Latest changes to PCI SSC frequently asked questions.
An entity that receives and stores only truncated PAN does not need to consider this storage of cardholder data for the purposes of the SAQ eligibility criteria.
Merchants must …
Yes, encrypted cardholder data is considered cardholder data for the purposes of the SAQ eligibility criteria.
Merchants must meet all the defined eligibility criteria for a particular SAQ in …
Each payment brand determines their own compliance validation requirements, which may include specific requirements for companies comprised of multiple or separate entities. Organizations should contact their acquirer (merchant bank) and/or …
It is recommended that you discuss any concerns you have with the merchant in question. In many cases, once merchants have become aware of issues identified to them by their …
PCI DSS does not define minimum or maximum times for which cardholder data may be stored. PCI DSS Requirement 3.1 specifies that a data retention and disposal policy must be …
Yes. These values are typically used for card-not-present (CNP) transactions, where the card is not physically present at the merchant location (for example, during e-commerce or mail order/telephone order transactions). …
PCI DSS Requirements 11.2 and 11.3 address internal and external vulnerability scans and penetration testing respectively, including that they need to be performed after a significant change to the environment. …
Contact details for the payment brands are provided below:
American Express
Discover - Website: …
Contact details for the payment brands are provided below:
American Express
Discover - Website: http://www.discovernetwork.com/merchants/data-security/index.html …
Contact details for the payment brands are provided below:
American Express
Discover - Website: http://www.discovernetwork.com/merchants/data-security/index.html - …
