Latest changes to PCI SSC frequently asked questions.
?Two-step? or ?multi-step? authentication is not the same as ?two-factor? or ?multi-factor?. ?Two-step? or ?multi-step? authentication involves the subsequent presentation of one or more authentication steps after the first authentication …
The PCI Security Standards Council will make reasonable efforts to evaluate global coverage for both QSAs and ASVs, and will attempt to identify and encourage participation by qualified parties to …The password requirements in PCI DSS include a minimum level of complexity and strength intended to be met by all types of organizations using a range of technologies. PCI SSC …
Whether the purchase and use of devices with expired PTS approval is acceptable beyond their expiry date and whether such devices meet the eligibility criteria for SAQ B-IP is determined …
Window of Payment Card Data Storage (section 3.1 of the Final PFI Report template) indicates:
Transport Layer Security (TLS) is a protocol that provides security over networks and is widely used for internet communications and online transactions. TLS version 1.3 introduces protocol changes that may …
PCI DSS requirements apply wherever payment card account data is stored, processed, or transmitted. While PCI DSS does not explicitly reference the use of VoIP, VoIP traffic that contains payment …
Where the entity under investigation is a merchant, all completed work products (e.g. Preliminary and Final reports) must be distributed to all participating payment brands accepted by the merchant. Where …
All PFI Companies are also QSA Companies. A PFI Company may provide QSA Services (as defined in the QSA Agreement) to an entity after performing a PFI investigation for that …
Contact the payment brands and/or acquirer (merchant bank) for more information about PCI compliance programs.
Contact details for the payment brands are provided below:
American Express
…