Recent FAQ Changes

❓ FAQ 1035 Updated 2014-05-28T00:00:00+00:00

What is the definition of "remote access"?

The term “remote access” refers to access to a computer network from a location outside of that network.

Examples of remote access include access from the Internet, an “untrusted” …

❓ FAQ 1071 Updated 2014-05-28T00:00:00+00:00

Can the full credit card number be displayed within a browser window?

PCI DSS requirement 3.3 requires that the PAN be masked when it is displayed (for example, on screens, logs, reports, receipts), unless the viewing party has a specific business need …

❓ FAQ 1069 Updated 2014-05-28T00:00:00+00:00

Does PCI DSS apply to paper with cardholder data (for example, receipts, reports, etc.)?

Yes, PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted by any media, including paper records. PCI DSS Requirements 9.5 through 9.8 specifically …

❓ FAQ 1038 Updated 2014-05-28T00:00:00+00:00

Does PCI DSS apply to "hot cards," fraudulent, expired, cancelled or invalid card numbers?

If it has been confirmed that the cards are inactive or disabled, the PANs (Primary Account Numbers) no longer pose fraud risk to the payment system, and PCI DSS would …

❓ FAQ 1078 Updated 2014-05-28T00:00:00+00:00

Is two-factor authentication required between two different segments of an internal network?

As defined in PCI DSS Requirement 8.3, two-factor authentication is required for all remote network access that originates from outside the entity’s own network, where that remote access could lead …

❓ FAQ 1077 Updated 2014-05-28T00:00:00+00:00

How extensive must background checks be for employees who have access to cardholder data?

In general, it is expected that a company would have a policy and process for background checks, including their own decision process for which background check results would have an …

❓ FAQ 1142 Updated 2014-01-30T16:36:00+00:00