Latest changes to PCI SSC frequently asked questions.
PCI DSS requirement 8.3 is intended to apply to users that have remote access to the network, where that remote access could lead to access to the cardholder data environment. …
PCI DSS requirement 12.7 states, "Screen potential employees to minimize the risk of attacks from internal sources.? It further states, "For those employees such as store cashiers who only have …
PCI DSS requirement 1.1.7 states that any risky protocols such as FTP must have documentation in place that defines the business justification for use and that appropriate security measures must …
PCI DSS requirement 4.1 states that transmission of cardholder data over a "public" network must be encrypted. This can be accomplished through protocols such as SSL or through other processes …
The current scope of the PCI Security Standards Council does not include approval or identification of businesses approved for forensics investigations. Individual payment brands will continue with their existing processes …
The address for the PCI Security Standards Council is:
PCI Security Standards Council, LLC 401 Edgewater Place, Suite 600 Wakefield, MA 01880
For media inquiries or to request an interview, please send an email message to press@pcisecuritystandards.org.
The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. Initially created by aligning Visa’s Account Information …
Merchants should contact the acquiring financial institutions with whom they have merchant agreements (for example, their merchant bank) to determine whether they must validate compliance and the specific requirements for …
Because PCI SSC does not have a contractual relationship with merchants, financial institutes, processors, etc., PCI SSC cannot be the central repository for this information. The Council's focus is to …
