PCI Watch - Tracking changes across the Payment Card Industry

📣 PCI SSC Communications Blog New 2023-10-18T00:00:00+00:00

Spotlight On: Cielo, a new Principal Participating Organization

Welcome Cielo, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, Cielo’s CISO Glauco Sampaio introduces us …

❓ PCI SSC FAQs FAQ #1571 Updated 2023-10-11T22:01:00+00:00

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant?s PFI Investigation and produce the PFI Final Report, with details of adequate evidence …

❓ PCI SSC FAQs FAQ #1089 Updated 2023-10-11T22:01:00+00:00

How can hashing be used to protect Primary Account Numbers (PAN) and in what circumstances can hashed PANs be considered out of scope for PCI DSS?

One-way hashing is a method that can be used to render PAN unreadable in storage. The hashing process and results, as well as the system(s) that perform the hashing, are …

📣 PCI SSC Communications Blog New 2023-10-11T00:00:00+00:00

Spotlight On: Mypinpad, a New Principal Participating Organization

Welcome Mypinpad, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, Mypinpad’s Chief Security Officer Neal Hindocha …

❓ PCI SSC FAQs FAQ #1571 Updated 2023-10-09T11:57:00+00:00

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant?s PFI Investigation and produce the PFI Final Report, with details of adequate evidence …

❓ PCI SSC FAQs FAQ #1571 Updated 2023-10-09T11:57:00+00:00

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …

❓ PCI SSC FAQs FAQ #1283 Updated 2023-10-09T11:57:00+00:00

How do PCI standards apply to organizations that develop software that runs on a consumer's device (for example, a smartphone, tablet, or laptop) and is used to accept payment card data?

If the consumer is also the cardholder and is using the device solely for their own cardholder data entry, and the software is only used by that cardholder using his …

❓ PCI SSC FAQs FAQ #1571 Updated 2023-10-09T11:56:00+00:00

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant?s PFI Investigation and produce the PFI Final Report, with details of adequate evidence …

❓ PCI SSC FAQs FAQ #1280 Updated 2023-10-09T11:56:00+00:00

Can card verification codes be stored for card-on-file or recurring transactions?

No. It is not permitted to retain card verification codes once the specific purchase or transaction for which it was collected has been authorized. Card verification codes are typically used …

❓ PCI SSC FAQs FAQ #1574 New 2023-10-09T11:55:00+00:00

If an organization provides software or functionality that runs on a consumer's device (for example, smartphones, tablets, or laptops) and is used to accept payment account data, can the organization store card verification codes for those consumers?

No. PCI DSS prohibits storage of card verification codes, for example, after transaction authorization or to facilitate potential future transactions. There are four common scenarios where organizations may want to, …

❓ PCI SSC FAQs FAQ #1571 Updated 2023-10-09T11:55:00+00:00

Recent Updates RSS

Spotlight On: Cielo, a new Principal Participating Organization

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

How can hashing be used to protect Primary Account Numbers (PAN) and in what circumstances can hashed PANs be considered out of scope for PCI DSS?

Spotlight On: Mypinpad, a New Principal Participating Organization

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

How do PCI standards apply to organizations that develop software that runs on a consumer's device (for example, a smartphone, tablet, or laptop) and is used to accept payment card data?

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Can card verification codes be stored for card-on-file or recurring transactions?

If an organization provides software or functionality that runs on a consumer's device (for example, smartphones, tablets, or laptops) and is used to accept payment account data, can the organization store card verification codes for those consumers?

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Spotlight On: Toast, A New Principal Participating Organization

Paving the Way: Inspiring Women in Payments - A Q&A featuring Ruth Barra

PCI Security Standards Council Bulletin: Updated PCI 3DS Core Technical FAQs

Important Update Issued to 3DS Core Security Standard Technical FAQs