Latest changes to PCI SSC frequently asked questions.
Organizations that participate in data preparation, manufacturing, personalizing, and/or and embossing for plastic cards are considered Service Providers for purposes of PCI DSS and should adhere to PCI DSS. However, …
All system components in the network are considered part of the cardholder data environment unless adequate network segmentation is in place that isolates systems that store, process, or transmit cardholder …
The intent of the logging requirement is to provide a full record of who did what, when, and how, so that it can be used for investigation in the event …
Please refer to the ?Selecting the SAQ and Attestation that Best Apply to Your Organization? section in the PCI DSS SAQ Instructions and Guidelines document for information about the different …
Requirement 3.4 of the PCI DSS applies to mainframes that store cardholder data. If the company has legitimate business or technical constraints to meet this or any other requirement, compensating …
One-way hashing meets the intent of rendering the PAN unreadable in storage; however the hashing process and results, as well as the system(s) that perform the hashing, would still be …
The intent of the quarterly scans as prescribed in Requirement 11.2 of the PCI DSS is to have them conducted as close to three months or 90 days apart as …
A payment application is a commercial application that stores, processes, or transmits cardholder data as part of authorization or settlement. A common example of a payment application is the software …
If a merchant has multiple processing environments, whereby one environment qualifies it to complete SAQ form A and another qualifies it to complete SAQ form B, then it is advisable …
Any cardholder data that is stored, processed, or transmitted must be protected in accordance with PCI DSS. If faxes or emails are sent or received via modem over a traditional …
