PCI Watch - Tracking changes across the Payment Card Industry

❓ PCI SSC FAQs FAQ #1348 Deleted 2026-04-08T01:00:10.212348+00:00

For P2PE Requirement 3A-4.2, are POI devices required to be physically secured (e.g., bolted to a counter-top or tethered with a cable) in the merchant environment? How does this requirement apply to handheld/wireless POI devices?

This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …

❓ PCI SSC FAQs FAQ #1348 Reinstated 2026-04-08T00:04:13.374404+00:00

For P2PE Requirement 3A-4.2, are POI devices required to be physically secured (e.g., bolted to a counter-top or tethered with a cable) in the merchant environment? How does this requirement apply to handheld/wireless POI devices?

This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …

❓ PCI SSC FAQs FAQ #1348 Link Changed 2026-04-08T00:04:13.374404+00:00

For P2PE Requirement 3A-4.2, are POI devices required to be physically secured (e.g., bolted to a counter-top or tethered with a cable) in the merchant environment? How does this requirement apply to handheld/wireless POI devices?

This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …

📣 PCI SSC Communications Blog Updated 2026-04-03T15:11:51+00:00

The AI Exchange: Innovators in Payment Security Featuring Toast, Inc.

Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for …

📣 PCI SSC Communications Blog New 2026-04-03T15:11:51+00:00

The AI Exchange: Innovators in Payment Security Featuring Toast, Inc.

Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for …

📣 PCI SSC Communications Blog Updated 2026-04-01T15:59:58+00:00

Coffee with the Council Podcast: A Panel Discussion on Cryptography

Hello and welcome to our podcast series, Coffee with the Council. I'm Andrew Jamieson, VP, Distinguished Standards Architect for the PCI Security Standards Council. And I'll be your …

📣 PCI SSC Communications Blog New 2026-04-01T15:59:58+00:00

Coffee with the Council Podcast: A Panel Discussion on Cryptography

Hello and welcome to our podcast series, Coffee with the Council. I'm Andrew Jamieson, VP, Distinguished Standards Architect for the PCI Security Standards Council. And I'll be your …

❓ PCI SSC FAQs FAQ #1128 Deleted 2026-03-31T00:03:19.016691+00:00

What happens if I'm using a PA-DSS validated payment application that is breached?

Events such as these should be accounted for in any service contract you sign with a software vendor. The Council requires that approved PA-QSAs carry appropriate liability insurance.

❓ PCI SSC FAQs FAQ #1174 Deleted 2026-03-31T00:03:19.016691+00:00

For the list of Validated PA-DSS Applications, what is the difference between Revalidation Date and Expiry Date?

Revalidation Date: Annually, the software vendor is required to revalidate by completing Part 3b of the Attestation of Validation form, confirming that no changes have been made to the application …

❓ PCI SSC FAQs FAQ #1213 Deleted 2026-03-31T00:03:19.016691+00:00

Are there any plans to standardize the reporting requirements (reports) for the PCI DSS, PA-DSS, ASV, QSA and PTS programs that are sent to each of the payment brands?

The PCI Security Standards Council (PCI SSC) mission is to develop, maintain and build awareness around the standards and supporting programs. Additionally, the PCI SSC strives to ensure that implementing …

❓ PCI SSC FAQs FAQ #1263 Deleted 2026-03-31T00:03:19.016691+00:00

Recent Updates RSS

For P2PE Requirement 3A-4.2, are POI devices required to be physically secured (e.g., bolted to a counter-top or tethered with a cable) in the merchant environment? How does this requirement apply to handheld/wireless POI devices?

For P2PE Requirement 3A-4.2, are POI devices required to be physically secured (e.g., bolted to a counter-top or tethered with a cable) in the merchant environment? How does this requirement apply to handheld/wireless POI devices?

For P2PE Requirement 3A-4.2, are POI devices required to be physically secured (e.g., bolted to a counter-top or tethered with a cable) in the merchant environment? How does this requirement apply to handheld/wireless POI devices?

The AI Exchange: Innovators in Payment Security Featuring Toast, Inc.

The AI Exchange: Innovators in Payment Security Featuring Toast, Inc.

Coffee with the Council Podcast: A Panel Discussion on Cryptography

Coffee with the Council Podcast: A Panel Discussion on Cryptography

What happens if I'm using a PA-DSS validated payment application that is breached?

For the list of Validated PA-DSS Applications, what is the difference between Revalidation Date and Expiry Date?

Are there any plans to standardize the reporting requirements (reports) for the PCI DSS, PA-DSS, ASV, QSA and PTS programs that are sent to each of the payment brands?

What are the Card Production Logical and Physical Security Requirements?

Are authentication values from a 3DS transaction considered sensitive authentication data for PCI DSS purposes?

Is sampling allowed in PCI DSS v4.x?

How does PCI DSS apply to payment terminals?

How does encrypted cardholder data impact PCI DSS scope?