Recent FAQ Changes RSS

PCI DSS Requirement 3.3 specifies that PAN is masked when displayed and that a maximum of the first 6 and last 4 digits of the PAN can be displayed. Note …

While the PCI Security Standards Council (PCI SSC) manages the security standards and provides training for security assessors, we do not enforce compliance or define validation reporting requirements. Compliance validation …

SAQ C-VT is a self-assessment questionnaire designed for brick-and-mortar (card-present) or mail/telephone-order (card-not-present) merchants that process cardholder data via virtual terminals on personal computers connected to the Internet, and that …

The PCI Security Standards Council (PCI SSC) maintains a robust evaluation and qualification program for approved security assessors and scanning vendors. Information on becoming a qualified assessor or scan vendor …

SAQ C-VT does not replace SAQ C. Each SAQ is designed to support a different type of cardholder data environment. At a high level, SAQ C is intended for merchants …

A virtual terminal is web browser-based access to an acquirer, processor or third party service provider website to authorize payment card transactions over the Internet, where the merchant manually enters …

Network segmentation of, or isolating (segmenting), the cardholder data environment from the remainder of an entity?s network is strongly recommended as a method that may reduce the scope of a …

Revalidation Date: Annually, the software vendor is required to revalidate by completing Part 3b of the Attestation of Validation form, confirming that no changes have been made to the application …

No. If cryptographic keys are provided by the application vendor as part of the application, the keys must be unique to each customer or installation. An application that requires the …

No. In order to meet PA-DSS and PCI DSS requirements, the payment application must facilitate the customers? ability to perform key changes periodically and as required by the customer in …