PCI Watch - Tracking changes across the Payment Card Industry

📣 PCI SSC Communications Blog New 2026-03-17T14:43:40+00:00

The AI Exchange: Innovators in Payment Security Featuring Toast, Inc.

Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for …

📣 PCI SSC Communications Blog New 2026-03-11T14:52:09+00:00

Spotlight On: Amazon, a New Principal Participating Organization

Welcome Amazon, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, Amazon Principal Industry Specialist, Balaji …

📣 PCI SSC Communications Blog Updated 2026-03-09T18:39:53+00:00

Welcome Our Newest Associate Participating Organizations

We are pleased to welcome the newest organizations that have joined as Associate Participating Organizations of the PCI Security Standards Council (PCI SSC). These organizations play a crucial role …

📣 PCI SSC Communications Blog New 2026-03-09T18:39:53+00:00

Welcome Our Newest Associate Participating Organizations

We are pleased to welcome the newest organizations that have joined as Associate Participating Organizations of the PCI Security Standards Council (PCI SSC). These organizations play a crucial role …

❓ PCI SSC FAQs FAQ #1089 Updated 2026-03-03T20:52:55+00:00

How can hashing be used to protect Primary Account Numbers (PAN) and in what circumstances can hashed PANs be considered out of scope for PCI DSS?

One-way hashing is a method that can be used to render PAN unreadable in storage. The hashing process and results, as well as the system(s) that perform the hashing, are …

📣 PCI SSC Communications Blog New 2026-03-02T17:12:18+00:00

The AI Exchange: Innovators in Payment Security Featuring Checkout.com

Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for …

📣 PCI SSC Communications Industry Bulletin New 2026-03-02T15:36:29+00:00

PCI Security Standards Council Bulletin: Extension of Expiration Dates for PCI PTS HSM v4 Security Requirements and Approvals, and PCI PTS HSM v3 Approvals

📣 PCI SSC Communications Media New 2026-02-25T16:53:53+00:00

PCI Council Says Threats to Payments Systems Are Speeding Up

via darkreading.com

❓ PCI SSC FAQs FAQ #1181 Deleted 2026-02-25T15:57:39.434341+00:00

How can I check whether a payment application is PA-DSS validated?

The List of Validated Payment Applications on the PCI SSC website is the authoritative list of applications which have been accepted by PCI SSC as PA-DSS validated. If an application …

❓ PCI SSC FAQs FAQ #1182 Deleted 2026-02-25T15:57:39.434341+00:00

Is it acceptable to make minor changes to a PA-DSS validated application and retain the existing version number?

All changes to the software of a validated PA-DSS application must result in a new version number, even if there is no impact on PA-DSS requirements. This is necessary to …

❓ PCI SSC FAQs FAQ #1195 Deleted 2026-02-25T15:57:39.434341+00:00

What is the difference between a Validated Payment Application which is shown on the PCI SSC website as ""Acceptable for New Deployments"" and one which is shown as 'Acceptable only for Pre-Existing Deployments'?

When a PA-DSS validated payment application has expired, it is listed as acceptable only for pre-existing deployments, or in other words, for customers that have already purchased and deployed the …

❓ PCI SSC FAQs FAQ #1262 Deleted 2026-02-25T15:57:39.434341+00:00

Will PA-DSS validated applications continue to be Acceptable for New Deployments if they run on an unsupported operating system?

As part of the annual PA-DSS revalidation process, PCI SSC will be working with application vendors to identify applications which rely or depend on unsupported software, to ensure that validated …

❓ PCI SSC FAQs FAQ #1278 Deleted 2026-02-25T15:57:39.434341+00:00

Are PA-DSS applications considered valid if installed on an operating system that is not included in the payment application listing?

A PA-DSS validation is only applicable to the operating system(s) upon which the application was assessed, as reported in the ROV and as listed with the application on the PCI …

❓ PCI SSC FAQs FAQ #1279 Deleted 2026-02-25T15:57:39.434341+00:00

How does using a PA-DSS validated application affect the scope of a merchant's PCI DSS assessment?

Applications which are PA-DSS validated have been assessed by a PA-QSA as meeting all PA-DSS requirements. This means the application, when properly installed and configured, is capable of supporting the …

❓ PCI SSC FAQs FAQ #1288 Deleted 2026-02-25T15:57:39.434341+00:00

Does PA-DSS Requirement 3.3.2 apply to passwords used by the payment application to access other systems/applications (e.g. for the payment application to access a third-party database)?

PA-DSS Requirement 3.3.2 applies to all passwords generated or managed by the payment application that are used to authenticate access to the payment application. This requirement is not intended to …

Recent Updates RSS