Recent FAQ Changes RSS

If the ISP only provides a "pipe" for internet access, then it is not considered a service provider and is not subject to PCI DSS compliance. However, if the ISP …

PCI DSS applies to any entity that stores, processes, or transmits cardholder data. Whether entities with cardholder data on their own corporate cards need to validate compliance is determined by …

Systems that store only truncated PANs (where a segment of PAN data has been permanently removed) may be considered out of scope for PCI DSS if that system is adequately …

In general, MPLS networks are considered "private" networks and do not require encryption. This, however, is dependent upon the specific provider and/or configuration. If the IP addresses are public and …

The PCI SSC does not mandate the use of any one approach to PCI DSS compliance. The Prioritized Approach is designed as a reporting tool to help entities understand where …

The Prioritized Approach tool is intended to help guide non-compliant entities to work through the process of becoming PCI DSS compliant. The Prioritized Approach does not supersede or replace the …

The Prioritized Approach was developed to address the highest common risks first in Milestone 1, the next highest risks in Milestone 2, etc. The Prioritized Approach provides a means to …

The Prioritized Approach is not a replacement for PCI DSS; rather, it reorganizes the PCI DSS requirements into security milestones, and is designed to help organizations working towards PCI DSS …

To minimize changes to the standards, the PCI Security Standards Council (PCI SSC) has established a lifecycle approach for PCI DSS and PA-DSS, where version changes to the standards will …

The Luhn formula or Modulus 10 is the algorithm most often used to validate Primary Account Numbers (PAN). The algorithm works as follows: 1. double the value of alternate digits …