Latest changes to PCI SSC frequently asked questions.
Payment terminals (sometimes referred to as point-of-sales systems, point-of-interaction devices, or payment devices) are physical devices that capture payment card data to process transactions. Because these devices are directly involved …
Encryption of cardholder data with strong cryptography is an acceptable method of rendering the data unreadable according to PCI DSS Requirement 3.5.1. However, encryption alone is insufficient to render the …
Where a third-party service provider (TPSP) receives and/or stores only data encrypted by another entity, and where they do not have the ability to decrypt the data, the TPSP may …
One-way hashing is a method that can be used to render PAN unreadable in storage. The hashing process and results, as well as the system(s) that perform the hashing, are …
The List of Validated Payment Applications on the PCI SSC website is the authoritative list of applications which have been accepted by PCI SSC as PA-DSS validated. If an application …
All changes to the software of a validated PA-DSS application must result in a new version number, even if there is no impact on PA-DSS requirements. This is necessary to …
When a PA-DSS validated payment application has expired, it is listed as acceptable only for pre-existing deployments, or in other words, for customers that have already purchased and deployed the …
As part of the annual PA-DSS revalidation process, PCI SSC will be working with application vendors to identify applications which rely or depend on unsupported software, to ensure that validated …
A PA-DSS validation is only applicable to the operating system(s) upon which the application was assessed, as reported in the ROV and as listed with the application on the PCI …
