Latest changes to PCI SSC frequently asked questions.
The PCI Security Standards Council will make reasonable efforts to evaluate global coverage for both QSAs and ASVs, and will attempt to identify and encourage participation by qualified parties to …Payment Application Qualified Security Assessors (PA-QSAs) are qualified by the Council to validate payment applications for compliance to PA-DSS. A list of PA-QSAs is available on the Council website. A …
?Two-step? or ?multi-step? authentication is not the same as ?two-factor? or ?multi-factor?. ?Two-step? or ?multi-step? authentication involves the subsequent presentation of one or more authentication steps after the first authentication …
The PCI Security Standards Council will make reasonable efforts to evaluate global coverage for both QSAs and ASVs, and will attempt to identify and encourage participation by qualified parties to …The password requirements in PCI DSS include a minimum level of complexity and strength intended to be met by all types of organizations using a range of technologies. PCI SSC …
Whether the purchase and use of devices with expired PTS approval is acceptable beyond their expiry date and whether such devices meet the eligibility criteria for SAQ B-IP is determined …
Window of Payment Card Data Storage (section 3.1 of the Final PFI Report template) indicates:
Transport Layer Security (TLS) is a protocol that provides security over networks and is widely used for internet communications and online transactions. TLS version 1.3 introduces protocol changes that may …
PCI DSS requirements apply wherever payment card account data is stored, processed, or transmitted. While PCI DSS does not explicitly reference the use of VoIP, VoIP traffic that contains payment …
Where the entity under investigation is a merchant, all completed work products (e.g. Preliminary and Final reports) must be distributed to all participating payment brands accepted by the merchant. Where …