Recent FAQ Changes

❓ FAQ 1571 Updated 2024-02-28T00:16:00+00:00

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …

❓ FAQ 1158 Updated 2024-02-28T00:16:00+00:00

What effect does the use of a PCI-listed P2PE solution have on a merchant's PCI DSS validation?

A PCI-listed P2PE solution can significantly reduce the number of PCI DSS requirements applicable to a merchant's cardholder data environment. However, it does not completely remove the applicability of PCI …

❓ FAQ 1571 Updated 2024-02-27T21:54:00+00:00

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …

❓ FAQ 1571 Updated 2024-02-27T21:54:00+00:00

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant's PFI Investigation and produce the PFI Final Report, with details of adequate evidence …

❓ FAQ 1221 Updated 2024-02-27T21:54:00+00:00

To which types of service providers does PCI DSS Appendix A1 apply?

All service providers are responsible for meeting PCI DSS requirements for their environments as applicable to the services offered to their customers. In addition, PCI DSS Appendix A1: Additional PCI …

❓ FAQ 1571 Updated 2024-02-27T21:31:00+00:00

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …

❓ FAQ 1290 Updated 2024-02-27T21:31:00+00:00

If an entity uses a third-party service provider (TPSP) that has been validated as PCI DSS compliant, is the entity's assessor required to go onsite to the TPSP's location and retest the PCI DSS requirements?

No. PCI SSC does not require that an entity’s assessor go onsite to the entity’s TPSP and retest PCI DSS requirements that have already been covered in the TPSP’s current …

❓ FAQ 1576 New 2024-02-26T23:41:00+00:00

Recent FAQ Changes RSS

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

What effect does the use of a PCI-listed P2PE solution have on a merchant's PCI DSS validation?

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

To which types of service providers does PCI DSS Appendix A1 apply?

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

If an entity uses a third-party service provider (TPSP) that has been validated as PCI DSS compliant, is the entity's assessor required to go onsite to the TPSP's location and retest the PCI DSS requirements?

What evidence is a TPSP expected to provide to customers to demonstrate PCI DSS compliance?

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?