Latest changes to PCI SSC frequently asked questions.
Several PCI DSS requirements specify that a security activity is to be performed periodically or at a defined frequency. If an entity fails to perform the control on one or …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant's PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
Where a third-party service provider (TPSP) receives and/or stores only data encrypted by another entity, and where they do not have the ability to decrypt the data, the TPSP may …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
No. PCI SSC does not provide a list of PCI DSS-compliant third-party service providers (TPSPs), nor does PCI SSC manage a program to recognize compliant TPSPs.PCI DSS is intended for …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant's PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
Encryption of cardholder data with strong cryptography is an acceptable method of rendering the data unreadable according to PCI DSS Requirement 3.5.1. However, encryption alone is insufficient to render the …
