Latest changes to PCI SSC frequently asked questions.
PCI DSS is the standard for merchants and service providers to protect cardholder data. The PA-DSS and PTS device security requirements support the overall implementation of PCI DSS by allowing …
With regard to issuers or companies that support issuing services such as third party processors (TPPs), and other issuing type processors, it is recognized that such entities may have a …
The Council is looking for equivalent controls that address malware and all types of threats referenced in Requirement 5, which are often found in traditional anti-virus solutions. If another type …
The Council will be developing more formal guidance around this topic, leveraging information that is received through the various channels of the DSS lifecycle feedback process. Until further guidance is …
Overall ATM requirements are not currently included in the PTS program so there is no cause for action in this regard. The Encrypting PIN Pad category will still feature in …
The new name reflects an expanding standards program that will continue to incorporate other parts of the PIN based payment chain beyond PED and other physical devices. For example in …
No. The council will continue to offer approved device listings on our website. Any proposed changes to the PTS program discussed at the Community Meeting will have no material impact …
PCI DSS applies to any entity that stores, processes, or transmits cardholder data and any such entity is expected to comply with PCI DSS, including acquirers. However, each payment card …
PCI DSS applies to any entity that stores, processes, or transmits cardholder data and any such entity is expected to comply with PCI DSS, including issuers. However, each payment card …
The intent of the one primary function per server requirement (Requirement 2.2.1 of the PCI DSS) is to ensure that your organization?s system configuration standards and related processes address server …
