Latest changes to PCI SSC frequently asked questions.
For PCI DSS assessments documented in a Self-Assessment Questionnaire (SAQ), the Self-Assessment completion date denotes the date the PCI DSS self-assessment was completed, either by the entity, or, if applicable, …
The objective of PCI DSS Requirement 6.4.3 is to ensure that unauthorized code cannot be executed in the payment page as it is rendered in the consumer's browser.
In …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant's PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
PFI Companies must adhere to the independence requirements of the PFI program as defined in the PFI Qualification Requirements and PFI Program Guide. Whether a PFI Company can conduct a …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant's PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
Yes. Where an entity wants its assessor to conduct a PCI DSS assessment against only a subset of PCI DSS requirements, it is acceptable to document this partial assessment using …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant's PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
Contact the applicable payment brands and/or acquirer (merchant bank) for more information about PCI compliance programs.
Contact details for the PCI SSC Participating Payment Brands are provided below:
…
