The latest changes across all tracked PCI resources.
Hello and welcome to our podcast series, Coffee with the Council. I'm Andrew Jamieson, VP, Distinguished Standards Architect for the PCI Security Standards Council. And I'll be your …
Hello and welcome to our podcast series, Coffee with the Council. I'm Andrew Jamieson, VP, Distinguished Standards Architect for the PCI Security Standards Council. And I'll be your …
Events such as these should be accounted for in any service contract you sign with a software vendor. The Council requires that approved PA-QSAs carry appropriate liability insurance.
Revalidation Date: Annually, the software vendor is required to revalidate by completing Part 3b of the Attestation of Validation form, confirming that no changes have been made to the application …
The PCI Security Standards Council (PCI SSC) mission is to develop, maintain and build awareness around the standards and supporting programs. Additionally, the PCI SSC strives to ensure that implementing …
The Card Production Logical and Physical Security Requirements were published by PCI SSC in 2013, and are intended to provide manufacturers and producers of payment cards with a comprehensive resource …
No. PCI DSS sensitive authentication data (SAD) consists of full magnetic-stripe data, card verification codes or values, and PINs or PIN blocks. PCI DSS specifically prohibits storage of SAD after …
Yes. Assessors have two options when performing PCI DSS testing procedures; they can either: 1) test a representative sample of the population according to the assessor's defined sampling methodology, or …
Payment terminals (sometimes referred to as point-of-sales systems, point-of-interaction devices, or payment devices) are physical devices that capture payment card data to process transactions. Because these devices are directly involved …
Encryption of cardholder data with strong cryptography is an acceptable method of rendering the data unreadable according to PCI DSS Requirement 3.5.1. However, encryption alone is insufficient to render the …
Where a third-party service provider (TPSP) receives and/or stores only data encrypted by another entity, and where they do not have the ability to decrypt the data, the TPSP may …
Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for …
Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for …
