Are merchants required to meet PCI DSS Requirement 12.9?
PCI DSS Requirement 12.9 applies only if the entity being assessed is a service provider. Merchants and other entities that use service providers should review PCI DSS Requirement 12.8 and …
Latest changes to PCI SSC frequently asked questions.
PCI DSS Requirement 12.9 applies only if the entity being assessed is a service provider. Merchants and other entities that use service providers should review PCI DSS Requirement 12.8 and …
Contact details for the payment brands are provided below:
American Express
Discover
- Website: http://www.discovernetwork.com/merchants/data-security/index.html
- For questions about …
Contact details for the payment brands are provided below:
American Express
Discover
- Website: http://www.discovernetwork.com/merchants/data-security/index.html - For questions about the …
Contact details for the payment brands are provided below:
American Express
Discover
- Website: http://www.discovernetwork.com/merchants/data-security/index.html - For questions about the …
There is a distinct difference in terms of payment acceptance between Direct Post & iFrames/redirects, which is why there are different SAQs. In a Direct Post implementation, the merchant website …
A payment application is required to restrict administrative access and access to cardholder data to authenticated (Requirement 3.1.4), authorized (Requirement 3.1) users. Where users authenticate to the payment application using …
PA-DSS Requirement 3.3.2 applies to all passwords generated or managed by the payment application that are used to authenticate access to the payment application. This requirement is not intended to …
Yes; PA-DSS v3.0 requires that a strong, one-way cryptographic algorithm with a unique input variable be used to render all payment application passwords unreadable during storage. This meets the intent …
PCI SSC does not require that an entity's assessor go onsite to the entity's service providers and retest PCI DSS requirements that have already been validated and are covered under …
If the consumer is also the cardholder and is using the device solely for his/her own cardholder data entry, and the application can only be used by that cardholder using …