Latest changes to PCI SSC frequently asked questions.
The PCI Security Standards Council will make reasonable efforts to evaluate global coverage for both QSAs and ASVs, and will attempt to identify and encourage participation by qualified parties to …
The PCI Security Standards Council will not conduct forensics investigations either directly or through a third party in the event of an account compromise.
The PCI Security Standards Council does not provide information on the status of breach investigations or PCI DSS compliance efforts. The PCI Security Standards Council receives guidance from the payment …
The PCI Security Standards Council (PCI SSC) is not able to approve specific configurations or compensating controls since we are not onsite doing the assessment and are therefore not able …
The PCI Data Security Standard is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. The PCI Data …
The PCI Security Standards Council is not responsible for levying any financial or operational consequences on businesses that have either been breached or are suspected of an account data compromise. …
The PCI Security Standards Council will not list PCI DSS compliant service providers or merchants on its Web site, since each individual brand is responsible for managing their own PCI …
The PCI Security Standards Council encourages all businesses that store payment account data to comply with the PCI DSS to help lower their brand and financial risks associated with account …
No. QSAs and ASVs do not send reports of compliance or scanning results to the PCI Security Standards Council, and they should continue to follow the payment brand specific procedures.
…Each individual brand is responsible for accepting a specific recommendation of compliance from an ASV.
