Diana Greenhaw To Lead Stakeholder Engagement for the PCI Security Standards Council
Recent Updates RSS
The latest changes across all tracked PCI resources.
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant?s PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
Which version of the P2PE Standard should be used for a P2PE assessment?
The latest version of the PCI P2PE Standard is v3.1, September 2021.
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant?s PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
Which PCI PTS point-of-interaction (POI) devices can be used in a validated P2PE solution?
The PCI P2PE Standard and Program require the use of a PTS-approved (non-expired) point-of-interaction (POI) device, which has been evaluated and approved via the PCI PTS program with SRED (secure …
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant?s PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
Is a "P2PE Assessor" required for a merchant's PCI DSS assessment if the merchant uses a Council-listed P2PE solution?
No, merchants using PCI-listed P2PE solutions are not required to engage a P2PE assessor [that is, a P2PE Assessor or P2PE Application Assessor] for their PCI DSS assessments.
Merchants …
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant?s PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
Can a QSA that is not also a P2PE Assessor validate an encryption solution meets P2PE Requirements?
No. Only P2PE Assessors are qualified by the PCI Security Standards Council to evaluate P2PE Solutions, P2PE Components and P2PE Applications. Note that only a P2PE Assessor is qualified to …
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant?s PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
How do PCI PTS-approved HSM expiry dates affect a PCI-listed P2PE Solution or Component?
For details regarding PTS-approved POI device expiry in regard to the PCI P2PE Standard and Program, refer to the current P2PE Technical FAQs found in the PCI SSC Document Library
…