Latest changes to PCI SSC frequently asked questions.
All merchants, whether small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment …
The founders of the PCI Security Standards Council are American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa Inc.
The role of the Advisory Board will be to provide strategic and technical guidance to the PCI Security Standards Council, reflecting different stakeholder perspectives. The Advisory Board does not have …
To minimize changes to the standards, the PCI Security Standards Council (PCI SSC) has established a lifecycle approach for PCI DSS and PA-DSS, where major version changes to the standards …
Traditional PCI DSS compliance may not apply to payment application vendors since most vendors do not store, process, or transmit cardholder data. However, because these payment applications are used by …
Although log correlation can be a valuable tool in a company?s information security strategy, it is not a replacement for an intrusion detection system. The IDS wording in PCI DSS …
The PCI DSS requirement 4.1 states ?use strong cryptography and security protocols such as SSL / TLS/ IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.? While …
The intent of PCI DSS requirement 8.5.14 is to lock out accounts due to suspicious activity, to prevent a malicious user from gaining access to users’ accounts, by continually trying …
PCI DSS requirement 3.3 requires that the PAN be masked when it is displayed (for example, on screens, logs, reports, receipts), unless the viewing party has a specific need to …
Forms and images containing cardholder data are subject to the PCI DSS. PCI DSS requirement 3.4 requires that all cardholder data be rendered unreadable. It does not differentiate between how …
