Latest changes to PCI SSC frequently asked questions.
One-way hashing is a method that can be used to render PAN unreadable in storage. The hashing process and results, as well as the system(s) that perform the hashing, are …
The List of Validated Payment Applications on the PCI SSC website is the authoritative list of applications which have been accepted by PCI SSC as PA-DSS validated. If an application …
All changes to the software of a validated PA-DSS application must result in a new version number, even if there is no impact on PA-DSS requirements. This is necessary to …
When a PA-DSS validated payment application has expired, it is listed as acceptable only for pre-existing deployments, or in other words, for customers that have already purchased and deployed the …
As part of the annual PA-DSS revalidation process, PCI SSC will be working with application vendors to identify applications which rely or depend on unsupported software, to ensure that validated …
A PA-DSS validation is only applicable to the operating system(s) upon which the application was assessed, as reported in the ROV and as listed with the application on the PCI …
Applications which are PA-DSS validated have been assessed by a PA-QSA as meeting all PA-DSS requirements. This means the application, when properly installed and configured, is capable of supporting the …
PA-DSS Requirement 3.3.2 applies to all passwords generated or managed by the payment application that are used to authenticate access to the payment application. This requirement is not intended to …
Application version numbers may consist of any combination of alphanumeric characters to create a unique version, discernible from other versions of that payment application, based on the vendor's versioning methodology. …
No. When validating payment application compliance through a Report on Validation (ROV) you may not 'combine' requirements from multiple versions of the standard — your assessment must be to one …
