Every quarter

Every 2 years

Every year

Every 6 months

Randomization of account data

Collecting Payment card information in a centralized location

End to end encryption

Fraud detection

True

False

Penetration Testing

ASV scan

Service Providers

QSA Audits

A detailed document describing the CDE

Used to train merchants on PCI

Document from QSA certifying compliance

Hundreds of pages long

Quality control of QSA documents

Evaluate service providers

Complete SAQ D

Conduct internal audit of level 2 merchants

Restrict physical access and require unique IDs

Maintaining a security policy

Frewalls and no default passwords

strong encryption