Latest changes to PCI SSC frequently asked questions.
PCI-listed P2PE solutions (and applicable P2PE components) are allowed toreassess their existing PCI P2PE approval with expired PTS POI devices for up to, but not exceeding, 5 years past the …
A high-level summary of expiry dates for each version of the PTS POI Security Requirements is provided below. Full details can be found in the PCI PTS Device Testing and …
While PCI DSS does not require that PCI PTS-approved devices be used, some payment brands have their own requirements for using PTS-approved devices, including whether PTS devices with expired approvals …
No, PCI DSS Requirement 9.9 does not require devices to be fixed in place or physically attached to a surface. Requirement 9.9 and its three sub-requirements address three areas of …
PCI DSS Requirement 3.2 prohibits storage of sensitive authentication data (SAD), including card validation codes and values, after authorization even if the data is encrypted. Storage of card validation codes …
No, PCI SSC does not provide a list of PCI DSS-compliant service providers, nor does PCI SSC certify service providers as PCI DSS compliant.
PCI DSS is applicable to …
As described in PCI DSS Requirement 8.3, multi-factor authentication (previously referred to as two-factor authentication) is required for all remote network access that originates from outside the entity's own network, …
As described in PCI DSS Requirement 8.3, multi-factor authentication (previously referred to as two-factor authentication) is required for all remote network access that originates from outside the entity’s own network, …
While PCI DSS does not require that PCI PTS-approved devices be used, some payment brands have their own requirements for using PTS-approved devices, including whether PTS devices with expired approvals …
Acquirers, on behalf of the payment brands, are responsible for determining the PCI DSS validation and reporting method of their merchant customers, including how compliance is to be evidenced?for example, …
