Latest changes to PCI SSC frequently asked questions.
Yes. When a new version of PCI DSS is available and as entities transition to the newer version of PCI DSS there may be situations where an entity relies on …
Whether the inclusion of UnionPay in PCI DSS documents impacts an entity's PCI DSS assessment is determined by the PCI SSC Participating Payment Brands (American Express, Discover, JCB International, Mastercard, …
Yes. All PFI Companies are also QSA Companies. A PFI Company may provide QSA Services (as defined in the QSA Agreement) to an entity after performing a PFI investigation for …
PFI Companies must adhere to the independence requirements of the PFI program as defined in the PFI Qualification Requirements and Program Guide. Whether a PFI Company can conduct a PFI …
No. PCI DSS Requirement 4 prohibits the sending of unprotected primary account numbers (PANs) via end-user messaging technologies, whether sent internally or over public networks. E-mail, instant messaging, SMS, and …
The intent of the one primary function per server requirement (Requirement 2 of the PCI DSS) is to ensure that your organization’s system configuration standards and related processes address server …
PCI DSS Requirement 3 is not intended to apply to individual account statements sent by issuing banks to cardholders. Full PAN displays in individual account statements are not required to …
An inactive user account is one that has not been used in over 90 days. Inactive accounts are often targets for attackers since they are generally not monitored, and changes …
Yes, PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted on or by any media, including paper records. PCI DSS Requirement 9 specifically …
Yes, forms and images containing cardholder data are subject to PCI DSS. PCI DSS Requirement 3 requires that all cardholder data be rendered unreadable. It does not differentiate between how …
