Latest changes to PCI SSC frequently asked questions.
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant's PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
One-way hashing is a method that can be used to render PAN unreadable in storage. The hashing process and results, as well as the system(s) that perform the hashing, are …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant's PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
If the consumer is also the cardholder and is using the device solely for their own cardholder data entry, and the software is only used by that cardholder using his …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant's PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
No. It is not permitted to retain card verification codes once the specific purchase or transaction for which it was collected has been authorized. Card verification codes are typically used …
No. PCI DSS prohibits storage of card verification codes, for example, after transaction authorization or to facilitate potential future transactions. There are four common scenarios where organizations may want to, …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant's PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
