Recent FAQ Changes RSS

The PCI SSC does not mandate the use of any one approach to PCI DSS compliance. The Prioritized Approach is designed as a reporting tool to help entities understand where …

The Prioritized Approach tool is intended to help guide non-compliant entities to work through the process of becoming PCI DSS compliant. The Prioritized Approach does not supersede or replace the …

The Prioritized Approach was developed to address the highest common risks first in Milestone 1, the next highest risks in Milestone 2, etc. The Prioritized Approach provides a means to …

The Prioritized Approach is not a replacement for PCI DSS; rather, it reorganizes the PCI DSS requirements into security milestones, and is designed to help organizations working towards PCI DSS …

To minimize changes to the standards, the PCI Security Standards Council (PCI SSC) has established a lifecycle approach for PCI DSS and PA-DSS, where version changes to the standards will …

The Luhn formula or Modulus 10 is the algorithm most often used to validate Primary Account Numbers (PAN). The algorithm works as follows: 1. double the value of alternate digits …

PCI DSS requirement 2.4 and appendix A: "PCI DSS applicability for hosting providers" is applicable to all shared hosting providers whose customers store, process, or transmit cardholder data. A shared …

For PCI DSS requirement 3.4 and protection of specific cardholder data elements, please refer to the table included in the PCI DSS on page 2 (www.pcisecuritystandards.org). The table …

The intent of PCI DSS requirement 10.3.6 is to provide the ability for an organization to identify the data, systems, or components affected when an unauthorized access attempt is being, …

PCI DSS requirement 10.2.5 requires organizations to log the use of identification and authentication mechanisms, which are typically used by administrators. These mechanisms include (but are not limited to activities …