PCI
What does PCI stand for?
Payment Card Industry
What is the main purpose of the BSA?
To detect and prevent money laundering
What element has the chemical symbol 'O'?
Oxygen
How can you prevent social engineering attacks?
By being skeptical of unexpected requests and verifying identities
Can abusive practices involve taking advantage of a consumer’s lack of understanding? Why?
Yes. Materially interferes with the consumer’s ability to understand a term or condition of a product or service
What is the main purpose of PCI DSS?
To reduce cardholder fraud by securing cardholder data
What does AML stand for in BSA/AML compliance?
Anti-Money Laundering
Who was the first President of Colombia?
General Simón Bolívar
What is social engineering in cybersecurity?
Manipulating people into giving up confidential information
What should a company do to avoid UDAAP violations?
Ensure marketing and disclosures are clear, accurate, and not misleading
True or False: Only large companies need to follow PCI DSS
Correct answer: False
All businesses that store, process, or transmit credit card data must comply, regardless of size.
How often must BSA/AML training be provided to employees?
Annually
Who painted the Mona Lisa?
Leonardo da Vinci
What is vishing?
Voice phishing – using phone calls to trick victims
Who can be affected by UDAAP violations?
Any consumer engaging with a financial product or service
Which of the following is considered sensitive cardholder data?
A. Cardholder's favorite color
B. 16-digit credit card number
C. Customer's ZIP code only
D. Cardholder’s birthday
B. 16-digit credit card number 16-digit credit card number
Who is required to comply with the BSA?
Financial institutions
How many continents are there on Earth?
Seven
Asia, Africa, North America, South America, Antarctica, Europe, and Australia
Why is social engineering effective?
Because it exploits human trust and behavior rather than technical flaws
1. Collecting or assessing fees not authorized by the agreement
2. Failing to post payments timely or properly or crediting a customer’s account that the consumer submitted on time and charging late fees to that consumer
3. Taking possession of property without the legal right to do so
4. Misrepresenting terms or conditions of an account
5. Inconsistently applying institution policies
Which of these is a basic PCI DSS requirement?
A. Let employees write down card numbers on sticky notes
B. Use strong passwords and update software
C. Save all customer card data forever
D. Share customer card info by email
B. Use strong passwords and update software
Name the 3 stages of Money Laundering
Placement, Layering, Integration
What is the capital of Canada?
Ottawa
What is tailgating in social engineering?
Following someone into a restricted area without proper access
What does UDAAP stand for?
Unfair, Deceptive, or Abusive Acts or Practices