Recent FAQ Changes RSS

Refer to DSS 1.2 section describing network segmentation.

PCI DSS requirement 4.2 prohibits the sending of unprotected primary account numbers (PANs) via end-user messaging technologies, including e-mail, instant messaging and chat, whether sent internally or over public networks. …

PCI DSS requirement 8.5 (and the associated sub-requirements) applies to administrators. As such, administrators are not allowed to share passwords. The intent of requirements for unique user IDs and complex …

For the purposes of the PCI DSS, a merchant is defined as any entity that accepts payment cards bearing the logos of any of the five members of PCI SSC …

PCI DSS requirement 8.3 is intended to apply to users that have remote access to the network, where that remote access could lead to access to the cardholder data environment. …

PCI DSS requirement 12.7 states, "Screen potential employees to minimize the risk of attacks from internal sources.? It further states, "For those employees such as store cashiers who only have …

PCI DSS requirement 1.1.7 states that any risky protocols such as FTP must have documentation in place that defines the business justification for use and that appropriate security measures must …

PCI DSS requirement 4.1 states that transmission of cardholder data over a "public" network must be encrypted. This can be accomplished through protocols such as SSL or through other processes …

The current scope of the PCI Security Standards Council does not include approval or identification of businesses approved for forensics investigations. Individual payment brands will continue with their existing processes …

The address for the PCI Security Standards Council is:

PCI Security Standards Council, LLC 401 Edgewater Place, Suite 600 Wakefield, MA 01880