Latest changes to PCI SSC frequently asked questions.
Contact details for the payment brands are provided below:
American Express
Discover - Website: http://www.discovernetwork.com/merchants/data-security/index.html - …
Contact details for the payment brands are provided below:
American Express
Discover - Website: http://www.discovernetwork.com/merchants/data-security/index.html …
The intent of this requirement is to prevent an unauthorized person from using an unattended console/PC to gain access to the user’s computer and accounts, and potentially to the company’s …
Yes, however, PCI SSC recommends the use of PCI-listed P2PE solutions. Please reference FAQ 1158 regarding the use of PCI-listed P2PE solutions regarding PCI DSS.
Merchants using encryption solutions …
No, merchants using P2PE solutions are not required to engage a P2PE assessor [that is, a QSA (P2PE) or PA-QSA (P2PE)] for their PCI DSS assessments.
Merchants using Council-listed …
The P2PE v1.1 standard applies only to third-party P2PE solutions, where all encryption and decryption operations, and all cryptographic keys, are managed by a third party solution provider, and the …
A Council-listed P2PE solution must use a PCI-approved point-of-interaction device (POI), which has been evaluated and approved via the PCI PTS program with SRED (secure reading and exchange of data) …
Generally, encrypted cardholder data stored at a third-party storage provider remains the responsibility of the storage provider?s customer who is storing the data. However, determining which party is responsible for …
No, PCI PED 1.x devices are not eligible for SRED validation, and therefore cannot be used in a PCI P2PE solution.
