Latest changes to PCI SSC frequently asked questions.
Yes, per the Final PFI Report template instructions, the report template must be completed fully. Therefore, all fields are mandatory; any exceptions must be discussed with and approved by the …
P2PE Solutions and applicable P2PE Components undergoing an initial assessment (i.e., they are not performing a reassessment on an existing PCI P2PE approval listing) must use non-expired HSMs (i.e., not …
An assessor that is listed as a QSA for PCI DSS and QPA for PCI PIN on the PCI SSC website may be eligible to perform both types of assessments, …
The "Date of Report" indicates the completion date of the ROC, and therefore must be no earlier than the date on which the QSA completed collection and validation of corresponding …
Merchants eligible to complete SAQ A are e-commerce or mail-order/telephone-order (MOTO) merchants that outsource all payment processing and do not store, process or transmit cardholder data on their premises or …
The password requirements in PCI DSS include a minimum level of complexity and strength intended to be met by all types of organizations using a range of technologies. PCI SSC …
Merchants eligible to complete SAQ A are e-commerce or mail-order/telephone-order (MOTO) merchants that outsource all payment processing and do not store, process or transmit cardholder data on their premises or …
The password requirements in PCI DSS include a minimum level of complexity and strength intended to be met by all types of organizations using a range of technologies. PCI SSC …
?Two-step? or ?multi-step? authentication is not the same as ?two-factor? or ?multi-factor?. ?Two-step? or ?multi-step? authentication involves the subsequent presentation of one or more authentication steps after the first authentication …
No. PA-DSS version 1.2.1 is expired. New application validations using PA-DSS 1.2.1 and changes for existing listings using PA-DSS 1.2.1 are no longer accepted. In addition, applications validated using PA-DSS …
