How do I contact the payment card brands?
Contact details for the payment brands are provided below:
American Express
- Website: http://www.americanexpress.com/datasecurity
- Email: AmericanExpressCompliance@trustwave.com
Discover - Website: …
Recent FAQ Changes RSS
Latest changes to PCI SSC frequently asked questions.
How do I contact the payment card brands?
Contact details for the payment brands are provided below:
American Express
- Website: www.americanexpress.com/datasecurity
- Email: AmericanExpressCompliance@trustwave.com
Discover - Website: http://www.discovernetwork.com/merchants/data-security/index.html - …
How do I contact the payment card brands?
Contact details for the payment brands are provided below:
American Express
- Website: www.americanexpress.com/datasecurity
- Email: AmericanExpressCompliance@trustwave.com
Discover - Website: http://www.discovernetwork.com/merchants/data-security/index.html - …
What is the difference between masking and truncation?
Masking is addressed in PCI DSS Requirement 3.3, whereas truncation is one of several options specified to meet PCI DSS Requirement 3.4.
Masking is a method of concealing a …
Does PCI DSS Requirements 10.2 and 10.3 mean that both database and application logging is required?
The intent of the PCI DSS logging requirements is to provide a full record of who did what, where, when, and how, so it can be used for investigation in …
Can I fax payment card numbers and still be PCI DSS Compliant?
Any cardholder data that is stored, processed, or transmitted must be protected in accordance with PCI DSS. If faxes or emails are sent or received via modem over a traditional …
Do shared hosting providers need to comply with PCI DSS?
PCI DSS requirement 2.6 and Appendix A: ?Additional PCI DSS Requirements for Shared Hosting Providers? is applicable to all shared hosting providers whose customers store, process, or transmit cardholder data. …
Does cardholder name, expiration date, etc. need to be rendered unreadable if stored in conjunction with the PAN (Primary Account Number)?
For information about protecting different elements of cardholder data (CHD), please refer to the tables provided in the ?PCI DSS Applicability Information? section in the PCI DSS. The tables illustrates …
Can you provide clarification for logging/audit trail per PCI DSS requirements 10.2.5 and 10.2.6?
PCI DSS requirement 10.2.5 requires organizations to log the use of and changes to identification and authentication mechanisms. These mechanisms include activities such as creation of new accounts and elevation …
What are system-level objects, as used in PCI DSS Requirement 10?
A system-level object is anything on a computer system required for its operation, including, but not limited to, database tables, stored procedures, application executables and configuration files, system configuration files, …