Latest changes to PCI SSC frequently asked questions.
No. The council will continue to offer approved device listings on our website. Any proposed changes to the PTS program discussed at the Community Meeting will have no material impact …
PCI DSS applies to any entity that stores, processes, or transmits cardholder data and any such entity is expected to comply with PCI DSS, including acquirers. However, each payment card …
PCI DSS applies to any entity that stores, processes, or transmits cardholder data and any such entity is expected to comply with PCI DSS, including issuers. However, each payment card …
The intent of the one primary function per server requirement (Requirement 2.2.1 of the PCI DSS) is to ensure that your organization's system configuration standards and related processes address server …
Organizations that participate in data preparation, manufacturing, personalizing, and/or and embossing for plastic cards are considered Service Providers for purposes of PCI DSS and should adhere to PCI DSS. However, …
All system components in the network are considered part of the cardholder data environment unless adequate network segmentation is in place that isolates systems that store, process, or transmit cardholder …
The intent of the logging requirement is to provide a full record of who did what, when, and how, so that it can be used for investigation in the event …
Please refer to the "Selecting the SAQ and Attestation that Best Apply to Your Organization" section in the PCI DSS SAQ Instructions and Guidelines document for information about the different …
Requirement 3.4 of the PCI DSS applies to mainframes that store cardholder data. If the company has legitimate business or technical constraints to meet this or any other requirement, compensating …
One-way hashing meets the intent of rendering the PAN unreadable in storage; however the hashing process and results, as well as the system(s) that perform the hashing, would still be …
