PIN ROC Reporting Template
Version: v3.1
Files: 6 files in 1 version
v3.1 updated with new revision
Files: 6 files in 1 version
v3.1 updated with new revision
Recent Updates RSS
The latest changes across all tracked PCI resources.
PIN Attestation of Compliance (AOC)
Version: v3.3
Files: 8 files in 4 versions
v3.3 added
Files: 8 files in 4 versions
v3.3 added
The AI Exchange: Innovators in Payment Security Featuring Soft Space
Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for …
PCI Security Standards Council Publishes First-Ever Annual Report
The PCI Security Standards Council (PCI SSC) announced the release of its inaugural Annual Report, marking a significant milestone in the Council’s nearly 20-year history of advancing global payment …
PCI Security Standards Council Publishes First-Ever Annual Report Highlighting Global Progress in Payment Security
P2PE v3.x Technical FAQs
Version: PCI-P2PE-v3.x-Technical-FAQs-29Jan2026
Files: 5 files in 5 versions
PCI-P2PE-v3.x-Technical-FAQs-29Jan2026 added
Files: 5 files in 5 versions
PCI-P2PE-v3.x-Technical-FAQs-29Jan2026 added
Coffee with the Council Podcast: PCI SSC Releases Version 2.0 of the PCI Secure Software Standard
Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, Director of Communications and Public Relations for the PCI Security Standards Council. Well, happy new year …
PCI Security Standards Council Appoints Brazil Advisory Board for 2026-2027
Does PCI DSS, PA-DSS, or PTS apply to ATMs?
PCI DSS applies to entities involved in payment card processing or that otherwise store, process, or transmit cardholder data; the Payment Application Data Security Standard (PA-DSS) applies to payment applications …
Can a payment application that implements the same cryptographic keys across multiple installations be PA-DSS compliant?
No. If cryptographic keys are provided by the application vendor as part of the application, the keys must be unique to each customer or installation. An application that requires the …
Can a payment application that uses cryptographic keys hard-coded by the vendor be PA-DSS compliant if they cannot be changed by the customer?
No. In order to meet PA-DSS and PCI DSS requirements, the payment application must facilitate the customers' ability to perform key changes periodically and as required by the customer in …
What is the scope of a PCI DSS assessment for a network that is not segmented?
Without proper network segmentation to isolate the systems that store, process or transmit cardholder data from those that do not, all system components in that network are considered part of …
If I am deemed PCI DSS compliant today by one of the payment card brands, will the other brands in the PCI Security Standards Council recognize this designation of compliance and if so, what information must be put forth to achieve such recognition?
Since the individual payment brands are responsible for their own PCI DSS compliance programs, organizations should follow each brand's specific compliance processes and procedures.
Is it required that all of a company's sites, even those located in other countries, must be included in the company's PCI DSS review?
The PCI DSS is a global standard and is applicable to all entities that process, transmit or store cardholder data regardless of geographic location. Each payment brand manages their PCI …
What is the Council's guidance on the use of SHA-1?
For more information about strong cryptography, refer to the Information Supplement: PCI Cryptography Guidance, available under Guidance Document in the PCI SSC Document Library. Our document library can be …