Latest changes to PCI SSC frequently asked questions.
The PCI Security Standards Council will make reasonable efforts to evaluate global coverage for both QSAs and ASVs, and will attempt to identify and encourage participation by qualified parties to …| The PCI Security Standards Council will make reasonable efforts to evaluate global coverage for both QSAs and ASVs, and will attempt to identify and encourage participation by … |
No, the PCI Security Standards Council will not be replacing the individual brands' compliance programs. The individual participating payment brands will separately determine what entities must be compliant, including any …
PCI DSS Requirement 3.3 specifies that PAN is masked when displayed and that a maximum of the first 6 and last 4 digits of the PAN can be displayed. Note …
| PCI DSS requirement 8.5 (and the associated sub-requirements) applies to administrators. As such, administrators are not allowed to share passwords. The intent of requirements for unique user … |
SAQ C-VT does not replace SAQ C. Each SAQ is designed to support a different type of cardholder data environment. At a high level, SAQ C is intended for merchants …
While some ASVs may report DoS vulnerabilities as relatively high risks, the PCI SSC has clearly instructed ASVs to not consider this vulnerability when determining compliance of the ASV scan …
No. In order to meet PA-DSS and PCI DSS requirements, the payment application must facilitate the customers' ability to perform key changes periodically and as required by the customer in …
No. If cryptographic keys are provided by the application vendor as part of the application, the keys must be unique to each customer or installation. An application that requires the …
If the ISP only provides a "pipe" for internet access, then it is not considered a service provider and is not subject to PCI DSS compliance. However, if the ISP …