Latest changes to PCI SSC frequently asked questions.
It is not necessary for a software vendor to have payment software listed or in the process of being validated to the PCI Secure Software Standard in order to become …
PCI SSC recognizes that there may be a need for PFIs to personalize the PFI Report Templates, such as adding a company logo or add rows for more detail. However, …
No. PCI P2PE allows for P2PE component providers to formalize the process of assessing third parties. Therefore, it is not allowable to perform partial P2PE assessments and reuse (for example, …
Yes, a PCI-listed P2PE application validated to P2PE v3 can be used as part of a P2PE solution or component validated to P2PE v2. Note that the associated P2PE Program …
P2PE v2 Program Guide: Used for the assessment and management of P2PE v2 solutions, applications, and components.P2PE v3 Program Guide: Used for the assessment and management of P2PE v3 …
Only the PCI-listed P2PE v3 component types that also exist in P2PE v2 may be used in a P2PE v2 solution assessment, which are:
Yes. P2PE solutions validated to P2PE v3.0 can contain P2PE components and applications validated using P2PE v2.0. Note the P2PE v2 components are governed by the P2PE v2 Program Guide. …
Yes. P2PE applications currently listed as a valid PCI P2PE v2.0 application can be used in a PCI P2PE v3 solution or component and must be included as part of …
Yes, however, PCI SSC recommends the use of PCI-listed P2PE solutions. Reference to What effect does the use of a PCI-listed P2PE solution have on a merchant's PCI DSS validation? …
Yes. Please see the Frequently Asked Questions (FAQ) for Validation Processes for Merchant-Managed Solutions on the PCI SSC website.
