Recent FAQ Changes RSS

The intent of the quarterly scans as prescribed in Requirement 11.2 of the PCI DSS is to have them conducted as close to three months or 90 days apart as …

A payment application is a commercial application that stores, processes, or transmits cardholder data as part of authorization or settlement. A common example of a payment application is the software …

If a merchant has multiple processing environments, whereby one environment qualifies it to complete SAQ form A and another qualifies it to complete SAQ form B, then it is advisable …

Any cardholder data that is stored, processed, or transmitted must be protected in accordance with PCI DSS. If faxes or emails are sent or received via modem over a traditional …

The PCI SSC does not certify service providers as PCI DSS compliant. All entities that store, process or transmit cardholder data are required to comply with the PCI DSS and …

In general, frame relay can be considered private if it is dedicated to the customer's traffic. The PCI DSS requires encryption for transmission of cardholder data over public networks, not …

If the ISP only provides a "pipe" for internet access, then it is not considered a service provider and is not subject to PCI DSS compliance. However, if the ISP …

PCI DSS applies to any entity that stores, processes, or transmits cardholder data. Whether entities with cardholder data on their own corporate cards need to validate compliance is determined by …

Systems that store only truncated PANs (where a segment of PAN data has been permanently removed) may be considered out of scope for PCI DSS if that system is adequately …

In general, MPLS networks are considered "private" networks and do not require encryption. This, however, is dependent upon the specific provider and/or configuration. If the IP addresses are public and …