Latest changes to PCI SSC frequently asked questions.
The Council is looking for equivalent controls that address malware and all types of threats referenced in Requirement 5, which are often found in traditional anti-virus solutions. If another type …
The Council will be developing more formal guidance around this topic, leveraging information that is received through the various channels of the DSS lifecycle feedback process. Until further guidance is …
Overall ATM requirements are not currently included in the PTS program so there is no cause for action in this regard. The Encrypting PIN Pad category will still feature in …
The new name reflects an expanding standards program that will continue to incorporate other parts of the PIN based payment chain beyond PED and other physical devices. For example in …
No. The council will continue to offer approved device listings on our website. Any proposed changes to the PTS program discussed at the Community Meeting will have no material impact …
PCI DSS applies to any entity that stores, processes, or transmits cardholder data and any such entity is expected to comply with PCI DSS, including acquirers. However, each payment card …
PCI DSS applies to any entity that stores, processes, or transmits cardholder data and any such entity is expected to comply with PCI DSS, including issuers. However, each payment card …
The intent of the one primary function per server requirement (Requirement 2.2.1 of the PCI DSS) is to ensure that your organization's system configuration standards and related processes address server …
Organizations that participate in data preparation, manufacturing, personalizing, and/or and embossing for plastic cards are considered Service Providers for purposes of PCI DSS and should adhere to PCI DSS. However, …
All system components in the network are considered part of the cardholder data environment unless adequate network segmentation is in place that isolates systems that store, process, or transmit cardholder …
