSS standard applies to “all organizations that process, store or transmit credit card numbers."

 
INCORRECT

The PCI DSS standard applies to “all organizations that process, store or transmit credit card numbers."

 
True or False?
Using a variety of solutions to transfer files (FTP, Dropbox, HTTPS, Email) is a PCI DSS violation. *


 
CORRECT: The answer is False.

Using a variety of file transfer solutions is not in violation of PCI DSS requirements; however, there are downsides to having a decentralized file transfer system:

1. It can be difficult, if not impossible, to monitor and log all file transfer activity in the case of an audit.

2. There may be security vulnerabilities in free file transfer tools, or poorly implemented protocols that put sensitive data at risk.
 
INCORRECT - The answer is False. 

Using a variety of file transfer solutions is not in violation of PCI DSS requirements; however, there are downsides to having a decentralized file transfer system:

1. It can be difficult, if not impossible, to monitor and log all file transfer activity in the case of an audit.

2. There may be security vulnerabilities in free file transfer tools, or poorly implemented protocols that put sensitive data at risk.
 
Last question of the quiz! 

True or False?

If your company uses a POS vendor, they should never store sensitive authentication information, such as track data or PIN blocks. *


 
How are you so amazing {{answer_42276085}}? You're correct!

It’s true, storing this sensitive data is prohibited.

 
Sorry {{answer_42276085}}, the answer is "True." Storing this sensitive data is prohibited.

If you’re unsure whether your current POS vendor stores sensitive authentication data, find out immediately. If their answer is yes, find out how quickly they can help you remove it.
 
You, my friend, have made it through the PCI DSS quiz. How do you feel?

Click "Enter Info for Drawing" to complete the last step.
 
Tell us how reach you if you win.

What's your last name?
*

 
Where do you work? *

 
 
Last step: Official Rules of the Drawing *

Entry: To enter the drawing, readers are required complete the PCI quiz on GoAnywhere.com. Entry for the drawing begins on March 1st, 2017 and ends on April 28th, 2017. Limit one (1) entry per person during entirety of the drawing. One (1) grand prize winner will be chosen.  The winner will be chosen at random out of all entrants. Drawing is open to all U.S. entrants ages 18 years or older. 
Eligibility: This drawing is only open to entrants who are 18 years of age or older at the time of entry. Employees and agents of Linoma Software or HelpSystems and their respective affiliates, officers, distributors, agencies, and prize suppliers, and their immediate family members and persons residing in the same household of such employees are not eligible to enter or win. 
Drawing: Linoma Software will select one (1) winner at random from the entrants. The winner will be notified by Linoma Software and must respond with appropriate shipping information within five (5) business days of notification in order to receive their prize. In the event that a winner’s response has not been received after five (5) business days, the prize will be forfeited and an alternate winner may be selected. 
Prizes: The prize winner will receive one (1) Google Pixel C tablet.  No prize substitutions or cash equivalent of prize is permitted. 
Data: Linoma Software and HelpSystems will not sell or rent the data provided by quiz entrants to any third parties. Contact information provided by entrant will be used as a means of informing the winner, and will be added to our email list for future promotions or product information. Entrants may unsubscribe from receiving further emails at any time.
General: Entrants agree to be bound by these Official Rules which are final and binding in all respects. By entering this drawing, entrants expressly acknowledge and accept the Official Rules.  Linoma Software has the right to refuse any entrants based on entry methods that are in disagreement of the contest rules and regulations.