Recent FAQ Changes RSS

If the cardholder data is stored in non-persistent memory (e.g. RAM), encryption of cardholder data is not required. However, proper controls must be in place to ensure that memory maintains …

Without proper network segmentation to isolate the systems that store, process or transmit cardholder data from those that do not, all system components in that network are considered part of …

The PCI DSS is a global standard and is applicable to all entities that process, transmit or store cardholder data regardless of geographic location. Each payment brand manages their PCI …

Any payment card (credit, debit, prepaid, stored value, gift or chip) bearing the logo of one of the PCI Security Standards Council's five founding payment brands is required to be …

If the issuer confirms the cards are inactive or disabled, the PANs (Primary Account Numbers) no longer pose fraud risk to the payment system. The PCI DSS would not apply …

Questions about compliance and possible fines due to a compromise should be addressed directly to the payment card brands and/or acquirers.

Merchants or service providers are encouraged to submit feedback about their QSA/ASV through the feedback form available on our website at https://www.pcisecuritystandards.org/program-listings-overview/give_assessor_feedback/. QSAs and ASVs are contractually obligated to …

The PCI DSS is a global standard, with compliance expected of any entity that stores, processes or transmit cardholder data regardless of geographic location. Each payment brand manages their PCI …

Fees for validation services are set independently by the PA-QSAs.

The requirements for Payment Application Data Security Standard (PA-DSS) are derived from the Payment Card Industry Data Security Standard (PCI DSS). This document details what is required for a merchant …