Latest changes to PCI SSC frequently asked questions.
The intent of the logging requirement is to provide a full record of who did what, when, and how, so that it can be used for investigation in the event …
Please refer to the "Selecting the SAQ and Attestation that Best Apply to Your Organization" section in the PCI DSS SAQ Instructions and Guidelines document for information about the different …
Requirement 3.4 of the PCI DSS applies to mainframes that store cardholder data. If the company has legitimate business or technical constraints to meet this or any other requirement, compensating …
One-way hashing meets the intent of rendering the PAN unreadable in storage; however the hashing process and results, as well as the system(s) that perform the hashing, would still be …
The intent of the quarterly scans as prescribed in Requirement 11.2 of the PCI DSS is to have them conducted as close to three months or 90 days apart as …
A payment application is a commercial application that stores, processes, or transmits cardholder data as part of authorization or settlement. A common example of a payment application is the software …
If a merchant has multiple processing environments, whereby one environment qualifies it to complete SAQ form A and another qualifies it to complete SAQ form B, then it is advisable …
Any cardholder data that is stored, processed, or transmitted must be protected in accordance with PCI DSS. If faxes or emails are sent or received via modem over a traditional …
The PCI SSC does not certify service providers as PCI DSS compliant. All entities that store, process or transmit cardholder data are required to comply with the PCI DSS and …
In general, frame relay can be considered private if it is dedicated to the customer's traffic. The PCI DSS requires encryption for transmission of cardholder data over public networks, not …
