Latest changes to PCI SSC frequently asked questions.
Events such as these should be accounted for in any service contract you sign with a software vendor. The Council requires that approved PA-QSAs carry appropriate liability insurance.
Entities wishing to have early access and input into the PCI security standards are required to join the Council as a participating organization. Non-Participating Organizations will not have access to …
Refer to DSS 1.2 section describing network segmentation.
PCI DSS requirement 4.2 prohibits the sending of unprotected primary account numbers (PANs) via end-user messaging technologies, including e-mail, instant messaging and chat, whether sent internally or over public networks. …
PCI DSS requirement 8.5 (and the associated sub-requirements) applies to administrators. As such, administrators are not allowed to share passwords. The intent of requirements for unique user IDs and complex …
For the purposes of the PCI DSS, a merchant is defined as any entity that accepts payment cards bearing the logos of any of the five members of PCI SSC …
PCI DSS requirement 8.3 is intended to apply to users that have remote access to the network, where that remote access could lead to access to the cardholder data environment. …
PCI DSS requirement 12.7 states, ?Screen potential employees to minimize the risk of attacks from internal sources.? It further states, ?For those employees such as store cashiers who only have …
PCI DSS requirement 1.1.7 states that any risky protocols such as FTP must have documentation in place that defines the business justification for use and that appropriate security measures must …
PCI DSS requirement 4.1 states that transmission of cardholder data over a ?public? network must be encrypted. This can be accomplished through protocols such as SSL or through other processes …
