Latest changes to PCI SSC frequently asked questions.
No. The "Compliant but with Legal exception" option in Part 3 of an Attestation of Compliance (AOC) allows an entity to document that they could not implement one or more …
An initial assessment is an entity?s first formal PCI DSS assessment that results in the submission of a compliance validation document. Examples of validation documents include an Attestation of Compliance …
No, they are no longer considered validated. However, please contact the payment brands regarding the use of P2PE Solutions on the P2PE Expired List (How do I contact the …
Yes, P2PE solutions with dates shown as red or orange are considered validated P2PE solutions and meet the eligibility criteria for SAQ P2PE. Dates shown in colors on the PCI …
P2PE solutions on the PCI list of Point-to-Point Encryption Solutions with Expired Validations are no longer considered "validated" per the P2PE Program Guide. Because these P2PE solution providers did not …
SAQ P2PE is intended for SAQ-eligible merchants or merchant environments (as determined by the individual payment card brands), that process cardholder data only via a validated PCI-listed P2PE solution. Whether …
No, they are no longer considered validated. However, please contact the payment brands regarding the use of P2PE Solutions on the P2PE Expired List (How do I contact the …
Contact the payment brands and/or acquirer (merchant bank) for more information about PCI compliance programs.
Contact details for the payment brands are provided below:
| American Express | …
Attestation documents, including AOCs, AOVs, and program-related attestations, that are provided by the PCI SSC require an assessor's signature. The assessor's signature signifies the individual has knowledge, approval, and acceptance …
P2PE v2 Program Guide: Used for the assessment and management of P2PE v2 solutions, applications, and components.P2PE v3 Program Guide: Used for the assessment and management of P2PE v3 …
