Internal Security Assessor (ISA) Training Case Study: WestJet
WestJet has always worked to maintain PCI compliance across a complex environment that spans over 20 payment channels and 40 different internal teams. As part of its PCI …
Recent Updates
The latest changes across all tracked PCI resources.
Sneak Peek: 2025 Europe Community Meeting Speakers
The countdown is on for this year’s Europe Community Meeting! We’re thrilled to share an early look at some of the exceptional sessions coming your way in Amsterdam, …
SPoC Technical FAQs
Updated version published, replaces version from
Contactless Payments on COTS (CPoC™) Technical FAQs
Updated version published, replaces version from
AI Principles: Securing the Use of AI in Payment Environments
Artificial intelligence (AI) systems are increasingly being used within businesses to help in the creation, management, and operation of payment systems and environments. Their use is expanding beyond systems …
The AI Exchange: Innovators in Payment Security Featuring Cloud Security Alliance
.jpg)
Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for …
Beware of PCI DSS Compliance Certificates
The PCI Security Standards Council (PCI SSC) is often asked whether compliance certificates are acceptable to demonstrate an organization’s validation to the PCI Data Security Standard (PCI DSS).
…
Meet the Council’s New Regional Director, Europe
The PCI Security Standards Council (PCI SSC) is pleased to welcome its newest team member, Úna Dillon, Regional Director, Europe. As Regional Director, Úna serves as the primary liaison …
Can unencrypted PANs be sent over e-mail, instant messaging, SMS, or chat?
No. PCI DSS Requirement 4.2.2. prohibits the sending of unprotected primary account numbers (PANs) via end-user messaging technologies, whether sent internally or over public networks. E-mail, instant messaging, SMS, and …
Are entities allowed to request that cardholder data be provided over end-user messaging technologies?
PCI DSS does not prevent the use of end-user technologies (such as email, SMS, chat, etc.) to request or receive cardholder data. However, if an end-user messaging technology is used …
Does PCI DSS allow faxing of payment card numbers?
Any cardholder data that is stored, processed, or transmitted must be protected in accordance with PCI DSS. If faxes are sent or received via modem over a traditional PSTN phone …
Authentication Guidance
Version: Authentication-Guidance
Files: 9 files in 2 versions
Document unarchived Updated from February 01, 2017 at 12:00 PM UTC to August 28, 2025 at 07:00 AM UTC
Files: 9 files in 2 versions
Document unarchived Updated from February 01, 2017 at 12:00 PM UTC to August 28, 2025 at 07:00 AM UTC
Authentication Guidance
Version: Authentication-Guidance
Files: 9 files in 2 versions
Document unarchived Updated from February 01, 2017 at 12:00 PM UTC to August 28, 2025 at 07:00 AM UTC
Files: 9 files in 2 versions
Document unarchived Updated from February 01, 2017 at 12:00 PM UTC to August 28, 2025 at 07:00 AM UTC
Authentication Guidance
Version: Authentication-Guidance
Files: 9 files in 2 versions
Document unarchived Updated from February 01, 2017 at 12:00 PM UTC to August 28, 2025 at 07:00 AM UTC
Files: 9 files in 2 versions
Document unarchived Updated from February 01, 2017 at 12:00 PM UTC to August 28, 2025 at 07:00 AM UTC
Authentication Guidance
Version: Authentication-Guidance
Files: 9 files in 2 versions
Document unarchived Updated from February 01, 2017 at 12:00 PM UTC to August 28, 2025 at 07:00 AM UTC
Files: 9 files in 2 versions
Document unarchived Updated from February 01, 2017 at 12:00 PM UTC to August 28, 2025 at 07:00 AM UTC